AWS Security ChangesHomeSearch

AWS whitepapers documentation change

Service: whitepapers · 2026-04-16 · Documentation low

File: whitepapers/latest/navigating-gdpr-compliance/collecting-and-processing-logs.md

Summary

Updated documentation formatting, navigation links, and service references; corrected broken links and updated product names (e.g., Elasticsearch Service to OpenSearch Service, Quick to QuickSight); consolidated paragraphs and removed redundant historical reference note.

Security assessment

The changes are primarily editorial and navigational improvements, including updating links to current AWS documentation, fixing broken references, and standardizing product naming. No specific security vulnerability, weakness, or incident is mentioned or addressed. The content about security features (e.g., CloudWatch metric filters for root user access, log encryption) was already present and is only reformatted or linked differently.

Diff

diff --git a/whitepapers/latest/navigating-gdpr-compliance/collecting-and-processing-logs.md b/whitepapers/latest/navigating-gdpr-compliance/collecting-and-processing-logs.md
index b77f63282..91f5532b7 100644
--- a//whitepapers/latest/navigating-gdpr-compliance/collecting-and-processing-logs.md
+++ b//whitepapers/latest/navigating-gdpr-compliance/collecting-and-processing-logs.md
@@ -1 +1 @@
-[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#collecting-and-processing-logs "Open PDF")
+[View a markdown version of this page](collecting-and-processing-logs.md)
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](welcome.html)
+[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#collecting-and-processing-logs "Open PDF")
@@ -5 +5 @@
-This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
+[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](navigating-gdpr-compliance-on-aws.html)
@@ -9 +9 @@ This whitepaper is for historical reference only. Some content might be outdated
-CloudWatch Logs can be used to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, Route 53, and other sources. See the [AWS Services That Publish Logs to CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/aws-services-sending-logs.html) documentation page.
+[CloudWatch](https://aws.amazon.com/cloudwatch/) Logs can be used to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, Route 53, and other sources. See the [AWS Services That Publish Logs to CloudWatch Logs documentation page](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html). 
@@ -24 +24 @@ Logs information includes, for example:
-Custom application metrics and logs can also be published to CloudWatch Logs by installing the [CloudWatch Agent](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance.html) on Amazon EC2 instances or on-premises servers.
+Custom application metrics and logs can also be published to CloudWatch Logs by installing the CloudWatch Agent on Amazon EC2 instances or on-premises servers. 
@@ -28,3 +28 @@ Logs can be analyzed interactively using CloudWatch Logs Insights, performing qu
-CloudWatch Logs can be processed in near real-time by configuring subscription filters and delivered to other services such as an [Amazon OpenSearch Service](https://aws.amazon.com/elasticsearch-service/) (OpenSearch Service) cluster, an [Amazon Kinesis](https://aws.amazon.com/kinesis/) stream, an Amazon Data Firehose stream, or Lambda for custom processing, analysis, or loading to other systems.
-
-[CloudWatch metric filters](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringPolicyExamples.html) can be used to define patterns to look for in log data, transform them into numerical CloudWatch metrics, and set up alarms based on your business requirements. For example, following the AWS recommendation not to use the root user for everyday tasks, it is possible to [set up a specific CloudWatch metric filter](https://aws.amazon.com/blogs/security/how-to-receive-notifications-when-your-aws-accounts-root-access-keys-are-used/) on a CloudTrail log (delivered to CloudWatch Logs) to create a Custom metric and configure an alarm to notify the relevant stakeholders when root user credentials are used to access your AWS account.
+CloudWatch Logs can be processed in near real-time by configuring subscription filters and delivered to other services such as an [Amazon OpenSearch Service](https://aws.amazon.com/opensearch-service/) (OpenSearch Service) cluster, an [Amazon Kinesis](https://aws.amazon.com/kinesis/) stream, an [Amazon Data Firehose](https://aws.amazon.com/firehose/) stream, or [Lambda](https://aws.amazon.com/lambda/) for custom processing, analysis, or loading to other systems. CloudWatch metric filters can be used to define patterns to look for in log data, transform them into numerical CloudWatch metrics, and set up alarms based on your business requirements. For example, following the AWS recommendation not to use the root user for everyday tasks, it is possible to set up a specific CloudWatch metric filter on a CloudTrail log (delivered to CloudWatch Logs) to create a custom metric and configure an alarm to notify the relevant stakeholders when root user credentials are used to access your AWS account. 
@@ -32 +30 @@ CloudWatch Logs can be processed in near real-time by configuring subscription f
