AWS AmazonCloudWatch medium security documentation change
Summary
Removed an example resource policy with IP-based access controls
Security assessment
The deleted policy demonstrated IP restriction patterns for RUM data collection. Its removal likely addresses risks of exposing insecure example IP filtering logic that could be misconfigured to allow unintended access.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-resource-policies.md b/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-resource-policies.md index f97bc00fa..da92bd708 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-resource-policies.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-resource-policies.md @@ -47,31 +46,0 @@ You can modify the policy to block specified source IP addresses by using the `a -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "rum:PutRumEvents", - "Resource": "arn:aws:rum:us-east-1:accountID:appmonitor/app monitor name", - "Principal": "*" - }, - { - "Effect": "Deny", - "Action": "rum:PutRumEvents", - "Resource": "arn:aws:rum:us-east-1:123456789012:appmonitor/app monitor name", - "Principal": "*", - "Condition": { - "NotIpAddress": { - "aws:SourceIp": "************" - } - } - } - ] - } - -