tawoyinfa
commented
4 days ago @sbrown-tecracer this will impact TEAM's auditing functionality and integration with CloudTrail Lake. It is on our radar.
Open sbrown-tecracer opened 4 days ago
tawoyinfa
commented
4 days ago @sbrown-tecracer this will impact TEAM's auditing functionality and integration with CloudTrail Lake. It is on our radar.
sbrown-tecracer
commented
4 days ago Perfect, thanks @tawoyinfa for the feedback 🤗
rapides
commented
4 days ago Thank you, @tawoyinfa, for your confirmation. Please keep our community updated about the potential changes and the migration steps to avoid work disruptions. Thanks in advance!
Will this AWS change affect TEAM functions for AWS CloudTrail Lake?
AWS Notification of forthcoming changes:
_[Action may be required] Upcoming changes to AWS CloudTrail logs of AWS IAM Identity Center
Hello,
You are receiving this communication because you have an AWS Identity and Access Management (IAM) Identity Center instance. Starting January 13, 2025, we will begin implementing changes to AWS CloudTrail fields that the IAM Identity Center service emits. These changes will minimize the logging of user-specific information in CloudTrail by IAM Identity Center, while simplifying user identification for your audit workflows.
We recommend updating workflows that process the userName, principalId, userIdentity type, or group displayName fields in CloudTrail events for IAM Identity Center before these changes take effect on January 13, 2025. To simplify user identification, IAM Identity Center now emits userId and Identity Store Amazon Resource Name (ARN) in the userIdentity element in CloudTrail. The AWS Security blog post "Important changes to CloudTrail events for AWS IAM Identity Center" provides further details about these changes, and guidance on how to update your workflows.
The following list summarizes the key activities and dates.
We recommend you immediately review your workflows, and update them if they use the affected CloudTrail fields. You will need to complete updates to your workflows before January 13, 2025.
Starting January 13, 2025, we will begin implementing changes to the existing fields: userName, principalId, userIdentity type, and group displayName. We estimate the changes to be deployed in all IAM Identity Center Regions by January 27, 2025.
Please refer to the IAM Identity Center user guide "IAM Identity Center information in CloudTrail" and "Understanding IAM Identity Center sign-in events" for more details about the affected CloudTrail events. For the definition of the userIdentity element, please refer to the CloudTrail user guide "CloudTrail userIdentity element".
If you have additional questions, concerns, or comments about these changes, please reach out to AWS Support._