Integrating GitHub Enterprise with AWS CloudTrail Lake

Monday, September 26th 2022 // 2 min read


AWS delivers GitHub integration for AWS CloudTrail Lake that allows you to simplify and streamline the process of consolidating activity data. This integration enables enhanced visibility across environments and applications.

GitHub’s audit log allows enterprise and organization admins to quickly review the actions performed by members of their organizations. It includes details such as who performed the action, what the action was, and when it was performed.

Earlier this year, we made GitHub audit log streaming generally available, empowering enterprise owners to set up their streaming in minutes. With audit log streaming, no audit log event will be lost. This visibility allows enterprise owners to have more knowledge about the account. The stream forwards every one of these events in near real time, and retains data for playback for up to seven days in case you need to pause data collection. You can satisfy longer term data retention goals by storing streamed events within your own data collection systems. Audit log streaming helps protect your intellectual property and maintain compliance for your organization, keeping your enterprise account secure. GitHub audit log streaming is now generally available in GitHub Enterprise Cloud, and available in public beta for GitHub Enterprise Server 3.6.

We want to ensure enterprise administrators are able to use the right tools for the job they need to do, and we understand that audit and compliance needs are critical factors in system designs. This means that we need to continue to expand the number of options available to you to stream your audit and Git events. To that end, AWS Cloud Trail Lake now supports ingesting activity logs from GitHub.

AWS CloudTrail Lake integration

AWS CloudTrail Lake, is a managed security and audit data lake that lets organizations aggregate, immutably store, and query events recorded by AWS CloudTrail. Now - AWS CloudTrail Lake supports ingesting activity logs from GitHub – and is backed by a 7-year default retention policy to help you meet compliance requirements. In a few steps, you can consolidate your GitHub audit logs together with AWS activity logs in AWS CloudTrail without having to build or manage the event data pipeline.

AWS and GitHub teamed to deliver this integration for AWS CloudTrail Lake to allow you to stream GitHub audit log to S3 and automatically consolidate it to CloudTrail Lake. By deploying this integration in your own AWS account, you can capture GitHub audit events in CloudTrail Lake and analyze them using SQL-based queries. AWS Audit Log Graphic

How to get started with the AWS CloudTrail GitHub integration

To enable the integration, you must be a GitHub Enterprise account owner and have completed the steps for Setting up streaming to Amazon S3. Once an audit log stream has been configured, follow the instructions for enabling the CloudTrail Lake integration using the reference material on the GitHub Audit Log to CloudTrail Open Audit section of the ‘aws-samples/aws-cloudtrail-lake-github-audit-log’ repository.

How to explore your GitHub Audit Logs

Once the integration is set up, you can start to run SQL-based queries in CloudTrail Lake to analyze events from your GitHub enterprise account. For example, you can capture and review activity such as users deleting repositories or switching repositories from private to public.

AWS Audit Log 2

By integrating GitHub Enterprise with AWS CloudTrail Lake, you will be able to unlock enhanced visibility across your environments and applications.

As we continue to strive to improve how developers ship and improve software, we’d love to hear from you – what part of the workflow works well, and what can we do better?


Wondering how GitHub can help your business?

Tell us more about your needs

octocaptcha spinner