AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2026-01-25 · Documentation low

File: wellarchitected/2024-06-27/framework/sec_detect_investigate_events_logs.md

Summary

Changed 'ELB' to 'Elastic Load Balancing' in log aggregation context

Security assessment

Clarifies service name in log security recommendations. No evidence of security vulnerability being addressed.

Diff

diff --git a/wellarchitected/2024-06-27/framework/sec_detect_investigate_events_logs.md b/wellarchitected/2024-06-27/framework/sec_detect_investigate_events_logs.md
index 45d946994..3c5ce1adf 100644
--- a//wellarchitected/2024-06-27/framework/sec_detect_investigate_events_logs.md
+++ b//wellarchitected/2024-06-27/framework/sec_detect_investigate_events_logs.md
@@ -34 +34 @@ Growth in AWS usage within an organization results in a growing number of distri
-To overcome these challenges, consider aggregating all relevant sources of security log data into a [Log Archive](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/log-archive.html) account as described in [Organizing Your AWS Environment Using Multiple Accounts](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/security-ou-and-accounts.html#log-archive-account). This includes all security-related data from your workload and logs that AWS services generate, such as [AWS CloudTrail](https://aws.amazon.com/cloudtrail/), [AWS WAF](https://aws.amazon.com/waf/), [ELB](https://aws.amazon.com/elasticloadbalancing/), and [Amazon Route 53](https://aws.amazon.com/route53/). There are several benefits to capturing this data in standardized locations in a separate AWS account with proper cross-account permissions. This practice helps prevent log tampering within compromised workloads and environments, provides a single integration point for additional tools, and offers a more simplified model for configuring data retention and lifecycle. Evaluate the impacts of data sovereignty, compliance scopes, and other regulations to determine if multiple security data storage locations and retention periods are required. 
+To overcome these challenges, consider aggregating all relevant sources of security log data into a [Log Archive](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/log-archive.html) account as described in [Organizing Your AWS Environment Using Multiple Accounts](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/security-ou-and-accounts.html#log-archive-account). This includes all security-related data from your workload and logs that AWS services generate, such as [AWS CloudTrail](https://aws.amazon.com/cloudtrail/), [AWS WAF](https://aws.amazon.com/waf/), [Elastic Load Balancing](https://aws.amazon.com/elasticloadbalancing/), and [Amazon Route 53](https://aws.amazon.com/route53/). There are several benefits to capturing this data in standardized locations in a separate AWS account with proper cross-account permissions. This practice helps prevent log tampering within compromised workloads and environments, provides a single integration point for additional tools, and offers a more simplified model for configuring data retention and lifecycle. Evaluate the impacts of data sovereignty, compliance scopes, and other regulations to determine if multiple security data storage locations and retention periods are required.