AWS vpc documentation change
Summary
Expanded CloudTrail logging documentation with specific API call examples and default resource tracking
Security assessment
Adds details about security-relevant API monitoring capabilities but does not address a specific vulnerability. Enhances audit capability documentation.
Diff
diff --git a/vpc/latest/userguide/monitoring.md b/vpc/latest/userguide/monitoring.md index 38b531f14..b936933eb 100644 --- a//vpc/latest/userguide/monitoring.md +++ b//vpc/latest/userguide/monitoring.md @@ -42 +42,16 @@ You can use Network Access Analyzer to understand network access to your resourc -You can use AWS CloudTrail to capture detailed information about the calls made to the Amazon VPC API. You can use the generated CloudTrail logs to determine which calls were made, the source IP address where the call came from, who made the call, when the call was made, and so on. For more information, see [Log Amazon EC2 API calls using AWS CloudTrail](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitor-with-cloudtrail.html) in the _Amazon EC2 User Guide_. +AWS CloudTrail logs API calls for Amazon VPC, such as: + + * Which API calls were made (such as actions like creating or modifying VPC resources) + + * The source IP address of the call + + * Who made the call + + * When the call was made + + + + +Separate logs are created for `CreateVpc`, `DeleteVpc` and `CreateDefaultVpc` actions. These logs also include the default resources (like any default internet gateways or default security groups) created and associated with the VPC. + +For more information, see [Log Amazon EC2 API calls using AWS CloudTrail](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitor-with-cloudtrail.html) in the _Amazon EC2 User Guide_.