AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-08-22 · Documentation medium

File: AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md

Summary

Clarified IAM policy requirements for cross-account log delivery

Security assessment

Documents IAM policy requirements for secure cross-account log delivery, improving security guidance. No specific vulnerability addressed.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md
index c844dbe44..4115f650b 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-logs-deliverydestination-destinationpolicy.md
@@ -9 +9 @@ This is the new _AWS CloudFormation Template Reference Guide_. Please update you
-The `DestinationPolicy` property type specifies Property description not available. for an [AWS::Logs::DeliveryDestination](./aws-resource-logs-deliverydestination.html).
+An IAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account.
@@ -36 +36 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-Property description not available.
+A name for an existing destination.
@@ -51 +51 @@ _Required_ : No
-Property description not available.
+Creates or updates an access policy associated with an existing destination. An access policy is an [IAM policy document](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) that is used to authorize claims to register a subscription filter against a given destination.