AWS controltower documentation change
Summary
Added requirement for active AWS CloudTrail trail to receive AWS Control Tower lifecycle events in Amazon EventBridge
Security assessment
The change documents a security-related dependency on CloudTrail logging for event delivery, emphasizing audit trail requirements. This improves security documentation but does not address a specific vulnerability.
Diff
diff --git a/controltower/latest/userguide/lifecycle-events.md b/controltower/latest/userguide/lifecycle-events.md index 2fe444633..e9be3315f 100644 --- a//controltower/latest/userguide/lifecycle-events.md +++ b//controltower/latest/userguide/lifecycle-events.md @@ -17 +17 @@ Some events logged by AWS Control Tower are _lifecycle events_. A lifecycle even - * Each lifecycle event also is delivered to the Amazon EventBridge and Amazon CloudWatch Events services. + * Each lifecycle event also is delivered to the Amazon EventBridge and Amazon CloudWatch Events services. **Note:** To receive lifecycle events in EventBridge, you must have an active AWS CloudTrail trail with logging enabled. For more information about AWS service events delivered via AWS CloudTrail, see [AWS service events delivered via AWS CloudTrail](https://docs.aws.amazon.com//eventbridge/latest/userguide/eb-service-event-cloudtrail.html) in the Amazon EventBridge User Guide.