diff --git a/integrations/amazon-security-lake/aws-lambda.dockerfile b/integrations/amazon-security-lake/aws-lambda.dockerfile
new file mode 100644
index 0000000000000..629d5e469d44d
--- /dev/null
+++ b/integrations/amazon-security-lake/aws-lambda.dockerfile
@@ -0,0 +1,13 @@
+FROM public.ecr.aws/lambda/python:3.9
+
+# Copy requirements.txt
+COPY requirements.txt ${LAMBDA_TASK_ROOT}
+
+# Install the specified packages
+RUN pip install -r requirements.txt
+
+# Copy function code
+COPY src ${LAMBDA_TASK_ROOT}
+
+# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
+CMD [ "run.lambda_handler" ]
\ No newline at end of file
diff --git a/integrations/amazon-security-lake/logstash/pipeline/indexer-to-s3.conf b/integrations/amazon-security-lake/logstash/pipeline/indexer-to-s3.conf
index 35aed294cc794..7e7140318a1ce 100644
--- a/integrations/amazon-security-lake/logstash/pipeline/indexer-to-s3.conf
+++ b/integrations/amazon-security-lake/logstash/pipeline/indexer-to-s3.conf
@@ -10,12 +10,12 @@ input {
             "query": {
                "range": {
                   "@timestamp": {
-                     "gt": "now-1m"
+                     "gt": "now-5m"
                   }
                }
             }
       }'
-      schedule => "5/* * * * *"
+      schedule => "*/5 * * * *"
    }
 }
 
@@ -26,12 +26,12 @@ output {
    }
    s3 {
       id => "output.s3"
-      access_key_id => "${AWS_KEY}"
-      secret_access_key => "${AWS_SECRET}"
+      access_key_id => "${AWS_ACCESS_KEY_ID}"
+      secret_access_key => "${AWS_SECRET_ACCESS_KEY}"
       region => "${AWS_REGION}"
       endpoint => "http://s3.ninja:9000"
       bucket => "${AWS_BUCKET}"
-      codec => "json"
+      codec => "json_lines"
       retry_count => 0
       validate_credentials_on_root_bucket => false
       prefix => "%{+YYYY}/%{+MM}/%{+dd}"
diff --git a/integrations/amazon-security-lake/src/run.py b/integrations/amazon-security-lake/src/run.py
index 30e2fd5af553c..573de0dd6d772 100644
--- a/integrations/amazon-security-lake/src/run.py
+++ b/integrations/amazon-security-lake/src/run.py
@@ -120,3 +120,6 @@ def _test():
 if __name__ == '__main__':
     main()
     # _test()
+
+def lambda_handler(event, context):
+    return f'Hello from run.py: {event}'
diff --git a/integrations/docker/amazon-security-lake.yml b/integrations/docker/amazon-security-lake.yml
index 0a1465d2e6d81..d6121adf9ae16 100644
--- a/integrations/docker/amazon-security-lake.yml
+++ b/integrations/docker/amazon-security-lake.yml
@@ -105,6 +105,16 @@ services:
     volumes:
       - s3-data:/home/sirius/data
 
+  aws.lambda:
+    image: wazuh/indexer-security-lake-integration:lambda
+    build:
+      context: ../amazon-security-lake
+      dockerfile: ../amazon-security-lake/aws-lambda.dockerfile
+    container_name: wazuh.integration.security.lake.aws.lambda
+    hostname: wazuh.integration.security.lake.aws.lambda
+    ports:
+      - "9000:8080"
+
   wazuh-certs-generator:
     image: wazuh/wazuh-certs-generator:0.0.1
     hostname: wazuh-certs-generator