AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-10-01 · Documentation low

File: AmazonCloudWatch/latest/monitoring/CloudWatch-Transaction-Search-getting-started.md

Summary

Added CloudTrail CreateServiceLinkedChannel permission to required IAM policy

Security assessment

Added documentation for required CloudTrail permissions to enable service integration. While CloudTrail is security-related, there is no evidence this addresses a specific vulnerability. The change enhances documentation about required security permissions for monitoring features.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch-Transaction-Search-getting-started.md b/AmazonCloudWatch/latest/monitoring/CloudWatch-Transaction-Search-getting-started.md
index 6c5e716b3..dc2053ced 100644
--- a//AmazonCloudWatch/latest/monitoring/CloudWatch-Transaction-Search-getting-started.md
+++ b//AmazonCloudWatch/latest/monitoring/CloudWatch-Transaction-Search-getting-started.md
@@ -26,6 +25,0 @@ Before you can enable Transaction Search, you must create a role with the follow
-JSON
-    
-
-****
-    
-    
@@ -94 +88,9 @@ JSON
-          "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals"
+          "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals",
+        }
+        {
+            "Sid": "CloudWatchApplicationSignalsCloudTrailPermissions",
+            "Effect": "Allow",
+            "Action": [
+                "cloudtrail:CreateServiceLinkedChannel"
+            ],
+            "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/application-signals/*"