AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-09-28 · Documentation low

File: AmazonCloudWatch/latest/monitoring/DocumentHistory.md

Summary

Added policy update entries and corrected links for CloudWatch managed policies (e.g., AIOpsAssistantPolicy, AWSObservabilityAdminTelemetryEnablementServiceRolePolicy)

Security assessment

The updates document changes to IAM policies governing CloudWatch permissions, which are security features. However, there is no evidence these changes address specific vulnerabilities.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/DocumentHistory.md b/AmazonCloudWatch/latest/monitoring/DocumentHistory.md
index 6c17079c5..f35417365 100644
--- a//AmazonCloudWatch/latest/monitoring/DocumentHistory.md
+++ b//AmazonCloudWatch/latest/monitoring/DocumentHistory.md
@@ -10,0 +11 @@ Change| Description| Date
+Update to AIOPsAssistantPolicy managed policy| CloudWatch updated the **AIOpsAssistantPolicy** to allow CloudWatch investigations access to additional resources to assist in queries, troubleshooting, and topology mapping. For more information, see [AIOpsAssistantPolicy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch-QInvestigations#managed-policies-QInvestigations-AIOpsAssistant).| September 24, 2025  
@@ -15 +16 @@ Removed AWS OpsWorks metrics and dimensions| AWS OpsWorks reached end-of-life an
-New AWSObservabilityAdminTelemetryEnablementServiceRolePolicy policy| CloudWatch added the **AWSObservabilityAdminTelemetryEnablementServiceRolePolicy** that grants CloudWatch the permissions necessary to enable and manage telemetry configurations for AWS resources based on telemetry rules. For more information, see [AWSObservabilityAdminTelemetryEnablementServiceRolePolicy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#service-linked-role-telemetry-enablement).| July 17, 2025  
+New AWSObservabilityAdminTelemetryEnablementServiceRolePolicy policy| CloudWatch added the **AWSObservabilityAdminTelemetryEnablementServiceRolePolicy** that grants CloudWatch the permissions necessary to enable and manage telemetry configurations for AWS resources based on telemetry rules. For more information, see [AWSObservabilityAdminTelemetryEnablementServiceRolePolicy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-service-linked-roles.html#service-linked-role-telemetry-enablement).| July 17, 2025  
@@ -17,4 +18,4 @@ Gen AI observability| With CloudWatch, you can observe generative AI workloads,
-AIOpsReadOnlyAccess policy updated| CloudWatch updated the **AIOpsReadOnlyAccess** policy to permit validation of investigation groups across accounts. For more information, see [AIOpsReadOnlyAccess policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-QInvestigations-AIOpsReadOnlyAccess).| June 23, 2025  
-Updated AIOpsConsoleAdminPolicy policy| CloudWatch updated the AIOpsConsoleAdminPolicy policy to permit validation of investigation groups across accounts. For more information, see [AIOpsConsoleAdminPolicy policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-QInvestigations-AIOpsConsoleAdminPolicy).| June 13, 2025  
-Updated AIOpsAssistantPolicy policy| CloudWatch updated the AIOpsAssistantPolicy policy to provide additional IAM permissions. For more information, see [AIOpsConsoleAdminPolicy policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-QInvestigations-AIOpsAssistantPolicy).| June 13, 2025  
-Update managed policy| CloudWatch updated the **AIOpsOperatorAccess** policy to permit validation of investigation groups across accounts. For more information, see [AIOpsOperatorAccess](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/managed-policies-QInvestigations-AIOpsOperatorAccess.html).| June 13, 2025  
+AIOpsReadOnlyAccess policy updated| CloudWatch updated the **AIOpsReadOnlyAccess** policy to permit validation of investigation groups across accounts. For more information, see [AIOpsReadOnlyAccess policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch-QInvestigations.html#managed-policies-QInvestigations-AIOpsReadOnlyAccess).| June 23, 2025  
+Updated AIOpsConsoleAdminPolicy policy| CloudWatch updated the AIOpsConsoleAdminPolicy policy to permit validation of investigation groups across accounts. For more information, see [AIOpsConsoleAdminPolicy policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch-QInvestigations.html#managed-policies-QInvestigations-AIOpsConsoleAdminPolicy).| June 13, 2025  
+Updated AIOpsAssistantPolicy policy| CloudWatch updated the AIOpsAssistantPolicy policy to provide additional IAM permissions. For more information, see [AIOpsConsoleAdminPolicy policy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch-QInvestigations.html#managed-policies-QInvestigations-AIOpsAssistant).| June 13, 2025  
+Update managed policy| CloudWatch updated the **AIOpsOperatorAccess** policy to permit validation of investigation groups across accounts. For more information, see [AIOpsOperatorAccess](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch-QInvestigations.html#managed-policies-QInvestigations-AIOpsOperatorAccess.html).| June 13, 2025