AWS Security ChangesHomeSearch

AWS whitepapers documentation change

Service: whitepapers · 2026-06-19 · Documentation high

File: whitepapers/latest/aws-security-incident-response-guide/select-and-implement-querying-mechanisms.md

Summary

Removed all content discussing log querying tools (CloudWatch Insights, Athena, OpenSearch) and SIEM integration strategies for security investigations.

Security assessment

Deletion of querying mechanisms documentation eliminates security operational guidance without evidence of fixing a vulnerability. This may impair users' ability to analyze security logs during incidents, but doesn't directly resolve a security flaw.

Diff

diff --git a/whitepapers/latest/aws-security-incident-response-guide/select-and-implement-querying-mechanisms.md b/whitepapers/latest/aws-security-incident-response-guide/select-and-implement-querying-mechanisms.md
index 94357bd45..8b1378917 100644
--- a//whitepapers/latest/aws-security-incident-response-guide/select-and-implement-querying-mechanisms.md
+++ b//whitepapers/latest/aws-security-incident-response-guide/select-and-implement-querying-mechanisms.md
@@ -1 +0,0 @@
-[View a markdown version of this page](select-and-implement-querying-mechanisms.md)
@@ -3,31 +1,0 @@
-[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#select-and-implement-querying-mechanisms "Open PDF")
-
-[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html)
-
-# Select and implement querying mechanisms for logs
-
-In AWS, the main services you can use to query logs are [CloudWatch Logs Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html) for data stored in CloudWatch log groups, and [Amazon Athena](https://aws.amazon.com/athena/) and [Amazon OpenSearch Service](https://aws.amazon.com/opensearch-service/) for data stored in Amazon S3. You can also use third-party querying tools such as a security information and event management (SIEM). 
-
-The process for selecting a log querying tool should consider the people, process, and technology aspects of your security operations. Select a tool that fulfills operational, business, and security requirements, and is both accessible and maintainable in the long term. Keep in mind that log querying tools work optimally when the number of logs to be scanned is kept within the tool’s limits. It is not uncommon for customers to have multiple querying tools because of cost or technical constraints. For example, customers might use a third-party SIEM to perform queries for the last 90 days of data, and use Athena to perform queries beyond 90 days because of the log ingestion cost of a SIEM. No matter the implementation, verify that your approach minimizes the number of tools required to maximize operational efficiency, especially during a security event investigation. 
-
-![Warning](https://d1ge0kk1l5kms0.cloudfront.net/images/G/01/webservices/console/warning.png) **Javascript is disabled or is unavailable in your browser.**
-
-To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.
-
-[Document Conventions](/general/latest/gr/docconventions.html)
-
-Identify appropriate log retention 
-
-Use logs for alerting
-
-Did this page help you? - Yes
-
-Thanks for letting us know we're doing a good job!
-
-If you've got a moment, please tell us what we did right so we can do more of it.
-
-Did this page help you? - No
-
-Thanks for letting us know this page needs work. We're sorry we let you down.
-
-If you've got a moment, please tell us how we can make the documentation better.