# Document history
<a name="doc-history"></a>

The following table describes significant changes to this guide. If you want to be notified about future updates, you can subscribe to an [RSS feed](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-reference-architecture.rss).

| Change | Description | Date | 
| --- |--- |--- |
| [Content restructure and updates](#doc-history) |   Added guidance for [Security Hub](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-security-hub) and [AWS Nitro Enclaves](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/application.html#app-nitro-enclaves).   Restructured the AWS SRA to focus on the core architecture and moved the deep dive sections to separate guides for [identity management](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture-identity-management/), [perimeter security](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture-perimeter-security/), [cyber forensics](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture-cyber-forensics/), [generative AI](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture-generative-ai/), and [IoT](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture-iot/).   Updated existing guidance to include additional details for AWS CloudTrail, AWS Config, Amazon Detective, AWS Firewall Manager, Amazon GuardDuty, IAM Access Analyzer, Amazon Security Lake, AWS Shield Advanced, and AWS Audit Manager.   | December 22, 2025 | 
| [Major updates](#doc-history) |   Added information about new [IAM centralized root user access management, [resource control policies (RCPs)](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/org-management.html#mgmt-rcps), and [declarative policies](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/org-management.html#mgmt-declarative-policies)](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/org-management.html#mgmt-central-root-access).   Updated Security Hub CSPM references to new Security Hub CSPM.   Included new service features for [Amazon GuardDuty](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-guardduty) and [Security Hub CSPM](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-security-hub).   Added [AWS Security Incident Response service guidance](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-incident-response).   Updated IAM deep dive guidance to include VPC Lattice for machine-to-machine identity management.   Added a new deep dive guidance: SRA for IoT.   | August 29, 2025 | 
| [Additions and clarifications](#doc-history) |   In the [Security Tooling account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-kms) section, updated the AWS KMS guidance.   In the *Customer identity management* section, expanded the information about authorizing API Gateway.   Updated the *Generative AI* section to add a design consideration for OU and account design.   In the [AWS SRA code repository](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/code-repo.html) section, added information about the new [Patch Management solution](https://github.com/aws-samples/aws-security-reference-architecture-examples/tree/main/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org).   | September 12, 2024 | 
| [Major updates](#doc-history) |   Added two sections for deep dive architectural guidance: *Generative AI using Amazon Bedrock* and *Identity management*.   Updated the [AWS Identity and Access Management Access Analyzer](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-iam-analyzer), [Amazon Detective](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-detective), [Amazon Inspector](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-inspector), [AWS Artifact](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-artifact), [AWS Config](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-config), [Amazon Security Lake](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-security-lake), [AWS Security Hub CSPM](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html#tool-security-hub), and [Amazon CloudFront](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/network.html#network-cf) sections with new service features.   Updated the [AWS SRA code repository](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/code-repo.html) section to include the new Terraform deployment option and the addition of AWS Shield Advanced and AMI Bakery solutions.   | June 7, 2024 | 
| [Major updates](#doc-history) |   Updated the [Network account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/network.html) and [Application account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/application.html) sections to add architectural guidance for Amazon Verified Permissions, AWS Verified Access, and Amazon VPC Lattice.   Added deep dive architectural guidance based on security functionality.   Added [new guidance](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/ai-ml.html) around how AWS services use AI/ML to provide better security outcomes.   Added [guidance](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/phases.html) on how plan your security architecture in a phased manner.   | November 4, 2023 | 
| [Security Lake addition](#doc-history) | Updated the [Security Tooling account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html) and [Log Archive account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/log-archive.html) sections to add design guidance related to Amazon Security Lake. | September 22, 2023 | 
| [Minor updates](#doc-history) |   Updated existing guidance to reflect new AWS services features and best practices.   Updated architectural guidance for AWS CloudTrail, AWS IAM Identity Center, and edge security.   | May 10, 2023 | 
| [Survey](#doc-history) | Added a [short survey](https://amazonmr.au1.qualtrics.com/jfe/form/SV_e3XI1t37KMHU2ua) to gain a better understanding of how you use the AWS SRA in your organization. | December 14, 2022 | 
| [Source files for reference architecture diagrams](#doc-history) | In the [AWS Security Reference Architecture section](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/architecture.html), added a [download file](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/samples/aws-security-reference-architecture-diagrams.zip) that provides the architecture diagrams for this guide in editable PowerPoint format. | November 17, 2022 | 
| [Updates to *Security foundations* section](#doc-history) | In the [Security foundations section](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/foundations.html), updated the information about Well-Architected Framework pillars and security design principles. | September 27, 2022 | 
| [Major additions and updates](#doc-history) |   Added information about [how to use the AWS SRA and key implementation guidelines](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/value.html).   Added architectural guidance for additional AWS services such as AWS Artifact, Amazon Inspector, AWS RAM, Amazon Route 53, AWS Control Tower, AWS Audit Manager, Directory Service, Amazon Cognito, and Network Access Analyzer.   Updated existing guidance to reflect new AWS service features and best practices.   | July 25, 2022 | 
| [—](#doc-history) | Initial publication | June 23, 2021 |