AWS AmazonCloudWatch documentation change
Summary
Formatting fixes for IAM permission names and expanded list of required actions in custom IAM policy
Security assessment
While this clarifies IAM permission requirements (security documentation), there is no evidence of addressing a specific security vulnerability. The change improves accuracy of security policy documentation but doesn't mitigate an active threat.
Diff
diff --git a/AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md b/AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md index b98c59e0c..b682d8251 100644 --- a//AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md +++ b//AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Results-Summary.md @@ -42 +42 @@ You must have one of the following: - * CloudWatchLogsFullAccess permission + * `CloudWatchLogsFullAccess` permission @@ -44 +44 @@ You must have one of the following: - * CloudWatchLogsReadOnlyAccess permission + * `CloudWatchLogsReadOnlyAccess` permission @@ -46 +46 @@ You must have one of the following: - * Custom IAM policy including the `cloudwatch:GenerateQueryResultsSummary` action + * Custom IAM policy including the `cloudwatch:GenerateQueryResultsSummary`, `logs:GetQueryResults`, `logs:DescribeQueries` and `ogs:FilterLogEvents` actions