AWS AmazonCloudWatch documentation change
Summary
Added AWS PCS logs to service table and modified required permissions to include logs:CreateLogGroups
Security assessment
Adds documentation about required permissions (including CreateLogGroups) for resource policies, which relates to access control security features but doesn't address a specific security vulnerability
Diff
diff --git a/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md b/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md index 62e03cefb..c29da08bb 100644 --- a//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md +++ b//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md @@ -63,0 +64 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup +[AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/monitoring-overview.html) logs | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions] @@ -790 +791,2 @@ In addition to the permissions listed in the previous sections, if you are setti - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "logs:CreateLogGroups"