AWS AmazonCloudWatch medium security documentation change
Summary
Removed entry about CloudWatch Logs anomaly detection KMS policy update that added aws:SourceAccount and aws:SourceArn conditions
Security assessment
The removed entry explicitly describes a security improvement by narrowing KMS key usage scope through added policy conditions. Removing this documentation could indicate deprecation of a security best practice, though the change itself is documentation removal rather than a code change.
Diff
diff --git a/AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md b/AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md index b397c5d53..a7a2da3cb 100644 --- a//AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md +++ b//AmazonCloudWatch/latest/logs/DocumentHistory_cwl.md @@ -11 +10,0 @@ Change| Description| Date -CloudWatch Logs anomaly detection updated example policy| CloudWatch Logs updated the KMS example policy to reduce its scope and improve security to by adding conditions for `aws:SourceAccount` and `aws:SourceArn`. For more information, see [Encrypt an anomaly detector and its results with AWS KMS](https://docs.aws.amazon.com/AmazonCloudWatch/latest/LogsAnomalyDetection-KMS.html)| July 14, 2025