-Logs such as Amazon S3 server access logs, Elastic Load Balancing access logs, VPC flow logs, and AWS Global Accelerator flow logs can be delivered directly to an Amazon S3 bucket. For example, when you enable [Amazon Simple Storage Service server access logs](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html), you can get detailed information regarding the requests that are made to your Amazon S3; bucket. An access log record contains details about the request, such as the request type, the resources specified in the request, and the time and date the request was processed. For more information about the contents of a log message, see [Amazon Simple Storage Service Server Access Log Format](https://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html) in the _Amazon Simple Storage Service Developer Guide_. Server access logs are useful for many applications because they give bucket owners insight into the nature of requests made by clients that are not under their control. By default, Amazon S3 does not collect service access logs, but when you enable logging, Amazon S3 usually delivers access logs to your bucket within a few hours. If you require a faster delivery or need to deliver logs to multiple destinations, [consider using CloudTrail logs](https://docs.aws.amazon.com/AmazonS3/latest/dev/logging-with-S3.html) or a combination of both CloudTrail logs and Amazon S3. Logs can be encrypted at rest by configuring default object encryption in the destination bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or KMS keys (formerly AWS KMS Key) stored in [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS).
+Logs such as [Amazon S3 server access logs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html), [Elastic Load Balancing access logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html), [VPC flow logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html), and [AWS Global Accelerator flow logs](https://docs.aws.amazon.com/global-accelerator/latest/dg/monitoring-global-accelerator.flow-logs.html) can be delivered directly to an Amazon S3 bucket. For example, when you enable Amazon Simple Storage Service server access logs, you can get detailed information regarding the requests that are made to your Amazon S3 bucket. An access log record contains details about the request, such as the request type, the resources specified in the request, and the time and date the request was processed. For more information about the contents of a log message, see Amazon Simple Storage Service Server Access Log Format in the [Amazon Simple Storage Service User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html). Server access logs are useful for many applications because they give bucket owners insight into the nature of requests made by clients that are not under their control. By default, Amazon S3 does not collect service access logs, but when you enable logging, Amazon S3 usually delivers access logs to your bucket within a few hours. If you require a faster delivery or need to deliver logs to multiple destinations, consider using CloudTrail logs or a combination of both CloudTrail logs and Amazon S3. Logs can be encrypted at rest by configuring default object encryption in the destination bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or KMS keys (formerly AWS KMS Key) stored in [AWS Key Management Service (AWS KMS)](https://aws.amazon.com/kms/). 
@@ -34 +32 @@ Logs such as Amazon S3 server access logs, Elastic Load Balancing access logs, V
-Logs stored in an Amazon S3 bucket can be queried and analyzed using [Amazon Athena](https://aws.amazon.com/athena). Amazon Athena is an interactive query service that enables you to analyze data in S3 using standard SQL. You can use Athena to run ad-hoc queries using ANSI SQL, without the need to aggregate or load the data into Athena. Athena can process unstructured, semi-structured, and structured data sets and integrates with [Amazon Quick](https://aws.amazon.com/quicksight/) for easy visualization.
+Logs stored in an Amazon S3 bucket can be queried and analyzed using [Amazon Athena](https://aws.amazon.com/athena/). Amazon Athena is an interactive query service that enables you to analyze data in S3 using standard SQL. You can use Athena to run ad-hoc queries using ANSI SQL, without the need to aggregate or load the data into Athena. Athena can process unstructured, semi-structured, and structured data sets and integrates with [Amazon Quick Sight](https://aws.amazon.com/quicksight/?ams%23interactive-card-vertical%23pattern-data.filter=%257B%2522filters%2522%253A%255B%255D%257D) for easy visualization. 
@@ -38 +36 @@ Logs are also a useful source of information for automated threat detection. [Am
-[Amazon Security Lake](https://aws.amazon.com/security-lake/) can be used to automatically centralize security data from AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake stored in your AWS account. With Security Lake, you can get a more complete understanding of your security data across your entire organization. Security Lake has adopted the [Open Cybersecurity Schema Framework (OCSF)](https://ocsf.io/), an open standard. With OCSF support, the service normalizes and combines security data from AWS and a broad range of enterprise security data sources. 
+[Amazon Security Lake](https://aws.amazon.com/security-lake/) can be used to automatically centralize security data from AWS environments, SaaS providers, on-premises, and cloud sources into a purpose-built data lake stored in your AWS account. With Security Lake, you can get a more complete understanding of your security data across your entire organization. Security Lake has adopted the Open Cybersecurity Schema Framework (OCSF), an open standard. With OCSF support, the service normalizes and combines security data from AWS and a broad range of enterprise security data sources. 
@@ -48 +46 @@ Compliance Auditing and Security Analytics
-Discovering and Protecting Data at Scale
+Discovering and Protecting Data at Scale with Amazon Macie