AWS Security ChangesHomeSearch

AWS vpc documentation change

Service: vpc · 2025-12-10 · Documentation medium

File: vpc/latest/userguide/flow-logs-firehose-create-flow-log.md

Summary

Added required IAM permissions policy for creating flow logs to Firehose

Security assessment

Documents necessary IAM permissions (logs:CreateLogDelivery, iam:CreateServiceLinkedRole etc.) for secure configuration. No vulnerability fix.

Diff

diff --git a/vpc/latest/userguide/flow-logs-firehose-create-flow-log.md b/vpc/latest/userguide/flow-logs-firehose-create-flow-log.md
index 279db450c..7b2bba558 100644
--- a//vpc/latest/userguide/flow-logs-firehose-create-flow-log.md
+++ b//vpc/latest/userguide/flow-logs-firehose-create-flow-log.md
@@ -12,0 +13,25 @@ You can create flow logs for your VPCs, subnets, or network interfaces.
+  * The account creating the flow log must be using an IAM role that grants the following permissions to publish flow logs to Amazon Data Firehose. 
+
+JSON
+    
+
+****
+    
+    
+        {
+        "Version":"2012-10-17",		 	 	 
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "logs:CreateLogDelivery",
+                    "logs:DeleteLogDelivery",
+                    "iam:CreateServiceLinkedRole",
+                    "firehose:TagDeliveryStream"
+                ],
+                "Resource": "*"
+            }
+        ]
+    } 
+    
+