AWS Security ChangesHomeSearch

AWS security-lake documentation change

Service: security-lake · 2025-03-30 · Documentation low

File: security-lake/latest/userguide/subscriber-query-examples1.md

Summary

Added example queries with time filters aligned with retention periods

Security assessment

Provides implementation examples for retention-aware queries but doesn't disclose or address security vulnerabilities. Supports proper use of security features without indicating a security defect.

Diff

diff --git a/security-lake/latest/userguide/subscriber-query-examples1.md b/security-lake/latest/userguide/subscriber-query-examples1.md
index 1f60316d1..83683a3df 100644
--- a/security-lake/latest/userguide/subscriber-query-examples1.md
+++ b/security-lake/latest/userguide/subscriber-query-examples1.md
@@ -10,0 +11,12 @@ The following section provides guidance on querying data from Security Lake and
+The following queries include time-based filters using `eventDay` to ensure your query is within the configured retention settings. For more information, see [Querying data with retention settings](./subscriber-query-examples.html#security-lake-retention-setting-query-data). 
+
+For example, if data older than 60 days has expired, your queries should include time constraints to prevent accessing expired data. For a 60-day retention period, include the following clause in your query:
+    
+    
+    ...
+    WHERE eventDay BETWEEN cast(date_format(current_date - INTERVAL '59' day, '%Y%m%d') AS varchar) 
+                       AND cast(date_format(current_date, '%Y%m%d') AS varchar)
+    ...
+
+This clause uses 59 days (rather than 60) to avoid any data or time overlap between Amazon S3 and Apache Iceberg.
+