AWS AmazonCloudWatch documentation change
Summary
Fixed Security Hub log group pattern and added new sections for Amazon MSK Cluster Metrics, OpenTelemetry Enrichment Metrics, and Amazon Bedrock Agentcore Workload Identity logging configurations
Security assessment
The Security Hub log pattern correction is a documentation fix without security implications. The new telemetry sources are general observability features, not security-specific capabilities.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/telemetry-config-rules.md b/AmazonCloudWatch/latest/monitoring/telemetry-config-rules.md index c92c302c5..70305ad10 100644 --- a//AmazonCloudWatch/latest/monitoring/telemetry-config-rules.md +++ b//AmazonCloudWatch/latest/monitoring/telemetry-config-rules.md @@ -321 +321 @@ When enabling Security Hub logging: - * Uses managed CloudWatch log group pattern /aws/securityhub_cspm/findings + * Uses managed CloudWatch log group pattern aws/securityhub_cspm/findings @@ -371,0 +372,40 @@ When enabling CloudFront Distribution logging: +**Amazon MSK Cluster Metrics** + + +When enabling MSK Cluster metrics: + + * Only supports METRICS telemetry type + + * You can configure enhanced monitoring levels (PER_BROKER, PER_TOPIC_PER_BROKER, etc.) to control the granularity of metrics collected + + * Rules with different enhanced monitoring levels can coexist for the same MSK cluster + + + + +**OpenTelemetry Enrichment Metrics** + + +When enabling OpenTelemetry Enrichment metrics: + + * Only supports METRICS telemetry type + + * This is an account-level enablement with no user-configurable destination + + * Resource-level selection criteria is not supported + + + + +**Amazon Bedrock Agentcore Workload Identity** + + +When enabling Bedrock Agentcore Workload Identity logging: + + * Uses default CloudWatch log group pattern /aws/bedrock/agentcore if none specified + + * CloudWatch does not enable log deliveries for Bedrock Agentcore Workload Identity that already are ingesting logs to CloudWatch Logs + + + +