AWS AWSCloudFormation documentation change
Summary
Clarified IAM policy requirements for cross-account log delivery
Security assessment
Documents IAM policy requirements for secure cross-account log delivery, improving security guidance. No specific vulnerability addressed.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md index c844dbe44..4115f650b 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md @@ -9 +9 @@ This is the new _AWS CloudFormation Template Reference Guide_. Please update you -The `DestinationPolicy` property type specifies Property description not available. for an [AWS::Logs::DeliveryDestination](./aws-resource-logs-deliverydestination.html). +An IAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account. @@ -36 +36 @@ To declare this entity in your AWS CloudFormation template, use the following sy -Property description not available. +A name for an existing destination. @@ -51 +51 @@ _Required_ : No -Property description not available. +Creates or updates an access policy associated with an existing destination. An access policy is an [IAM policy document](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) that is used to authorize claims to register a subscription filter against a given destination.