AWS AmazonCloudWatch documentation change
Summary
Added EC2 describe permissions to Network Flow Monitor policy for VPC endpoint topology snapshots
Security assessment
Expands monitoring capabilities documentation but doesn't address specific vulnerabilities
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md b/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md index b94f11796..903f36010 100644 --- a//AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md +++ b//AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md @@ -57,0 +58 @@ CloudWatchReadOnlyAccess – Updated policy | CloudWatch added permissions to * +CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy – Updated policy | CloudWatch added the `ec2:DescribeVpcEndpoints` and `ec2:DescribeVpcEndpointServiceConfigurations` permissions to the **CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy** managed policy to grant permissions for Network Flow Monitor to generate topology snapshots of VPC enpoints. | December 08, 2025