AWS AmazonCloudWatch documentation change
Summary
Updated log service entries and removed log group resource policy size limit section
Security assessment
The removed section described policy size mitigation strategies but did not indicate a security vulnerability. Changes appear to be documentation cleanup.
Diff
diff --git a/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md b/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md index 52783b45a..2a4b18e5c 100644 --- a//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md +++ b//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md @@ -39,0 +40 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup +[AWS Entity Resolution logs](https://docs.aws.amazon.com/entityresolution/latest/userguide/what-is-service.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions] @@ -52 +53 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup -[ Amazon SES mail manager logging](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions] +[ Amazon SES logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions] @@ -71 +72 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup -Amazon Simple Email Service logs | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions] +[Amazon Simple Email Service logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions] @@ -514,6 +514,0 @@ The log group where the logs are being sent must have a resource policy that inc -**Log group resource policy size limit considerations** - -These services must list each log group that they're sending logs to in the resource policy, and CloudWatch Logs resource policies are limited to 5120 characters. A service that sends logs to a large number of log groups may run into this limit. - -To mitigate this, CloudWatch Logs monitors the size of resource policies used by the service that is sending logs, and when it detects that a policy approaches the size limit of 5120 characters, CloudWatch Logs automatically enables `/aws/vendedlogs/*` in the resource policy for that service. You can then start using log groups with names that start with `/aws/vendedlogs/` as the destinations for logs from these services. -