AWS Security ChangesHomeSearch

AWS security-lake documentation change

Service: security-lake · 2025-03-30 · Documentation low

File: security-lake/latest/userguide/subscriber-query-examples2.md

Summary

Added guidance on using time-based filters with eventDay to comply with data retention settings and avoid querying expired data

Security assessment

The change provides best practices for querying within retention periods to prevent accidental access to expired data, which is a security hygiene measure. However, there's no evidence of addressing a specific security vulnerability.

Diff

diff --git a/security-lake/latest/userguide/subscriber-query-examples2.md b/security-lake/latest/userguide/subscriber-query-examples2.md
index c5a0d6a33..0985c0067 100644
--- a/security-lake/latest/userguide/subscriber-query-examples2.md
+++ b/security-lake/latest/userguide/subscriber-query-examples2.md
@@ -14,0 +15,11 @@ The Lake Formation data lake administrator must grant `SELECT` permissions on th
+The following queries include time-based filters using `eventDay` to ensure your query is within the configured retention settings. For more information, see [Querying data with retention settings](./subscriber-query-examples.html#security-lake-retention-setting-query-data). 
+
+For example, if data older than 60 days has expired, your queries should include time constraints to prevent accessing expired data. For a 60-day retention period, include the following clause in your query:
+    
+    
+    ...
+    WHERE time_dt > DATE_ADD('day', -59, CURRENT_TIMESTAMP)
+    ...
+
+This clause uses 59 days (rather than 60) to avoid any data or time overlap between Amazon S3 and Apache Iceberg.
+