AWS r53recovery documentation change
Summary
Added IAM policy granting CloudWatch Logs permissions to EventBridge
Security assessment
The added policy enables logging capabilities, which supports security monitoring. However, there is no evidence this fixes an existing security flaw.
Diff
diff --git a/r53recovery/latest/dg/eventbridge-region-switch.md b/r53recovery/latest/dg/eventbridge-region-switch.md index b83f2c9db..8f0717b39 100644 --- a//r53recovery/latest/dg/eventbridge-region-switch.md +++ b//r53recovery/latest/dg/eventbridge-region-switch.md @@ -173,0 +174,20 @@ JSON + { + "Version":"2012-10-17", + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "events.amazonaws.com", + "delivery.logs.amazonaws.com" + ] + }, + "Resource": "arn:aws:logs:us-east-1:222222222222:log-group:/aws/events/*:*", + "Sid": "TrustEventsToStoreLogEvent" + } + ] + }