AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/logging-monitoring-for-application-owners/cloudtrail.md

Summary

Changed main heading to 'AWS CloudTrail', reformatted note about log validation, and updated 'CloudWatch' reference to 'Amazon CloudWatch'

Security assessment

Note about CloudTrail's log validation (a security feature) was reformatted but not substantively changed. No new security documentation was added.

Diff

diff --git a/prescriptive-guidance/latest/logging-monitoring-for-application-owners/cloudtrail.md b/prescriptive-guidance/latest/logging-monitoring-for-application-owners/cloudtrail.md
index c2f28d1f7..ed1aa4d02 100644
--- a//prescriptive-guidance/latest/logging-monitoring-for-application-owners/cloudtrail.md
+++ b//prescriptive-guidance/latest/logging-monitoring-for-application-owners/cloudtrail.md
@@ -9 +9 @@ Using CloudTrailUse cases for CloudTrailBest practices for CloudTrail
-# Application logging and monitoring using AWS CloudTrail
+# AWS CloudTrail
@@ -21,3 +21,2 @@ You can configure multiple trails differently so that the trails process and log
-###### Note
-
-CloudTrail has a validation feature that you can use to determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them. For more information about this feature and how to enable it, see [Validating CloudTrail log file integrity](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html) (CloudTrail documentation).
+Note CloudTrail has a validation feature that you can use to determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them. For more information about this feature and how to enable it, see [Validating CloudTrail log file integrity](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html) (CloudTrail documentation).  
+---  
@@ -80 +79 @@ AWS services for logging and monitoring
-CloudWatch
+Amazon CloudWatch