AWS AmazonCloudWatch high security documentation change
Summary
Added Sid to policy statement and corrected Principal/Resource structure
Security assessment
Fixes policy structure by properly specifying Principal instead of Resource for AssumeRole, addressing a potential misconfiguration that could prevent unauthorized cross-account access
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md b/AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md index ea2404c50..1ea7752f0 100644 --- a//AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md +++ b//AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md @@ -88,0 +89 @@ JSON + "Sid": "AllowAIOpsAssumeRole", @@ -90 +91 @@ JSON - "Resource": { + "Principal": {