AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-06-16 · Documentation low

File: AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md

Summary

Added AWS PCS logs to service table and modified required permissions to include logs:CreateLogGroups

Security assessment

Adds documentation about required permissions (including CreateLogGroups) for resource policies, which relates to access control security features but doesn't address a specific security vulnerability

Diff

diff --git a/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md b/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
index 62e03cefb..c29da08bb 100644
--- a//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
+++ b//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
@@ -63,0 +64 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
+[AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/monitoring-overview.html) logs | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
@@ -790 +791,2 @@ In addition to the permissions listed in the previous sections, if you are setti
-                    "logs:DescribeLogGroups"
+                    "logs:DescribeLogGroups",
+                    "logs:CreateLogGroups"