AWS AmazonCloudWatch documentation change
Summary
Added section detailing Database Insights permissions requirements
Security assessment
Clarifies IAM policy requirements for security configurations but does not fix a known vulnerability. Improves documentation of security controls for monitoring features.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/Investigations-Security.md b/AmazonCloudWatch/latest/monitoring/Investigations-Security.md index 7dbfb0947..59d4cb26a 100644 --- a//AmazonCloudWatch/latest/monitoring/Investigations-Security.md +++ b//AmazonCloudWatch/latest/monitoring/Investigations-Security.md @@ -38,0 +39,6 @@ We recommend that you use three IAM principals, granting one of them the **AIOps +### Additional permissions for Database Insights + +To use Database Insights capabilities during investigations, you must attach the `AmazonRDSPerformanceInsightsFullAccess` managed policy to the IAM role or user that you use to perform investigations. CloudWatch investigations requires these permissions to create and access performance analysis reports for your Amazon RDS database instances. + +To attach this policy, use the IAM console to add the `AmazonRDSPerformanceInsightsFullAccess` managed policy to your investigation principal. For more information about this managed policy and its permissions, see [AmazonRDSPerformanceInsightsFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRDSPerformanceInsightsFullAccess.html). +