unable to view session activity logs

[sudeepshiv]

Hi, I've successfully implemented the solution using version v1.1.2 and all features are working great. However, I'm encountering a minor issue: when trying to fetch the session activity logs, they appear empty. We've configured CloudTrail Lake and enabled Management API events for both read and write.

have configured:
CLOUDTRAIL_AUDIT_LOGS and passed in the ARN to the parameter.sh file, which is currently created in Delegated admin account, TEAM also deployed in the same account.

I'm not sure if I missed any other configurations. Has anyone else experienced this issue and can offer advice? @tawoyinfa

[sudeepshiv]

we managed to fix the issue by redeploying the solution directly into Management account. seems like delegated administrator dont have permission to read cloud trail lake logs and not sure why as well.

[v-sag]

I am in a similar situation; I have enabled CloudTrail Lake on the Management account and I don't want to move it to another account. So I was wondering if it is possible to deploy TEAM into another account, and somehow grant it access to the CloudTrail Lake of the Management account.

[Liltonar]

I've tried with delegated admin and a CloudTrail Lake in the "delegated admin" account, and this combination also doesn't work.

[landbaychrisburrell]

Rather than redeploying (and maybe a bit hacky), but you can change the environment variables for the 2 lambdas. Look for the lambdas with the word "logs" in them - you should have two (queryLogs and getlogs). they each set environment variables where you'll see the old/wrong cloudtrail lake ARN (at least I saw it). The env variable is called EVENT_DATA_STORE