AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-08-10 · Documentation low

File: AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md

Summary

Updated documentation table entries to include hyperlinks to permission documentation for various AWS services' log destinations (CloudWatch Logs, S3, Firehose). Added new entry for Amazon EventBridge event buses with V2 permissions.

Security assessment

Changes primarily involve adding references to permission documentation and standardizing links. While permissions relate to security configurations, there's no evidence of addressing a specific vulnerability or incident. The updates improve documentation clarity about existing security controls but don't introduce new security features or fixes.

Diff

diff --git a/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md b/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
index 085667b67..c71c650a9 100644
--- a//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
+++ b//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
@@ -5,2 +4,0 @@
-Logging that requires additional permissions [V1]Logging that requires additional permissions [V2]Cross-account delivery exampleCross-service confused deputy preventionPolicy updates
-
@@ -17 +15 @@ For services that require these permissions, there are two versions of the permi
-Log source | Log type | CloudWatch Logs | Amazon S3 | Firehose  
+Log source | Log type | [Logs sent to CloudWatch Logs](./AWS-logs-infrastructure-CWL.html) | [Logs sent to Amazon S3](./AWS-logs-infrastructure-S3.html) | [Logs sent to Firehose](./AWS-logs-infrastructure-Firehose.html)  
@@ -19 +17 @@ Log source | Log type | CloudWatch Logs | Amazon S3 | Firehose
-[ Amazon API Gateway access logs](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html) | Vended logs |  Supported [V1 Permissions] |  |   
+[ Amazon API Gateway access logs](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  |   
@@ -22,4 +20,4 @@ Log source | Log type | CloudWatch Logs | Amazon S3 | Firehose
-[Amazon Bedrock Knowledge bases logging](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-bases-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[Amazon Bedrock AgentCore](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/what-is-genesis.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[ Amazon Chime media quality metric logs and SIP message logs](https://docs.aws.amazon.com/chime/latest/ag/monitoring-cloudwatch.html#cw-logs) | Vended logs |  Supported [V1 Permissions] |  |   
-[ CloudFront: access logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
+[Amazon Bedrock Knowledge bases logging](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-bases-logging.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[Amazon Bedrock AgentCore](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/what-is-genesis.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[ Amazon Chime media quality metric logs and SIP message logs](https://docs.aws.amazon.com/chime/latest/ag/monitoring-cloudwatch.html#cw-logs) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  |   
+[ CloudFront: access logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
@@ -27,2 +25,2 @@ Log source | Log type | CloudWatch Logs | Amazon S3 | Firehose
-[ CloudWatch Evidently evaluation event logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Evidently-datastorage.html#CloudWatch-Evidently-datastorage-logformat) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] |   
-[ CloudWatch Internet Monitor logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-IM-view-cw-tools.S3_athena.html) | Vended logs |  | Supported [V1 Permissions] |   
+[ CloudWatch Evidently evaluation event logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Evidently-datastorage.html#CloudWatch-Evidently-datastorage-logformat) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |   
+[ CloudWatch Internet Monitor logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-IM-view-cw-tools.S3_athena.html) | Vended logs |  | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |   
@@ -31,2 +29,2 @@ Log source | Log type | CloudWatch Logs | Amazon S3 | Firehose
-Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[Amazon Cognito logs](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html) | Vended logs | Supported [V1 Permissions] |  |   
+Amazon CodeWhisperer event logs | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[Amazon Cognito logs](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  |   
@@ -35 +33 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ Amazon ElastiCache (Redis OSS) logs](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Log_Delivery.html) | Vended logs | Supported [V1 Permissions] |  | Supported [V1 Permissions]  
+[ Amazon ElastiCache (Redis OSS) logs](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Log_Delivery.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
