AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-06-13 · Documentation low

File: AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md

Summary

Added note about DeleteObjects event logging behavior in CloudTrail

Security assessment

Clarifies logging behavior but does not address security vulnerabilities or introduce new security features

Diff

diff --git a/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md b/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md
index 7168f7dcf..918bbc6cb 100644
--- a//AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md
+++ b//AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md
@@ -176,0 +177,2 @@ By default, CloudTrail logs S3 bucket-level API calls that were made in the last
+If you are logging data activity with AWS CloudTrail, the event record for an Amazon S3 `DeleteObjects` data event includes both the `DeleteObjects` event and a `DeleteObject` event for each object deleted as part of that operation. You can exclude the additional visibility about deleted objects from the event record. For more information, see [AWS CLI examples for filtering data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-deleteobjects) in the _AWS CloudTrail User Guide._
+