AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-07-01 · Documentation low

File: AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md

Summary

Added ValidateInvestigationGroup permission to AIOpsReadOnlyAccess policy documentation

Security assessment

This updates security documentation by adding a new IAM permission but does not indicate resolution of a security vulnerability. The change expands authorization capabilities rather than patching a security flaw.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md b/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md
index 7b1c101f0..73e2832da 100644
--- a//AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md
+++ b//AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md
@@ -1579 +1579,2 @@ The following are the contents of the **AIOpsReadOnlyAccess** policy.
-            "aiops:List*"
+            "aiops:List*",
+            "aiops:ValidateInvestigationGroup"
@@ -3654,0 +3656 @@ AmazonCloudWatchRUMReadOnlyAccess – Updated policy |  CloudWatch added permiss
+AIOpsReadOnlyAccess – Updated policy |  CloudWatch updated the **AIOpsReadOnlyAccess** policy to permit validation of investigation groups across accounts. This policy grants a user read-only permissions for Amazon AI Operations and other related services. | June 5, 2025