AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-05-31 · Documentation low

File: AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md

Summary

Formatting fixes for IAM permission names and expanded list of required actions in custom IAM policy

Security assessment

While this clarifies IAM permission requirements (security documentation), there is no evidence of addressing a specific security vulnerability. The change improves accuracy of security policy documentation but doesn't mitigate an active threat.

Diff

diff --git a/AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md b/AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md
index b98c59e0c..b682d8251 100644
--- a//AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md
+++ b//AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md
@@ -42 +42 @@ You must have one of the following:
-  * CloudWatchLogsFullAccess permission
+  * `CloudWatchLogsFullAccess` permission
@@ -44 +44 @@ You must have one of the following:
-  * CloudWatchLogsReadOnlyAccess permission
+  * `CloudWatchLogsReadOnlyAccess` permission
@@ -46 +46 @@ You must have one of the following:
-  * Custom IAM policy including the `cloudwatch:GenerateQueryResultsSummary` action
+  * Custom IAM policy including the `cloudwatch:GenerateQueryResultsSummary`, `logs:GetQueryResults`, `logs:DescribeQueries` and `ogs:FilterLogEvents` actions