AWS CloudTrail Lake Unveils Gen AI-powered Natural Language Query Generation

AWS has announced the preview of generative artificial intelligence (generative AI)-powered natural language query generation in AWS CloudTrail Lake. AWS CloudTrail Lake is a managed data lake designed for capturing, storing, accessing, and analyzing AWS CloudTrail activity logs to meet compliance, security, and operational needs. This new feature allows users to ask questions in natural language about activity logs (both management and data events) stored in CloudTrail Lake without requiring technical expertise in writing SQL queries or understanding the exact structure of activity events. For example, users can ask, “Tell me how many database instances are deleted without a snapshot,” and the feature will convert that question into a CloudTrail Lake query, which can then be run as-is or modified to obtain the desired event information. Natural language query generation simplifies the process of exploring AWS activity logs.

 How to Begin Using Natural Language Query Generation?

The natural language query generator utilizes generative AI to generate a pre-built SQL query from the provided prompt. Users can then opt to execute this query within the query editor of CloudTrail Lake.

In the AWS CloudTrail console, select "Query" under "Lake." The query generator is capable of generating queries only for event data stores that gather CloudTrail management and data events. Select an event data store for their CloudTrail Lake query from the dropdown list in the "Event data store" section. In the "Query generator" interface, enter the following prompt in the "Prompt" field using natural language.

• Next, select "Generate query".  Subsequently, the following SQL query is automatically generated.
• Select "Run" to view the results.

If interested in diving deeper, the user can enter the following prompt to request additional details.

• Upon selecting "Generate query" the SQL query will be generated.
• Choose Run to see the results.

With a clearer understanding of the number of errors logged in the past month, the associated service, and the root cause of each error, users can now try asking questions in plain language and run the generated queries over their logs to observe how this feature functions with their data.