AWS AmazonCloudWatch medium security documentation change
Summary
Removed IAM policy examples for RUM event submission
Security assessment
Deleted IAM policies governed rum:PutRumEvents permissions. Removal suggests these examples might have contained insecure patterns, such as overly broad resource definitions or missing conditions, which could allow unauthorized event submission.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-get-started-authorization.md b/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-get-started-authorization.md index e19876d32..9e983d7e1 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-get-started-authorization.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-get-started-authorization.md @@ -36,19 +35,0 @@ You also must add the following permissions to the IAM policy that is attached t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "rum:PutRumEvents", - "Resource": "arn:aws:rum:[us-east-1]:[123456789012]:appmonitor/[app monitor name]" - } - ] - } - - @@ -67,18 +47,0 @@ After you configure Amazon Cognito to work with your identity provider, you also -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "rum:PutRumEvents", - "Resource": "arn:aws:rum:[US East (Ohio)]:[123456789012]:appmonitor/[app monitor name]" - } - ] - } - -