AWS AmazonCloudFront medium security documentation change
Summary
Added note about CloudFront Functions Key Value Store helper methods not triggering CloudTrail data events
Security assessment
Explicitly documents that Key Value Store operations lack CloudTrail logging, which impacts auditability and security monitoring. This is a security-relevant limitation that users must be aware of.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/functions-custom-methods.md b/AmazonCloudFront/latest/DeveloperGuide/functions-custom-methods.md index 011e29fd9..39fb243a1 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/functions-custom-methods.md +++ b//AmazonCloudFront/latest/DeveloperGuide/functions-custom-methods.md @@ -8,0 +9,4 @@ get() methodexists() methodmeta() method +###### Note + +Key value store helper method calls from CloudFront Functions don't trigger an AWS CloudTrail data event. These events aren't logged in the CloudTrail event history. For more information, see [Logging Amazon CloudFront API calls using AWS CloudTrail](./logging_using_cloudtrail.html). + @@ -17,4 +21 @@ Next, include the following statements in the first lines of the function code: - const kvsId = "key value store ID"; - const kvsHandle = cf.kvs(kvsId); - -Your `key value store ID` might look like the following: `a1b2c3d4-5678-90ab-cdef-EXAMPLE1` + const kvsHandle = cf.kvs();