AWS Security ChangesHomeSearch

AWS rolesanywhere documentation change

Service: rolesanywhere · 2025-06-28 · Documentation medium

File: rolesanywhere/latest/userguide/security-iam-awsmanpol.md

Summary

Added CloudWatch metric policy with namespace restrictions

Security assessment

Documents security best practice by restricting CloudWatch permissions to specific namespaces, though no vulnerability is addressed

Diff

diff --git a/rolesanywhere/latest/userguide/security-iam-awsmanpol.md b/rolesanywhere/latest/userguide/security-iam-awsmanpol.md
index 5b5361b4e..595e418dd 100644
--- a//rolesanywhere/latest/userguide/security-iam-awsmanpol.md
+++ b//rolesanywhere/latest/userguide/security-iam-awsmanpol.md
@@ -35,0 +36,6 @@ This policy includes the following permissions.
+JSON
+    
+
+****
+    
+    
@@ -65,0 +72,30 @@ This policy includes the following permissions.
+
+JSON
+    
+
+****
+    
+    
+    
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Action": [
+              "cloudwatch:PutMetricData"
+            ],
+            "Resource": "*",
+            "Condition": {
+              "StringEquals": {
+                "cloudwatch:namespace": [
+                  "AWS/RolesAnywhere",
+                  "AWS/Usage"
+                ]
+              }
+            }
+          }
+        ]
+      }
+    
+