@@ -39,4 +37,5 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[AWS Elemental MediaPackage access logs](https://docs.aws.amazon.com/mediapackage/latest/ug/access-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[AWS Elemental MediaTailor logs](https://docs.aws.amazon.com/mediatailor/latest/ug/monitoring-cw-logs.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[AWS Entity Resolution logs](https://docs.aws.amazon.com/entityresolution/latest/userguide/what-is-service.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[Amazon EventBridge Pipes logging](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-logs.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
+[AWS Elemental MediaPackage access logs](https://docs.aws.amazon.com/mediapackage/latest/ug/access-logging.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[AWS Elemental MediaTailor logs](https://docs.aws.amazon.com/mediatailor/latest/ug/monitoring-cw-logs.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[AWS Entity Resolution logs](https://docs.aws.amazon.com/entityresolution/latest/userguide/what-is-service.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[Amazon EventBridge Pipes logging](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-logs.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
+[Amazon EventBridge event buses](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-logs.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
@@ -44,3 +43,3 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[AWS Fault Injection Service experiment logs](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) | Vended logs |  | Supported [V1 Permissions] |   
-[Amazon FinSpace](https://docs.aws.amazon.com/finspace/latest/userguide/finspace-what-is.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
-[AWS Global Accelerator flow logs](https://docs.aws.amazon.com/global-accelerator/latest/dg/monitoring-global-accelerator.flow-logs.html) | Vended logs |  | Supported [V1 Permissions] |   
+[AWS Fault Injection Service experiment logs](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) | Vended logs |  | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |   
+[Amazon FinSpace](https://docs.aws.amazon.com/finspace/latest/userguide/finspace-what-is.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
+[AWS Global Accelerator flow logs](https://docs.aws.amazon.com/global-accelerator/latest/dg/monitoring-global-accelerator.flow-logs.html) | Vended logs |  | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |   
@@ -48,2 +47,2 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ IAM Identity Center error logs](https://docs.aws.amazon.com/singlesignon/latest/userguide/logging-ad-sync-errors.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[ Amazon Interactive Video Service chat logs](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/chat-logging.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
+[ IAM Identity Center error logs](https://docs.aws.amazon.com/singlesignon/latest/userguide/logging-ad-sync-errors.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[ Amazon Interactive Video Service chat logs](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/chat-logging.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
@@ -51 +50 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[AWS IoT FleetWise logs](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/logging-cw.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
+[AWS IoT FleetWise logs](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/logging-cw.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
@@ -54,5 +53,5 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ Amazon SES logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[AWS Mainframe Modernization](https://docs.aws.amazon.com/m2/latest/userguide/what-is-m2.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
-[ Amazon Managed Service for Prometheus logs](https://docs.aws.amazon.com/prometheus/latest/userguide/CW-logs.html) | Vended logs |  Supported [V1 Permissions] |  |   
-[ Amazon MSK broker logs](https://docs.aws.amazon.com/msk/latest/developerguide/msk-logging.html) | Vended logs |  Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
-[ Amazon MSK Connect logs](https://docs.aws.amazon.com/msk/latest/developerguide/msk-connect-logging.html) | Vended logs |  Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
+[ Amazon SES logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
+[AWS Mainframe Modernization](https://docs.aws.amazon.com/m2/latest/userguide/what-is-m2.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
+[ Amazon Managed Service for Prometheus logs](https://docs.aws.amazon.com/prometheus/latest/userguide/CW-logs.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  |   
+[ Amazon MSK broker logs](https://docs.aws.amazon.com/msk/latest/developerguide/msk-logging.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
+[ Amazon MSK Connect logs](https://docs.aws.amazon.com/msk/latest/developerguide/msk-connect-logging.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
