AWS AmazonCloudWatch documentation change
Summary
Added entry about AIOpsReadOnlyAccess policy update permitting cross-account investigation group validation
Security assessment
The change documents expanded permissions in a managed policy but does not indicate remediation of a security vulnerability. While related to access control, there's no evidence this addresses an existing security weakness.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/DocumentHistory.md b/AmazonCloudWatch/latest/monitoring/DocumentHistory.md index 4a7e12917..00664f051 100644 --- a//AmazonCloudWatch/latest/monitoring/DocumentHistory.md +++ b//AmazonCloudWatch/latest/monitoring/DocumentHistory.md @@ -10,0 +11 @@ Change| Description| Date +AIOpsReadOnlyAccess policy updated| CloudWatch updated the **AIOpsReadOnlyAccess** policy to permit validation of investigation groups across accounts. For more information, see [AIOpsReadOnlyAccess policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-QInvestigations-AIOpsReadOnlyAccess).| June 23, 2025