AWS AmazonElastiCache documentation change
Summary
Removed JSON IAM policy example that showed permissions required for configuring ElastiCache logging to CloudWatch Logs
Security assessment
The removed policy example contained standard logging permissions without any evident security vulnerabilities. The change appears to be documentation cleanup rather than addressing a specific security issue. No concrete evidence of security remediation in the diff.
Diff
diff --git a/AmazonElastiCache/latest/dg/Logging-destinations.md b/AmazonElastiCache/latest/dg/Logging-destinations.md index 2dc7f7be7..aa4b863d6 100644 --- a//AmazonElastiCache/latest/dg/Logging-destinations.md +++ b//AmazonElastiCache/latest/dg/Logging-destinations.md @@ -94,44 +93,0 @@ You must have the following permissions to configure ElastiCache to send logs to -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries" - ], - "Resource": [ - "*" - ], - "Effect": "Allow", - "Sid": "ElastiCacheLogging" - }, - { - "Sid": "ElastiCacheLoggingFHSLR", - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Resource": "*", - "Effect": "Allow" - }, - { - "Sid": "ElastiCacheLoggingFH", - "Action": [ - "firehose:TagDeliveryStream" - ], - "Resource": "Amazon Kinesis Data Firehose delivery stream ARN", - "Effect": "Allow" - } - ] - } - -