{"results":[{"id":"amazon-mq-cloudtrail-control-plane-only","text":"Amazon MQ CloudTrail integration logs only control-plane API calls; ActiveMQ data-plane operations (message send/receive) and the ActiveMQ Web Console are NOT logged by CloudTrail.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"amazon-mq-cloudtrail-passwords-masked","text":"Amazon MQ masks `data` and `password` fields (replaced with `***`) in CloudTrail logs for CreateBroker, CreateUser, UpdateConfiguration, and UpdateUser operations.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"amazon-mq-cloudwatch-for-data-plane-logging","text":"Amazon MQ data-plane and ActiveMQ operation logging requires CloudWatch Logs (general and audit logs), not CloudTrail.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-streaming-8-null-byte-delimiter","text":"API Gateway Lambda streaming output format requires metadata JSON followed by exactly 8 null bytes as a delimiter before the streamed payload, and the metadata must appear within the first 16KB of stream data.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-streaming-requires-mode-and-format","text":"API Gateway Lambda response streaming requires both the response transfer mode set to `Stream` and function code adhering to the required metadata+delimiter format — mismatched combinations return a 500 error or missing response body.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-apigateway-vs-execute-api-planes","text":"API Gateway has two service components: `apigateway` (management plane for API creation) and `execute-api` (data plane for API invocation) — this distinction matters for IAM policy actions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-websocket-at-connections-api-push","text":"The `@connections` API allows backend services to send POST requests to push data to specific connected WebSocket API clients.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"app-autoscaling-four-scaling-policies","text":"Application Auto Scaling supports four scaling policy types: target tracking (metric-driven), step scaling (alarm-breach-driven), scheduled scaling (time-driven), and predictive scaling (ML on historical data).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"app-autoscaling-logs-management-events-only","text":"Application Auto Scaling logs all control plane operations as management events (not data events) in CloudTrail.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appconfig-data-event-resource-type","text":"AppConfig data events use `AWS::AppConfig::Configuration` as the `resources.type` value in CloudTrail advanced event selectors.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appconfig-data-events-require-explicit-enablement","text":"AppConfig data plane operations (GetLatestConfiguration, StartConfigurationSession) are not logged by CloudTrail by default — they must be explicitly enabled and incur additional charges.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appflow-response-elements-not-logged","text":"Amazon AppFlow intentionally omits response elements from CloudTrail log entries because they may contain sensitive data.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-aurora-integration-via-data-api","text":"AppSync integrates with Aurora Serverless (PostgreSQL) specifically via the RDS Data API, not via direct database connections.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-cloudtrail-data-event-resource-type","text":"The CloudTrail resource type for AppSync data event filtering is `AWS::AppSync::GraphQLApi`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-cloudtrail-field-authorization-results","text":"AppSync CloudTrail data events include field-level authorization results in `additionalEventData.fieldAuthorizationResults`, showing `allowedFields` and `deniedFields`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-cloudtrail-websocket-connect-only","text":"For AppSync real-time endpoints, only the WebSocket connect operation is logged as a CloudTrail data event — messages sent over the WebSocket are not logged.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-data-events-not-logged-by-default","text":"AppSync GraphQL data events (query/mutation/subscription operations) are not logged by CloudTrail by default — they must be explicitly enabled and incur additional charges.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-graphql-api-three-components","text":"An AWS AppSync GraphQL API requires three core components: a schema, data sources, and resolvers.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-js-resolver-eight-data-sources","text":"APPSYNC_JS resolvers support eight data source types: DynamoDB, OpenSearch, Lambda, EventBridge, None, HTTP, RDS, and Bedrock.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appsync-none-data-source-local-resolvers","text":"The AppSync None data source is used for local resolvers that don't call an external service, commonly used for pub/sub subscriptions and pass-through operations.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":410,"limit":20,"offset":0}