Amazon CloudWatch has announced a major upgrade that brings together operational, security, and compliance log data in one place, integrated within a single data store, thereby simplifying management, reducing duplication, and allowing for powerful analytics in a single location. The platform now natively consumes logs from AWS services like CloudTrail, VPC Flow Logs, WAF, Route 53, as well as third-party sources such as CrowdStrike, SentinelOne, Okta, and Microsoft 365, normalizes them using standard schemas like OCSF and OpenTelemetry, and stores them in Apache Iceberg-compatible S3 Tables.
Also Read: Skyflow Introduces Runtime AI Data Security for Amazon AgentCore and Quick Suite
At the heart of the design is letting teams query data via CloudWatch Logs Insights or tools such as Amazon Athena, SageMaker, or Redshift, and correlate security, operations, and business data across accounts and regions. The update does away with multiple data stores or complex ETL pipelines, which in return cuts costs and speeds up insights, adding what AWS calls “flexible and powerful analytics in one place and with reduced data duplication and costs.”