AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/application-tracing-xray.md

Summary

Fixed broken links, updated URLs to remove double slashes, corrected apostrophe usage, and improved line breaks in documentation about AWS X-Ray implementation.

Security assessment

Changes primarily involve URL formatting fixes, typo corrections, and minor text formatting. No explicit security vulnerabilities, incidents, or new security features are addressed. The recommendation for organization-based S3 bucket policies references existing security best practices but does not introduce new security documentation.

Diff

diff --git a/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/application-tracing-xray.md b/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/application-tracing-xray.md
index e6e3bb885..ba51bf3a2 100644
--- a//prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/application-tracing-xray.md
+++ b//prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/application-tracing-xray.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Designing and implementing logging and monitoring with Amazon CloudWatch ](welcome.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Designing and implementing logging and monitoring with Amazon CloudWatch](introduction.html)
@@ -11 +11 @@ Deploying the X-Ray daemon to trace applications and services on Amazon EC2Deplo
-A request through your application might consist of calls to databases, applications, and web services running in on-premises servers, Amazon EC2, containers, or Lambda. By implementing application tracing, you can quickly identify the root cause of issues in your applications that use distributed components and services. You can use [AWS X-Ray](https://docs.aws.amazon.com//xray/latest/devguide/aws-xray.html) to trace your application requests across multiple components. X-Ray samples and visualizes requests on a [service graph](https://docs.aws.amazon.com//xray/latest/devguide/xray-concepts.html#xray-concepts-servicegraph) when they flow through your application components and each component is represented as a segment. X-Ray generates trace identifiers so that you can correlate a request when it flows through multiple components, which helps you view the request from end to end. You can further enhance this by including annotations and metadata to help uniquely search for and identify the characteristics of a request. 
+A request through your application might consist of calls to databases, applications, and web services running in on-premises servers, Amazon EC2, containers, or Lambda. By implementing application tracing, you can quickly identify the root cause of issues in your applications that use distributed components and services. You can use [AWS X-Ray](https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html) to trace your application requests across multiple components. X-Ray samples and visualizes requests on a [service graph](https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-servicegraph) when they flow through your application components and each component is represented as a segment. X-Ray generates trace identifiers so that you can correlate a request when it flows through multiple components, which helps you view the request from end to end. You can further enhance this by including annotations and metadata to help uniquely search for and identify the characteristics of a request.
@@ -17 +17 @@ X-Ray provides an X-Ray daemon that you can install and run on Amazon EC2 and Am
-If your application components make calls to external services that can't configure and install the X-Ray daemon or instrument the code, you can create [subsegments to wrap calls to external services](https://docs.aws.amazon.com//xray/latest/devguide/xray-api-sendingdata.html). X-Ray correlates CloudWatch logs and metrics with your application traces if you are using the AWS X-Ray SDK for Java, which means you can quickly analyze the related metrics and logs for requests.
+If your application components make calls to external services that can't configure and install the X-Ray daemon or instrument the code, you can create [subsegments to wrap calls to external services](https://docs.aws.amazon.com/xray/latest/devguide/xray-api-sendingdata.html). X-Ray correlates CloudWatch logs and metrics with your application traces if you are using the AWS X-Ray SDK for Java, which means you can quickly analyze the related metrics and logs for requests.
@@ -21 +21 @@ If your application components make calls to external services that can't config
-You need to install and run the X-Ray daemon on the EC2 instances that your application components or microservices run on. You can use a [user data script](https://docs.aws.amazon.com//xray/latest/devguide/xray-daemon-ec2.html) to deploy the X-Ray daemon when EC2 instances are provisioned or you can include it in the AMI build process if you create your own AMIs. This can be particularly useful when EC2 instances are ephemeral. 
+You need to install and run the X-Ray daemon on the EC2 instances that your application components or microservices run on. You can use a [user data script](https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-ec2.html) to deploy the X-Ray daemon when EC2 instances are provisioned or you can include it in the AMI build process if you create your own AMIs. This can be particularly useful when EC2 instances are ephemeral.
@@ -23 +23 @@ You need to install and run the X-Ray daemon on the EC2 instances that your appl
-You should use State Manager to ensure that the X-Ray daemon is consistently installed on your EC2 instances. For Amazon EC2 Windows instances, you can use the Systems Manager [AWS-RunPowerShellScript document](https://docs.aws.amazon.com//systems-manager/latest/userguide/walkthrough-powershell.html#walkthrough-powershell-run-script) to run the [Windows script](https://docs.aws.amazon.com//xray/latest/devguide/xray-daemon-ec2.html) that downloads and installs the X-Ray agent. For EC2 instances on Linux, you can use the AWS-RunShellScript document to run the Linux script that [downloads and installs the agent as a service](https://docs.aws.amazon.com//xray/latest/devguide/xray-daemon-ec2.html).
+You should use State Manager to ensure that the X-Ray daemon is consistently installed on your EC2 instances. For Amazon EC2 Windows instances, you can use the Systems Manager [AWS-RunPowerShellScript document](https://docs.aws.amazon.com/systems-manager/latest/userguide/walkthrough-powershell.html#walkthrough-powershell-run-script) to run the [Windows script](https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-ec2.html) that downloads and installs the X-Ray agent. For EC2 instances on Linux, you can use the AWS-RunShellScript document to run the Linux script that [downloads and installs the agent as a service](https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-ec2.html).