@@ -60,2 +59,2 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[AWS Network Firewall logs](https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging.html) | Vended logs |  Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
-[ Network Load Balancer access logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html) | Vended logs |  | Supported [V1 Permissions] |   
+[AWS Network Firewall logs](https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
+[ Network Load Balancer access logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html) | Vended logs |  | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |   
@@ -63 +62 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ Amazon OpenSearch Service ingestion logs](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/monitoring-pipeline-logs.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
+[ Amazon OpenSearch Service ingestion logs](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/monitoring-pipeline-logs.html) | Vended logs | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) | [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
@@ -65 +64 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/monitoring-overview.html) logs | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
+[AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/monitoring-overview.html) logs | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
@@ -67 +66 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ Amazon Q Business conversation logs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/cw-logs-enable-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
+[ Amazon Q Business conversation logs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/cw-logs-enable-logging.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
@@ -70,5 +69,5 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ Amazon Route 53 resolver query logs](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.html) | Vended logs |  Supported [V1 Permissions] |  Supported [V1 Permissions] |   
-[ Amazon SageMaker AI events](https://docs.aws.amazon.com/sagemaker/latest/dg/logging-cloudwatch.html) | Vended logs |  Supported [V1 Permissions] |  |   
-[ Amazon SageMaker AI worker events](https://docs.aws.amazon.com/sagemaker/latest/dg/workteam-private-tracking.html) | Vended logs |  Supported [V1 Permissions] |  |   
-[AWS Site-to_Site VPN logs](https://docs.aws.amazon.com/vpn/latest/s2svpn/monitoring-logs.html) | Vended logs |  Supported [V1 Permissions] |  Supported [V1 Permissions] |  Supported [V1 Permissions]  
-[Amazon Simple Email Service logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
+[ Amazon Route 53 resolver query logs](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |   
+[ Amazon SageMaker AI events](https://docs.aws.amazon.com/sagemaker/latest/dg/logging-cloudwatch.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  |   
+[ Amazon SageMaker AI worker events](https://docs.aws.amazon.com/sagemaker/latest/dg/workteam-private-tracking.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  |   
+[AWS Site-to_Site VPN logs](https://docs.aws.amazon.com/vpn/latest/s2svpn/monitoring-logs.html) | Vended logs |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html) |  [Supported [V1 Permissions]](./AWS-vended-logs-permissions.html)  
+[Amazon Simple Email Service logs](https://docs.aws.amazon.com/ses/latest/dg/eb-logging.html) | Vended logs | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-CloudWatchLogs.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-S3.html) | [Supported [V2 Permissions]](./AWS-logs-infrastructure-V2-Firehose.html)  
@@ -77,1301 +76,10 @@ Amazon CodeWhisperer event logs | Vended logs | Supported [V2 Permissions] | Sup
-[ EC2 Spot Instance data feed files](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) | Vended logs |  | Supported [V1 Permissions] |   
-[AWS Step Functions Express Workflow and Standard Workflow logs](https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html) | Vended logs |  Supported [V1 Permissions] |  |   
-[ Storage Gateway audit logs and health logs](https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html) | Vended logs |  Supported [V1 Permissions] |  |   
-[AWS Transfer Family logs](https://docs.aws.amazon.com/transfer/latest/userguide/structured-logging.html) | Vended logs |  Supported [V1 Permissions] |  Supported [V1 Permissions] |  Supported [V1 Permissions]  
-[AWS Verified Access logs](https://docs.aws.amazon.com/verified-access/latest/ug/access-logs.html) | Vended logs |  Supported [V1 Permissions] |  Supported [V1 Permissions] |  Supported [V1 Permissions]  
-[ Amazon Virtual Private Cloud flow logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.html) | Vended logs |  Supported | Supported [V1 Permissions] | Supported [V1 Permissions]  
-[Amazon VPC Lattice access logs](https://docs.aws.amazon.com/vpc-lattice/latest/ug/monitoring-access-logs.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] | Supported [V1 Permissions]  
