AWS Security ChangesHomeSearch

AWS AmazonCloudWatch medium security documentation change

Service: AmazonCloudWatch · 2025-07-18 · Security-related medium

File: AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md

Summary

Removed entry about CloudWatch Logs anomaly detection KMS policy update that added aws:SourceAccount and aws:SourceArn conditions

Security assessment

The removed entry explicitly describes a security improvement by narrowing KMS key usage scope through added policy conditions. Removing this documentation could indicate deprecation of a security best practice, though the change itself is documentation removal rather than a code change.

Diff

diff --git a/AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md b/AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md
index b397c5d53..a7a2da3cb 100644
--- a//AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md
+++ b//AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md
@@ -11 +10,0 @@ Change| Description| Date
-CloudWatch Logs anomaly detection updated example policy|  CloudWatch Logs updated the KMS example policy to reduce its scope and improve security to by adding conditions for `aws:SourceAccount` and `aws:SourceArn`. For more information, see [Encrypt an anomaly detector and its results with AWS KMS](https://docs.aws.amazon.com/AmazonCloudWatch/latest/LogsAnomalyDetection-KMS.html)| July 14, 2025