diff --git a/README.md b/README.md
index c879814320..6e201d9807 100644
--- a/README.md
+++ b/README.md
@@ -136,7 +136,7 @@ Fields related to the cloud or infrastructure the events are coming from.
| Field | Description | Level | Type | Example |
|---|---|---|---|---|
-| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | extended | keyword | `ec2` |
+| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | extended | keyword | `aws` |
| cloud.availability_zone | Availability zone in which this host is running. | extended | keyword | `us-east-1c` |
| cloud.region | Region in which this host is running. | extended | keyword | `us-east-1` |
| cloud.instance.id | Instance ID of the host machine. | extended | keyword | `i-1234567890abcdef0` |
diff --git a/fields.yml b/fields.yml
index 6c575007ee..ead652527d 100644
--- a/fields.yml
+++ b/fields.yml
@@ -222,7 +222,7 @@
fields:
- name: provider
level: extended
- example: ec2
+ example: aws
type: keyword
short: Name of the cloud provider.
description: >
diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
index b9349462e4..61beca9852 100644
--- a/generated/csv/fields.csv
+++ b/generated/csv/fields.csv
@@ -33,7 +33,7 @@ cloud.availability_zone,keyword,extended,us-east-1c,1.1.0-dev
cloud.instance.id,keyword,extended,i-1234567890abcdef0,1.1.0-dev
cloud.instance.name,keyword,extended,,1.1.0-dev
cloud.machine.type,keyword,extended,t2.medium,1.1.0-dev
-cloud.provider,keyword,extended,ec2,1.1.0-dev
+cloud.provider,keyword,extended,aws,1.1.0-dev
cloud.region,keyword,extended,us-east-1,1.1.0-dev
container.id,keyword,core,,1.1.0-dev
container.image.name,keyword,extended,,1.1.0-dev
diff --git a/generated/ecs/fields_flat.yml b/generated/ecs/fields_flat.yml
index aeb10c5f8b..76f4e401f7 100644
--- a/generated/ecs/fields_flat.yml
+++ b/generated/ecs/fields_flat.yml
@@ -321,7 +321,7 @@ cloud.machine.type:
cloud.provider:
description: Name of the cloud provider. Example values are aws, azure, gcp, or
digitalocean.
- example: ec2
+ example: aws
flat_name: cloud.provider
ignore_above: 1024
level: extended
diff --git a/generated/ecs/fields_nested.yml b/generated/ecs/fields_nested.yml
index aac1755f8b..5306c3413d 100644
--- a/generated/ecs/fields_nested.yml
+++ b/generated/ecs/fields_nested.yml
@@ -282,7 +282,7 @@ cloud:
provider:
description: Name of the cloud provider. Example values are aws, azure, gcp,
or digitalocean.
- example: ec2
+ example: aws
flat_name: cloud.provider
ignore_above: 1024
level: extended
diff --git a/generated/legacy/schema.csv b/generated/legacy/schema.csv
index b16f6b05dc..5272976113 100644
--- a/generated/legacy/schema.csv
+++ b/generated/legacy/schema.csv
@@ -20,7 +20,7 @@ cloud.availability_zone,keyword,extended,us-east-1c
cloud.instance.id,keyword,extended,i-1234567890abcdef0
cloud.instance.name,keyword,extended,
cloud.machine.type,keyword,extended,t2.medium
-cloud.provider,keyword,extended,ec2
+cloud.provider,keyword,extended,aws
cloud.region,keyword,extended,us-east-1
container.id,keyword,core,
container.image.name,keyword,extended,
diff --git a/schema.json b/schema.json
index 63a2c60ae3..75005384f6 100644
--- a/schema.json
+++ b/schema.json
@@ -241,7 +241,7 @@
},
"cloud.provider": {
"description": "Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.",
- "example": "ec2",
+ "example": "aws",
"footnote": "",
"group": 2,
"level": "extended",
diff --git a/schemas/cloud.yml b/schemas/cloud.yml
index 7b518d11ee..8d46138a3d 100644
--- a/schemas/cloud.yml
+++ b/schemas/cloud.yml
@@ -16,7 +16,7 @@
fields:
- name: provider
level: extended
- example: ec2
+ example: aws
type: keyword
short: Name of the cloud provider.
description: >