AWS Security ChangesHomeSearch

AWS greengrass documentation change

Service: greengrass · 2025-10-28 · Documentation low

File: greengrass/v2/developerguide/system-log-forwarder-component.md

Summary

Added IAM policy example for CloudWatch Logs permissions required by the system log forwarder component

Security assessment

The change adds documentation about required IAM permissions but does not indicate a security vulnerability fix. It improves security documentation by specifying least-privilege permissions for log forwarding operations.

Diff

diff --git a/greengrass/v2/developerguide/system-log-forwarder-component.md b/greengrass/v2/developerguide/system-log-forwarder-component.md
index 2caee1347..ad3476c95 100644
--- a//greengrass/v2/developerguide/system-log-forwarder-component.md
+++ b//greengrass/v2/developerguide/system-log-forwarder-component.md
@@ -64,0 +65,24 @@ The component requires access to create log and stream groups in CloudWatch as w
+JSON
+    
+
+****
+    
+    
+    
+    {
+        "Version":"2012-10-17",		 	 	 
+        "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": ["logs:CreateLogGroup"],
+          "Resource": "arn:aws:logs:us-east-1:111122223333:log-group:greengrass/systemLogs:*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": ["logs:CreateLogStream", "logs:PutLogEvents"],
+          "Resource": "arn:aws:logs:us-east-1:111122223333:log-group:greengrass/systemLogs:log-stream:${credentials-iot:ThingName}"
+        }
+      ]
+    }
+    
+