AWS AmazonCloudWatch documentation change
Summary
Updated managed IAM policies (CloudWatchReadOnlyAccess, AIOpsOperatorAccess) and added AIOpsAssistantIncidentReportPolicy to support incident reporting features in CloudWatch investigations. Expanded permissions for observability administration and incident report generation.
Security assessment
Changes involve IAM policy updates and new incident reporting capabilities, which relate to access control and operational security practices. However, there is no explicit mention of addressing a specific vulnerability or security incident. The updates document security-related features (permission management and incident handling) rather than patching vulnerabilities.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/DocumentHistory.md b/AmazonCloudWatch/latest/monitoring/DocumentHistory.md index d019f9c54..a203f7a84 100644 --- a//AmazonCloudWatch/latest/monitoring/DocumentHistory.md +++ b//AmazonCloudWatch/latest/monitoring/DocumentHistory.md @@ -11 +11,5 @@ Change| Description| Date -Updated CloudWatchReadOnlyAccess policy| CloudWatch updated [CloudWatchReadOnlyAccess](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-cloudwatch-CloudWatchReadOnlyAccess) to include CloudTrail and Service Quotas permissions to support top observations and change indicators functionality within Application Signals. | October 8, 2025 +Updated CloudWatchReadOnlyAccess Policy with observability administration permissions| CloudWatch updated the **CloudWatchReadOnlyAccess** managed policy to include observability administration permissions. These permissions provide read-only access to telemetry rules, centralization configurations, and resource telemetry data across AWS Organizations. For more information, see [CloudWatchReadOnlyAccess](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-cloudwatch-CloudWatchReadOnlyAccess).| October 10, 2025 +CloudWatch updated AIOpsOperatorAccess managed policy with incident report permissions| CloudWatch updated the **AIOpsOperatorAccess** managed policy to include incident report generation permissions. These permissions allow users to create and manage incident reports and work with AI-derived facts in CloudWatch investigations. For more information, see [AIOpsOperatorAccess](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-QInvestigations-AIOpsOperatorAccess).| October 10, 2025 +CloudWatch investigations added incident reports| CloudWatch updated CloudWatch investigations to provide incident reporting. These AI-generated reports capture investigation findings, root causes, timeline events, and recommended corrective actions in a structured format. For more information see, [Generate incident reports](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations-Incident-Reports.html).| October 10, 2025 +CloudWatch added AIOpsAssistantIncidentReportPolicy managed policy to support CloudWatch investigations AI-generated incident reports| CloudWatch added the **AIOpsAssistantIncidentReportPolicy** managed policy to enable CloudWatch investigations to generate incident reports from investigation data. This policy provides permissions to access investigations, create and manage reports, and work with AI-derived facts that form the foundation of incident documentation. For more information, see [AIOpsAssistantIncidentReportPolicy](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-QInvestigations-AIOpsAssistantIncidentReportPolicy).| October 10, 2025 +Updated CloudWatchReadOnlyAccess policy with CloudTrail and Service Quotas permissions| CloudWatch updated [CloudWatchReadOnlyAccess](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-cloudwatch-CloudWatchReadOnlyAccess) to include CloudTrail and Service Quotas permissions to support top observations and change indicators functionality within Application Signals. | October 8, 2025