Skip to main content

Prerequisites

  • AWS account with CloudTrail enabled and logs stored in S3
  • Terraform 1.0+ (or OpenTofu)
  • Anyshift API token (generate one from the AWS integration page)

How It Works

The Anyshift Forwarder is a Lambda function that:
  1. Triggers automatically when new CloudTrail logs are written to S3
  2. Parses and processes the CloudTrail events
  3. Forwards the events to Anyshift for analysis and visualization

Installation

Step 1: Store Your API Token

Create a secret in AWS Secrets Manager to store your Anyshift API token:
Replace YOUR_API_TOKEN with your token from the AWS integration page.

Step 2: Clone the Terraform Module

Step 3: Configure Variables

Create a terraform.tfvars file:

Step 4: Deploy

Configuration Options

Lambda Layer ARN

Use the following ARN format, replacing {REGION} with your AWS region:
Check the releases page for the latest version. Supported regions: us-east-1, us-east-2, us-west-1, us-west-2, eu-west-1, eu-west-2, eu-west-3, eu-central-1, eu-north-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, ca-central-1

Validate Installation

Check that the Lambda function is deployed:
View Lambda logs:

Permissions

The Lambda function requires the following permissions:
  • S3: Read access to your CloudTrail bucket
  • Secrets Manager: Read access to the API token secret
  • KMS: Decrypt permission (only if using KMS-encrypted bucket)
  • CloudWatch Logs: Write access for logging
All permissions are automatically configured by the Terraform module.

Upgrade

To upgrade to the latest version:
When using Lambda layers, simply update the lambda_layer_arn to the latest version from the releases page.

Uninstall

Source Code

The Anyshift Forwarder is open source. View the source code, report issues, or contribute:

GitHub Repository

View source code and releases