AWS AmazonS3 documentation change
Summary
Added note about DeleteObjects event logging behavior in CloudTrail
Security assessment
Clarifies logging behavior but does not address security vulnerabilities or introduce new security features
Diff
diff --git a/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md b/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md index 7168f7dcf..918bbc6cb 100644 --- a//AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md +++ b//AmazonS3/latest/userguide/cloudtrail-logging-s3-info.md @@ -176,0 +177,2 @@ By default, CloudTrail logs S3 bucket-level API calls that were made in the last +If you are logging data activity with AWS CloudTrail, the event record for an Amazon S3 `DeleteObjects` data event includes both the `DeleteObjects` event and a `DeleteObject` event for each object deleted as part of that operation. You can exclude the additional visibility about deleted objects from the event record. For more information, see [AWS CLI examples for filtering data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-deleteobjects) in the _AWS CloudTrail User Guide._ +