🟢 Low  | Source: AWS What’s New
AWS IoT Core has introduced two new CloudWatch log event types: Ping logs for MQTT keep-alive messages and Connection.AuthNError logs for failed authentication attempts. These additions give security and operations teams better visibility into device connectivity failures and credential or certificate issues across IoT fleets. This is a positive observability improvement rather than a vulnerability disclosure.
Architect’s Take: Enable event-level logging in AWS IoT Core and opt into both new event types immediately — feed Connection.AuthNError logs into your SIEM or CloudWatch alarms to detect potential credential stuffing or certificate misconfiguration across your IoT fleet at scale.
Original advisory: AWS IoT Core adds new logs to troubleshoot connectivity and authentication