AWS security-lake documentation change
Summary
Added example queries with time filters aligned with retention periods
Security assessment
Provides implementation examples for retention-aware queries but doesn't disclose or address security vulnerabilities. Supports proper use of security features without indicating a security defect.
Diff
diff --git a/security-lake/latest/userguide/subscriber-query-examples1.md b/security-lake/latest/userguide/subscriber-query-examples1.md index 1f60316d1..83683a3df 100644 --- a/security-lake/latest/userguide/subscriber-query-examples1.md +++ b/security-lake/latest/userguide/subscriber-query-examples1.md @@ -10,0 +11,12 @@ The following section provides guidance on querying data from Security Lake and +The following queries include time-based filters using `eventDay` to ensure your query is within the configured retention settings. For more information, see [Querying data with retention settings](./subscriber-query-examples.html#security-lake-retention-setting-query-data). + +For example, if data older than 60 days has expired, your queries should include time constraints to prevent accessing expired data. For a 60-day retention period, include the following clause in your query: + + + ... + WHERE eventDay BETWEEN cast(date_format(current_date - INTERVAL '59' day, '%Y%m%d') AS varchar) + AND cast(date_format(current_date, '%Y%m%d') AS varchar) + ... + +This clause uses 59 days (rather than 60) to avoid any data or time overlap between Amazon S3 and Apache Iceberg. +