AWS Security ChangesHomeSearch

AWS controltower documentation change

Service: controltower · 2026-03-07 · Documentation medium

File: controltower/latest/userguide/lifecycle-events.md

Summary

Added requirement for active AWS CloudTrail trail to receive AWS Control Tower lifecycle events in Amazon EventBridge

Security assessment

The change documents a security-related dependency on CloudTrail logging for event delivery, emphasizing audit trail requirements. This improves security documentation but does not address a specific vulnerability.

Diff

diff --git a/controltower/latest/userguide/lifecycle-events.md b/controltower/latest/userguide/lifecycle-events.md
index 2fe444633..e9be3315f 100644
--- a//controltower/latest/userguide/lifecycle-events.md
+++ b//controltower/latest/userguide/lifecycle-events.md
@@ -17 +17 @@ Some events logged by AWS Control Tower are _lifecycle events_. A lifecycle even
-  * Each lifecycle event also is delivered to the Amazon EventBridge and Amazon CloudWatch Events services. 
+  * Each lifecycle event also is delivered to the Amazon EventBridge and Amazon CloudWatch Events services. **Note:** To receive lifecycle events in EventBridge, you must have an active AWS CloudTrail trail with logging enabled. For more information about AWS service events delivered via AWS CloudTrail, see [AWS service events delivered via AWS CloudTrail](https://docs.aws.amazon.com//eventbridge/latest/userguide/eb-service-event-cloudtrail.html) in the Amazon EventBridge User Guide.