AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-05-25 · Documentation low

File: AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md

Summary

Updated log service entries and removed log group resource policy size limit section

Security assessment

The removed section described policy size mitigation strategies but did not indicate a security vulnerability. Changes appear to be documentation cleanup.

Diff

diff --git a/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md b/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
index 52783b45a..2a4b18e5c 100644
--- a//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
+++ b//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
@@ -39,0 +40 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
+[AWS Entity Resolution logs](https://docs.aws.amazon.com/entityresolution/latest/userguide/what-is-service.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
@@ -52 +53 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ Amazon SES mail manager logging](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
+[ Amazon SES logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
@@ -71 +72 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-Amazon Simple Email Service logs | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
+[Amazon Simple Email Service logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
@@ -514,6 +514,0 @@ The log group where the logs are being sent must have a resource policy that inc
-**Log group resource policy size limit considerations**
-
-These services must list each log group that they're sending logs to in the resource policy, and CloudWatch Logs resource policies are limited to 5120 characters. A service that sends logs to a large number of log groups may run into this limit.
-
-To mitigate this, CloudWatch Logs monitors the size of resource policies used by the service that is sending logs, and when it detects that a policy approaches the size limit of 5120 characters, CloudWatch Logs automatically enables `/aws/vendedlogs/*` in the resource policy for that service. You can then start using log groups with names that start with `/aws/vendedlogs/` as the destinations for logs from these services.
-