AWS AmazonCloudWatch documentation change
Summary
Added ValidateInvestigationGroup permission to AIOpsReadOnlyAccess policy documentation
Security assessment
This updates security documentation by adding a new IAM permission but does not indicate resolution of a security vulnerability. The change expands authorization capabilities rather than patching a security flaw.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md b/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md index 7b1c101f0..73e2832da 100644 --- a//AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md +++ b//AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.md @@ -1579 +1579,2 @@ The following are the contents of the **AIOpsReadOnlyAccess** policy. - "aiops:List*" + "aiops:List*", + "aiops:ValidateInvestigationGroup" @@ -3654,0 +3656 @@ AmazonCloudWatchRUMReadOnlyAccess – Updated policy | CloudWatch added permiss +AIOpsReadOnlyAccess – Updated policy | CloudWatch updated the **AIOpsReadOnlyAccess** policy to permit validation of investigation groups across accounts. This policy grants a user read-only permissions for Amazon AI Operations and other related services. | June 5, 2025