AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2026-05-04 · Documentation low

File: wellarchitected/2022-03-31/framework/sec_incident_response_auto_contain.md

Summary

Updated image description to detail specific AWS services in the WAF WebACL logs processing flow

Security assessment

Change only clarifies the technical implementation of automated IP blocking without indicating any security vulnerability resolution

Diff

diff --git a/wellarchitected/2022-03-31/framework/sec_incident_response_auto_contain.md b/wellarchitected/2022-03-31/framework/sec_incident_response_auto_contain.md
index 1972b00ca..b38bc9c78 100644
--- a//wellarchitected/2022-03-31/framework/sec_incident_response_auto_contain.md
+++ b//wellarchitected/2022-03-31/framework/sec_incident_response_auto_contain.md
@@ -15 +15 @@ Once you create and practice the processes and tools from your playbooks, you ca
-![AWS architecture diagram showing WAF WebACL logs processing and IP address blocking flow between accounts.](/images/wellarchitected/2022-03-31/framework/images/aws-waf-automate-block.png)
+![WAF WebACL logs flow through Kinesis Firehose , Lambda , and Event Bridge to update IPset.](/images/wellarchitected/2022-03-31/framework/images/aws-waf-automate-block.png)