@@ -25 +25,3 @@ You should use State Manager to ensure that the X-Ray daemon is consistently ins
-You can use the Systems Manager [AWS-RunRemoteScript document](https://docs.aws.amazon.com//systems-manager/latest/userguide/walkthrough-cli.html#walkthrough-cli-example-3) to run the script in a multi-account environment. You must create an S3 bucket that is accessible from all your accounts and we recommend [creating an S3 bucket with an organization-based bucket policy](https://aws.amazon.com//blogs/security/iam-share-aws-resources-groups-aws-accounts-aws-organizations/) if you use AWS Organizations. You then upload the scripts to the S3 bucket but make sure that the IAM role for your EC2 instances has permission to access the bucket and scripts.
+You can use the Systems Manager [AWS-RunRemoteScript document](https://docs.aws.amazon.com/systems-manager/latest/userguide/walkthrough-cli.html#walkthrough-cli-example-3) to run the script in a multi-account environment. You must create an S3 bucket that is accessible from all your accounts and we recommend [creating an S3 bucket with an organization-based bucket policy](https://aws.amazon.com/blogs/security/iam-share-aws-resources-groups-aws-accounts-aws-organizations/)
+
+if you use AWS Organizations. You then upload the scripts to the S3 bucket but make sure that the IAM role for your EC2 instances has permission to access the bucket and scripts.
@@ -31 +33,3 @@ You can also configure State Manager to associate the scripts to EC2 instances t
-You can deploy the [X-Ray daemon](https://hub.docker.com/r/amazon/aws-xray-daemon/) as a sidecar container for container-based workloads such as Amazon ECS or Amazon EKS. Your application containers can then connect to your sidecar container with container linking if you use Amazon ECS, or the container can directly connect to the sidecar container on localhost if you use [awsvpc network mode](https://docs.aws.amazon.com//AmazonECS/latest/developerguide/task-networking.html). 
+You can deploy the [X-Ray daemon](https://hub.docker.com/r/amazon/aws-xray-daemon/)
+
+as a sidecar container for container-based workloads such as Amazon ECS or Amazon EKS. Your application containers can then connect to your sidecar container with container linking if you use Amazon ECS, or the container can directly connect to the sidecar container on localhost if you use [awsvpc network mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html).
@@ -37 +41 @@ For Amazon EKS, you can define the X-Ray daemon in your application's pod defini
-Your application might include calls to Lambda functions. You don’t need to install the X-Ray daemon for Lambda because the daemon process is fully managed by Lambda and cannot be configured by the user. You can enable it for your Lambda function by using the AWS Management Console and checking the **Active Tracing** option in the X-Ray console. 
+Your application might include calls to Lambda functions. You don't need to install the X-Ray daemon for Lambda because the daemon process is fully managed by Lambda and cannot be configured by the user. You can enable it for your Lambda function by using the AWS Management Console and checking the **Active Tracing** option in the X-Ray console.
@@ -43 +47 @@ For further instrumentation, you can bundle the X-Ray SDK with your Lambda funct
-You should evaluate the X-Ray SDK that aligns with your application's programming language and classify all calls that your application makes to other systems. Review the clients provided by the library that you chose and see if the SDK can automatically instrument tracing for your application's request or response. Determine if the clients provided by the SDK can be used for other downstream systems. For external systems that your application calls and that you can’t instrument with X-Ray, you should create a custom subsegments to capture and identify them in your trace information.
+You should evaluate the X-Ray SDK that aligns with your application's programming language and classify all calls that your application makes to other systems. Review the clients provided by the library that you chose and see if the SDK can automatically instrument tracing for your application's request or response. Determine if the clients provided by the SDK can be used for other downstream systems. For external systems that your application calls and that you can't instrument with X-Ray, you should create a custom subsegments to capture and identify them in your trace information.
@@ -47 +51 @@ When you instrument your application, make sure that you create annotations to h
-You can create a maximum of 50 annotations for each trace but you can create a metadata object containing one or more fields as long as the segment document doesn’t exceed 64 kilobytes. You should selectively use annotations to locate information and use the metadata object to provide more context that helps troubleshoot the request after it is located.
+You can create a maximum of 50 annotations for each trace but you can create a metadata object containing one or more fields as long as the segment document doesn't exceed 64 kilobytes. You should selectively use annotations to locate information and use the metadata object to provide more context that helps troubleshoot the request after it is located.
@@ -51 +55 @@ You can create a maximum of 50 annotations for each trace but you can create a m
-By [customizing sampling rules](https://docs.aws.amazon.com//xray/latest/devguide/xray-console-sampling.html?icmpid=docs_xray_console), you can control the amount of data that you record and modify the sampling behavior without modifying or redeploying your code. Sampling rules tell the X-Ray SDK how many requests to record for a set of criteria. By default, the X-Ray SDK records the first request each second and five percent of any additional requests. One request per second is the reservoir. This ensures that at least one trace is recorded each second as long as the service is serving requests. Five percent is the rate at which additional requests are sampled beyond the reservoir size.
+By [customizing sampling rules](https://docs.aws.amazon.com/xray/latest/devguide/xray-console-sampling.html?icmpid=docs_xray_console), you can control the amount of data that you record and modify the sampling behavior without modifying or redeploying your code. Sampling rules tell the X-Ray SDK how many requests to record for a set of criteria. By default, the X-Ray SDK records the first request each second and five percent of any additional requests. One request per second is the reservoir. This ensures that at least one trace is recorded each second as long as the service is serving requests. Five percent is the rate at which additional requests are sampled beyond the reservoir size.