AWS Security ChangesHomeSearch

AWS connecthealth documentation change

Service: connecthealth · 2026-03-19 · Documentation low

File: connecthealth/latest/userguide/logging-using-cloudtrail.md

Summary

Added detailed CloudTrail log entry example for CreateSubscription action and restructured sections

Security assessment

Added example log entry improves transparency but doesn't address vulnerabilities. Section changes are organizational. No evidence of security incident response or vulnerability mitigation. Logging examples aid auditing but aren't security feature documentation.

Diff

diff --git a/connecthealth/latest/userguide/logging-using-cloudtrail.md b/connecthealth/latest/userguide/logging-using-cloudtrail.md
index c6ed6c08d..6b99c5ac9 100644
--- a//connecthealth/latest/userguide/logging-using-cloudtrail.md
+++ b//connecthealth/latest/userguide/logging-using-cloudtrail.md
@@ -5 +5 @@
-AWS CloudTrail
+AWS CloudTrailUnderstanding Amazon Connect Health log file entries
@@ -28,0 +29,45 @@ Amazon Connect Health logs data plane API calls as data events. Data events are
+## Understanding Amazon Connect Health log file entries
+
+CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on.
+
+The following example shows a CloudTrail log entry that demonstrates the `CreateSubscription` action.
+    
+    
+    {
+      "eventVersion": "1.09",
+      "userIdentity": {
+        "type": "AssumedRole",
+        "principalId": "AROA123456789EXAMPLE:session-name",
+        "arn": "arn:aws:sts::123456789012:assumed-role/ExampleRole/session-name",
+        "accountId": "123456789012"
+      },
+      "eventTime": "2026-03-12T19:54:27Z",
+      "eventSource": "health-agent.amazonaws.com",
+      "eventName": "CreateSubscription",
+      "awsRegion": "us-west-2",
+      "sourceIPAddress": "192.0.2.1",
+      "userAgent": "aws-cli/2.18.6",
+      "requestParameters": {
+        "domainId": "dom-EXAMPLE1234567890"
+      },
+      "responseElements": {
+        "subscriptionId": "sub-EXAMPLE1234567890",
+        "domainId": "dom-EXAMPLE1234567890",
+        "status": "ACTIVE"
+      },
+      "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+      "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
+      "readOnly": false,
+      "resources": [
+        {
+          "accountId": "123456789012",
+          "type": "AWS::HealthAgent::Subscription",
+          "ARN": "arn:aws:health-agent:us-west-2:123456789012:domain/dom-EXAMPLE1234567890/subscription/*"
+        }
+      ],
+      "eventType": "AwsApiCall",
+      "managementEvent": true,
+      "recipientAccountId": "123456789012",
+      "eventCategory": "Management"
+    }
+
@@ -35 +80 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Identity and access management
+Monitoring
@@ -37 +82 @@ Identity and access management
-Compliance validation
+Quotas