AWS cli documentation change
Summary
Added AWS::SecurityHub::HubV2 resource type and AllowFieldUpdates parameter for configuration drift remediation in telemetry resources
Security assessment
The change adds documentation for a new feature that detects and remediates configuration drift in telemetry resources (like VPC flow logs), which helps maintain security monitoring integrity. However, there's no evidence this addresses a specific security vulnerability or incident.
Diff
diff --git a/cli/latest/reference/observabilityadmin/create-telemetry-rule.md b/cli/latest/reference/observabilityadmin/create-telemetry-rule.md index 53f909854..cb766e5d6 100644 --- a//cli/latest/reference/observabilityadmin/create-telemetry-rule.md +++ b//cli/latest/reference/observabilityadmin/create-telemetry-rule.md @@ -15 +15 @@ - * [AWS CLI 2.34.32 Command Reference](../../index.html) » + * [AWS CLI 2.34.34 Command Reference](../../index.html) » @@ -131,0 +132 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/observ +>> * `AWS::SecurityHub::HubV2` @@ -478,0 +480,4 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/observ +> AllowFieldUpdates -> (boolean) +> +>> If set to `true` , Amazon CloudWatch Observability Admin detects and remediates configuration drift in telemetry resources that it manages. For example, if a VPC flow log’s format, traffic type, or aggregation interval no longer matches the rule’s destination configuration, the flow log is replaced with one that matches. Only Observability Admin-managed resources are updated; customer-created resources are never modified. Currently supported for `AWS::EC2::VPC` resources (VPC flow logs). +> @@ -505 +510 @@ JSON Syntax: - "ResourceType": "AWS::EC2::Instance"|"AWS::EC2::VPC"|"AWS::Lambda::Function"|"AWS::CloudTrail"|"AWS::EKS::Cluster"|"AWS::WAFv2::WebACL"|"AWS::ElasticLoadBalancingV2::LoadBalancer"|"AWS::Route53Resolver::ResolverEndpoint"|"AWS::BedrockAgentCore::Runtime"|"AWS::BedrockAgentCore::Browser"|"AWS::BedrockAgentCore::CodeInterpreter"|"AWS::BedrockAgentCore::Gateway"|"AWS::BedrockAgentCore::Memory"|"AWS::SecurityHub::Hub"|"AWS::CloudFront::Distribution", + "ResourceType": "AWS::EC2::Instance"|"AWS::EC2::VPC"|"AWS::Lambda::Function"|"AWS::CloudTrail"|"AWS::EKS::Cluster"|"AWS::WAFv2::WebACL"|"AWS::ElasticLoadBalancingV2::LoadBalancer"|"AWS::Route53Resolver::ResolverEndpoint"|"AWS::BedrockAgentCore::Runtime"|"AWS::BedrockAgentCore::Browser"|"AWS::BedrockAgentCore::CodeInterpreter"|"AWS::BedrockAgentCore::Gateway"|"AWS::BedrockAgentCore::Memory"|"AWS::SecurityHub::Hub"|"AWS::CloudFront::Distribution"|"AWS::SecurityHub::HubV2", @@ -581,0 +587 @@ JSON Syntax: + "AllowFieldUpdates": true|false, @@ -766 +772 @@ RuleArn -> (string) - * [AWS CLI 2.34.32 Command Reference](../../index.html) » + * [AWS CLI 2.34.34 Command Reference](../../index.html) »