AWS Security ChangesHomeSearch

AWS r53recovery documentation change

Service: r53recovery · 2025-10-25 · Documentation low

File: r53recovery/latest/dg/eventbridge-region-switch.md

Summary

Added IAM policy granting CloudWatch Logs permissions to EventBridge

Security assessment

The added policy enables logging capabilities, which supports security monitoring. However, there is no evidence this fixes an existing security flaw.

Diff

diff --git a/r53recovery/latest/dg/eventbridge-region-switch.md b/r53recovery/latest/dg/eventbridge-region-switch.md
index b83f2c9db..8f0717b39 100644
--- a//r53recovery/latest/dg/eventbridge-region-switch.md
+++ b//r53recovery/latest/dg/eventbridge-region-switch.md
@@ -173,0 +174,20 @@ JSON
+    {
+      "Version":"2012-10-17",		 	 	 
+      "Statement": [
+        {
+          "Action": [
+            "logs:CreateLogStream",
+            "logs:PutLogEvents"
+          ],
+          "Effect": "Allow",
+          "Principal": {
+            "Service": [
+              "events.amazonaws.com",
+              "delivery.logs.amazonaws.com"
+            ]
+          },
+          "Resource": "arn:aws:logs:us-east-1:222222222222:log-group:/aws/events/*:*",
+          "Sid": "TrustEventsToStoreLogEvent"
+        }
+      ]
+    }