-[Amazon VPC Route Server](https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-[AWS WAF logs](https://docs.aws.amazon.com/waf/latest/developerguide/logging-destinations.html) | Vended logs | Supported [V1 Permissions] | Supported [V1 Permissions] |  Supported  
-[Amazon WorkMail audit logs](https://docs.aws.amazon.com/workmail/latest/adminguide/monitoring-audit-logging.html) | Vended logs | Supported [V2 Permissions] | Supported [V2 Permissions] | Supported [V2 Permissions]  
-  
-## Logging that requires additional permissions [V1]
-
-Some AWS services use a common infrastructure to send their logs to CloudWatch Logs, Amazon S3, or Firehose. To enable the AWS services listed in the following table to send their logs to these destinations, you must be logged in as a user that has certain permissions.
-
-Additionally, permissions must be granted to AWS to enable the logs to be sent. AWS can automatically create those permissions when the logs are set up, or you can create them yourself first before you set up the logging. For cross-account delivery, you must manually create the permission policies yourself.
-
-If you choose to have AWS automatically set up the necessary permissions and resource policies when you or someone in your organization first sets up the sending of logs, then the user who is setting up the sending of logs must have certain permissions, as explained later in this section. Alternatively, you can create the resource policies yourself, and then the users who set up the sending of logs do not need as many permissions.
-
-The following table summarizes which types of logs and which log destinations that the information in this section applies to.
-
-The following sections provide more details for each of these destinations.
-
-### Logs sent to CloudWatch Logs
-
-###### Important
-
-When you set up the log types in the following list to be sent to CloudWatch Logs, AWS creates or changes the resource policies associated with the log group receiving the logs, if needed. Continue reading this section to see the details.
-
-This section applies when the types of logs listed in the table in the preceding section are sent to CloudWatch Logs:
-
-**User permissions**
-
-To be able to set up sending any of these types of logs to CloudWatch Logs for the first time, you must be logged into an account with the following permissions.
-
-  * `logs:CreateLogDelivery`
-
-  * `logs:PutResourcePolicy`
-
-  * `logs:DescribeResourcePolicies`
-
-  * `logs:DescribeLogGroups`
-
-###### Note
-
-When you specify the `logs:DescribeLogGroups`, `logs:DescribeResourcePolicies`, or `logs:PutResourcePolicy` permission, be sure to set the ARN of its `Resource` line to use a `*` wildcard, instead of specifying only a single log group name. For example, `"Resource": "arn:aws:logs:us-east-1:111122223333:log-group:*"`
-
-
-
-
-If any of these types of logs is already being sent to a log group in CloudWatch Logs, then to set up the sending of another one of these types of logs to that same log group, you only need the `logs:CreateLogDelivery` permission.
-
-**Log group resource policy**
-
-The log group where the logs are being sent must have a resource policy that includes certain permissions. If the log group currently does not have a resource policy, and the user setting up the logging has the `logs:PutResourcePolicy`, `logs:DescribeResourcePolicies`, and `logs:DescribeLogGroups` permissions for the log group, then AWS automatically creates the following policy for it when you begin sending the logs to CloudWatch Logs.
-
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "AWSLogDeliveryWrite20150319",
-                "Effect": "Allow",
-                "Principal": {
-                    "Service": [
-                        "delivery.logs.amazonaws.com"
-                    ]
-                },
-                "Action": [
-                    "logs:CreateLogStream",
-                    "logs:PutLogEvents"
-                ],
-                "Resource": [
-                    "arn:aws:logs:us-east-1:111122223333:log-group:my-log-group:log-stream:*"
-                ],
-                "Condition": {
-                    "StringEquals": {
-                        "aws:SourceAccount": [
-                            "0123456789"
-                        ]
-                    },
-                    "ArnLike": {
-                        "aws:SourceArn": [
-                            "arn:aws:logs:us-east-1:111122223333:*"
-                        ]
-                    }
-                }
-            }
-        ]
-    }
-    
-
-If the log group does have a resource policy but that policy doesn't contain the statement shown in the previous policy, and the user setting up the logging has the `logs:PutResourcePolicy`, `logs:DescribeResourcePolicies`, and `logs:DescribeLogGroups` permissions for the log group, that statement is appended to the log group's resource policy.
-
-### Logs sent to Amazon S3
-
-When you set logs to be sent to Amazon S3, AWS creates or changes the resource policies associated with the S3 bucket that is receiving the logs, if needed.