AWS AmazonCloudWatch documentation change
Summary
Added specification that original log data is stored in the '@original_message' system field when 'Keep original log' is enabled.
Security assessment
This clarifies implementation details of an existing audit feature but doesn't introduce new security functionality or address vulnerabilities. The feature supports compliance but the change itself is an implementation detail update.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/Creating-pipelines.md b/AmazonCloudWatch/latest/monitoring/Creating-pipelines.md index c08a01856..d032288d3 100644 --- a//AmazonCloudWatch/latest/monitoring/Creating-pipelines.md +++ b//AmazonCloudWatch/latest/monitoring/Creating-pipelines.md @@ -25 +25 @@ You can also add conditional processing rules to supported processors using the -To preserve unmodified copies of your log data for audit or compliance purposes, enable the **Keep original log** toggle. When enabled, CloudWatch pipelines automatically stores a copy of each raw log event before any transformation takes place. This ensures that original data is always available for audits or investigations, even after processors modify the log events. The **Keep original log** toggle is only available for pipelines with a CloudWatch vended log source. +To preserve unmodified copies of your log data for audit or compliance purposes, enable the **Keep original log** toggle. When enabled, CloudWatch pipelines automatically stores a copy of each raw log event before any transformation takes place in the `@original_message` system field of the event. This ensures that original data is always available for audits or investigations, even after processors modify the log events. The **Keep original log** toggle is only available for pipelines with a CloudWatch vended log source.