AWS Security ChangesHomeSearch

AWS AmazonCloudWatch high security documentation change

Service: AmazonCloudWatch · 2025-08-13 · Security-related high

File: AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md

Summary

Added Sid to policy statement and corrected Principal/Resource structure

Security assessment

Fixes policy structure by properly specifying Principal instead of Resource for AssumeRole, addressing a potential misconfiguration that could prevent unauthorized cross-account access

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md b/AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md
index ea2404c50..1ea7752f0 100644
--- a//AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md
+++ b//AmazonCloudWatch/latest/monitoring/Investigations-cross-account.md
@@ -88,0 +89 @@ JSON
+                        "Sid": "AllowAIOpsAssumeRole",
@@ -90 +91 @@ JSON
-                        "Resource": {
+                        "Principal": {