AWS eventbridge documentation change
Summary
Removed an example IAM policy for CloudWatch Logs permissions
Security assessment
The removal of an example policy does not inherently address a security issue. While it could impact configuration accuracy, there is no evidence of a specific vulnerability being resolved.
Diff
diff --git a/eventbridge/latest/userguide/eb-use-resource-based.md b/eventbridge/latest/userguide/eb-use-resource-based.md index 084378826..a50bae60d 100644 --- a//eventbridge/latest/userguide/eb-use-resource-based.md +++ b//eventbridge/latest/userguide/eb-use-resource-based.md @@ -69,32 +68,0 @@ If you use the AWS Management Console to add CloudWatch Logs as the target of a -The following example allows EventBridge to write to all log groups that have names that start with `/aws/events/`. If you use a different naming policy for these types of logs, adjust the example accordingly. - -JSON - - -**** - - - - { - "Version":"2012-10-17", - - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "events.amazonaws.com", - "delivery.logs.amazonaws.com" - ] - }, - "Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/events/*:*", - "Sid": "TrustEventsToStoreLogEvent" - } - ] - } - -