How to load data from AWS CloudTrail to S3 Glue

Learn how to use Airbyte to synchronize your AWS CloudTrail data into S3 Glue within minutes.

Try Airbyte Cloud Manual method (the hard way)

Building your pipeline or Using Airbyte

Airbyte is the only open source solution empowering data teams to meet all their growing custom business demands in the new AI era.

Building in-house pipelines

Bespoke pipelines are:

Inconsistent and inaccurate data
Laborious and expensive
Brittle and inflexible

Furthermore, you will need to build and maintain Y x Z pipelines with Y sources and Z destinations to cover all your needs.

After Airbyte

Airbyte connections are:

Reliable and accurate
Extensible and scalable for all your needs
Deployed and governed your way

All your pipelines in minutes, however custom they are, thanks to Airbyte’s connector marketplace and AI Connector Builder.

Start syncing with Airbyte in 3 easy steps within 10 minutes

Set up a AWS CloudTrail connector in Airbyte

Connect to or one of 400+ pre-built or 10,000+ custom connectors through simple account authentication.

Set up S3 Glue for your extracted AWS CloudTrail data

Select where you want to import data from your source to. You can also choose other cloud data warehouses, databases, data lakes, vector databases, or any other supported Airbyte destinations.

Configure the AWS CloudTrail to S3 Glue in Airbyte

This includes selecting the data you want to extract - streams and columns -, the sync frequency, where in the destination you want that data to be loaded.

Try Airbyte Cloud Manual method (the hard way)

Take a virtual tour

Check out our interactive demo and our how-to videos to learn how you can sync data from any source to any destination.

Demo video of Airbyte Cloud

Demo video of AI Connector Builder

Talk to our team

Setup Complexities simplified!

You don’t need to put hours into figuring out how to use Airbyte to achieve your Data Engineering goals.

Simple & Easy to use Interface

Airbyte is built to get out of your way. Our clean, modern interface walks you through setup, so you can go from zero to sync in minutes—without deep technical expertise.

Guided Tour: Assisting you in building connections

Whether you’re setting up your first connection or managing complex syncs, Airbyte’s UI and documentation help you move with confidence. No guesswork. Just clarity.

Airbyte AI Assistant that will act as your sidekick in building your data pipelines in Minutes

Airbyte’s built-in assistant helps you choose sources, set destinations, and configure syncs quickly. It’s like having a data engineer on call—without the overhead.

Try Airbyte Cloud Manual method (the hard way)

What sets Airbyte Apart

Modern GenAI Workflows

Streamline AI workflows with Airbyte: load unstructured data into vector stores like Pinecone, Weaviate, and Milvus. Supports RAG transformations with LangChain chunking and embeddings from OpenAI, Cohere, etc., all in one operation.

Move Large Volumes, Fast

Quickly get up and running with a 5-minute setup that enables both incremental and full refreshes for databases of any size, seamlessly scaling to handle large data volumes. Our optimized architecture overcomes performance bottlenecks, ensuring efficient data synchronization even as your datasets grow from gigabytes to petabytes.

An Extensible Open-Source Standard

More than 1,000 developers contribute to Airbyte’s connectors, different interfaces (UI, API, Terraform Provider, Python Library), and integrations with the rest of the stack. Airbyte’s AI Connector Builder lets you edit or add new connectors in minutes.

Full Control & Security

Airbyte secures your data with cloud-hosted, self-hosted or hybrid deployment options. Single Sign-On (SSO) and Role-Based Access Control (RBAC) ensure only authorized users have access with the right permissions. Airbyte acts as a HIPAA conduit and supports compliance with CCPA, GDPR, and SOC2.

Fully Featured & Integrated

Airbyte automates schema evolution for seamless data flow, and utilizes efficient Change Data Capture (CDC) for real-time updates. Select only the columns you need, and leverage our dbt integration for powerful data transformations.

Enterprise Support with SLAs

Airbyte Self-Managed Enterprise comes with dedicated support and guaranteed service level agreements (SLAs), ensuring that your data movement infrastructure remains reliable and performant, and expert assistance is available when needed.

What our users say

Raman Singh

Tech Lead at Symend

Predictable, straightforward pricing model that simplified budgeting and significantly reduced overall spend

Learn more

Chase Zieman

Chief Data Officer

“Airbyte helped us accelerate our progress by years, compared to our competitors. We don’t need to worry about connectors and focus on creating value for our users instead of building infrastructure. That’s priceless. The time and energy saved allows us to disrupt and grow faster.”

Learn more

Rupak Patel

Operational Intelligence Manager

"With Airbyte, we could just push a few buttons, allow API access, and bring all the data into Google BigQuery. By blending all the different marketing data sources, we can gain valuable insights."

Learn more

How to Sync to Manually

Step 1: Enable AWS CloudTrail

AWS CloudTrail needs to be enabled in your AWS account to start logging API calls and other events. Go to the AWS CloudTrail console, create a new trail, and configure it to log all management and data events. Ensure that you specify an S3 bucket where CloudTrail will deliver the log files.

Step 2: Create an S3 Bucket for CloudTrail Logs

If you haven't done so already, create an S3 bucket specifically for storing CloudTrail logs. This will be the destination bucket where CloudTrail logs will be sent. Ensure the bucket has the appropriate permissions for CloudTrail to write logs to it. You can configure bucket policies to allow CloudTrail to deliver logs securely.

Step 3: Configure IAM Roles and Policies

Set up AWS Identity and Access Management (IAM) roles and policies to allow AWS Glue to access the S3 bucket containing CloudTrail logs. Create an IAM role with the necessary permissions for AWS Glue, including `s3:GetObject`, `s3:PutObject`, and `s3:ListBucket` for your specific S3 bucket.

Step 4: Set Up AWS Glue

Go to the AWS Glue console and set up a new Glue job. The Glue job will be responsible for processing the CloudTrail logs stored in S3. Define the job's IAM role, which should have the permissions created in the previous step, and specify the allocated resources.

Step 5: Create a Glue Crawler

Create a Glue Crawler to automatically infer the schema of the CloudTrail logs. Configure the crawler to look at the S3 bucket where the logs are stored. Run the crawler to populate the Glue Data Catalog with the metadata about the CloudTrail logs.

Step 6: Develop a Glue ETL Job

Develop an Extract, Transform, Load (ETL) job in AWS Glue. Write a script using Python or Scala to process the CloudTrail logs as needed. This can include transformations, filtering, or aggregating the data. Specify the source as the CloudTrail data in the Glue Data Catalog and define the target as another S3 bucket or a different storage solution.

Step 7: Schedule and Monitor Glue Jobs

Schedule the Glue job to run at desired intervals using AWS Glue's scheduling capabilities. This can be done using cron expressions directly in the Glue console. Monitor the performance and logs of the Glue job using CloudWatch to ensure data is being processed correctly and to troubleshoot any issues that arise.

By following these steps, you can efficiently move data from AWS CloudTrail to Amazon S3 and process it using AWS Glue, all within the AWS ecosystem, without relying on third-party connectors or integrations.