AWS Security ChangesHomeSearch

AWS awscloudtrail documentation change

Service: awscloudtrail · 2025-03-02 · Documentation low

File: awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.md

Summary

Added documentation for Amazon Bedrock session API activity logging and updated references to ARN format documentation

Security assessment

The changes add a new logging capability for Bedrock sessions and update documentation references, but there is no evidence of addressing a security vulnerability or adding security-specific features.

Diff

diff --git a/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.md
index 79b224f25..d89fe3d37 100644
--- a/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.md
+++ b/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.md
@@ -123,0 +124 @@ Amazon Bedrock | Amazon Bedrock API activity on prompts. | **Bedrock prompt** |
+Amazon Bedrock | Amazon Bedrock API activity on sessions. | **Bedrock session** | `AWS::Bedrock::Session`  
@@ -419 +420 @@ Selectors don't support the use of wildcards like `*` . To match multiple values
-       * **`resources.ARN`** \- You can use any operator with `resources.ARN`, but if you use **equals** or **does not equal** , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of `resources.type`. For more information, see [Filtering data events by resources.ARN](./filtering-data-events.html#filtering-data-events-resourcearn).
+       * **`resources.ARN`** \- You can use any operator with `resources.ARN`, but if you use **equals** or **does not equal** , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of `resources.type`.
@@ -425 +426 @@ You can't use the `resources.ARN` field to filter resource types that do not hav
-For more information about the ARN formats of data event resources, see [Actions, resources, and condition keys](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the _AWS Identity and Access Management User Guide_.
+For more information about the ARN formats of data event resources, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the _Service Authorization Reference_.
@@ -482 +483 @@ Selectors don't support the use of wildcards like `*` . To match multiple values
-       * **`resources.ARN`** \- You can use any operator with `resources.ARN`, but if you use **equals** or **does not equal** , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of `resources.type`. For more information, see [Filtering data events by resources.ARN](./filtering-data-events.html#filtering-data-events-resourcearn).
+       * **`resources.ARN`** \- You can use any operator with `resources.ARN`, but if you use **equals** or **does not equal** , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of `resources.type`.
@@ -488 +489 @@ You can't use the `resources.ARN` field to filter resource types that do not hav
-For more information about the ARN formats of data event resources, see [Actions, resources, and condition keys](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the _AWS Identity and Access Management User Guide_.
+For more information about the ARN formats of data event resources, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the _Service Authorization Reference_.