AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2025-05-10 · Documentation low

File: elasticloadbalancing/latest/application/load-balancer-access-logs.md

Summary

Updated access log field descriptions to remove references to 'elb_status_code 403' when AWS WAF blocks requests, clarifying log behavior for blocked traffic.

Security assessment

The changes correct documentation about log field values when AWS WAF blocks requests but do not introduce or modify security features. This is a documentation accuracy improvement rather than a security-related update.

Diff

diff --git a/elasticloadbalancing/latest/application/load-balancer-access-logs.md b/elasticloadbalancing/latest/application/load-balancer-access-logs.md
index a1dd9d087..54e6a3db6 100644
--- a//elasticloadbalancing/latest/application/load-balancer-access-logs.md
+++ b//elasticloadbalancing/latest/application/load-balancer-access-logs.md
@@ -145 +145 @@ client:port |  The IP address and port of the requesting client. If there is a p
-target:port |  The IP address and port of the target that processed this request. If the client didn't send a full request, the load balancer can't dispatch the request to a target, and this value is set to -. If the target is a Lambda function, this value is set to -. If the request is blocked by AWS WAF, this value is set to - and the value of elb_status_code is set to 403.  
+target:port |  The IP address and port of the target that processed this request. If the client didn't send a full request, the load balancer can't dispatch the request to a target, and this value is set to -. If the target is a Lambda function, this value is set to -. If the request is blocked by AWS WAF, this value is set to -.  
@@ -157 +157 @@ ssl_protocol |  [HTTPS listener] The SSL protocol. This value is set to - if the
-target_group_arn |  The Amazon Resource Name (ARN) of the target group.  
+target_group_arn |  The Amazon Resource Name (ARN) of the target group. If the request is blocked by AWS WAF, this value is set to -.  
@@ -166 +166 @@ request_creation_time |  The time when the load balancer received the request fr
-"target:port_list" |  A space-delimited list of IP addresses and ports for the targets that processed this request, enclosed in double quotes. Currently, this list can contain one item and it matches the target:port field. If the client didn't send a full request, the load balancer can't dispatch the request to a target, and this value is set to -. If the target is a Lambda function, this value is set to -. If the request is blocked by AWS WAF, this value is set to - and the value of elb_status_code is set to 403.  
+"target:port_list" |  A space-delimited list of IP addresses and ports for the targets that processed this request, enclosed in double quotes. Currently, this list can contain one item and it matches the target:port field. If the client didn't send a full request, the load balancer can't dispatch the request to a target, and this value is set to -. If the target is a Lambda function, this value is set to -. If the request is blocked by AWS WAF, this value is set to -.