AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-02-13 · Documentation low

File: AmazonCloudWatch/latest/monitoring/Start-Investigation-Alarm.md

Summary

Added prerequisites section for resource policy configuration, rephrased procedural steps for clarity, fixed typos, and updated related topics

Security assessment

The change adds documentation about required resource policies to allow CloudWatch service principal access, which is a security feature configuration. However, there is no evidence this addresses a specific vulnerability or security incident. The policy addition is a standard setup requirement.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/Start-Investigation-Alarm.md b/AmazonCloudWatch/latest/monitoring/Start-Investigation-Alarm.md
index f324c4bb7..44efad489 100644
--- a//AmazonCloudWatch/latest/monitoring/Start-Investigation-Alarm.md
+++ b//AmazonCloudWatch/latest/monitoring/Start-Investigation-Alarm.md
@@ -4,0 +5,2 @@
+Prerequisites
+
@@ -10,0 +13,13 @@ For more information about CloudWatch investigations, see [CloudWatch investigat
+## Prerequisites
+
+Before you can start a CloudWatch investigations from a CloudWatch alarm, you must create a resource policy for the function to allow the CloudWatch service principal to start the investigation. To do this using the AWS CLI, use a command similar to the following example:
+    
+    
+    aws aiops put-investigation-group-policy \
+        --identifier arn:aws:aiops:us-east-1:111122223333:investigation-group/investigation_group_id \
+        --policy "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"aiops.alarms.cloudwatch.amazonaws.com\"},\"Action\":[\"aiops:CreateInvestigation\",\"aiops:CreateInvestigationEvent\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"111122223333\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:cloudwatch:us-east-1:111122223333:alarm:*\"}}}]}" \
+        --region eu-north-1
+            
+
+Replace the example values with your own AWS account ID, region, and investigation group ID.
+
@@ -25 +40 @@ For more information about CloudWatch investigations, see [CloudWatch investigat
-The CloudWatch investigations assistant starts. It scans your telemetry data to find data that might be associated with this situation.
+The CloudWatch investigations assistant starts and scans your telemetry data to find data that might be associated with this situation.
@@ -31 +46 @@ The **Findings** section displays a natural-language summary of the alarm's stat
-  8. (Optional) In the graph of the alarm, you can right-click and then choose to deep-dive into the alarm or the metric that it watches.
+  8. (Optional) In the graph of the alarm, right-click and choose to deep-dive into the alarm or the metric that it watches.
@@ -35,7 +50 @@ The **Findings** section displays a natural-language summary of the alarm's stat
-You see a list of other telemetry that CloudWatch investigations has discovered and that might be relevant to the investigation. These findings can include other metrics and CloudWatch Logs Insights query results. CloudWatch investigations ran these queries based on the alarm.
-
-     * For each finding, you can choose **Add to findings** or **Discard**. 
-
-When you choose **Add to findings** , the telemetry is added to the **Findings** section, and CloudWatch investigations uses this information to direct it's further scanning and suggestions.
-
-     * For a CloudWatch Logs Insights query result, to change or edit the query and re-run it, you can open the context (right-click) menu for by the results, and then choose **Open in Logs Insights**. For more information, see [Analyzing log data with CloudWatch Logs Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html).
+A list of other telemetry that CloudWatch investigations has discovered and that might be relevant to the investigation appears. These findings can include other metrics and CloudWatch Logs Insights query results. CloudWatch investigations ran these queries based on the alarm.
@@ -43 +52 @@ When you choose **Add to findings** , the telemetry is added to the **Findings**
-If you want to run a different query, when you get to the Logs Insights page you can choose to use query assist to be able to use natural language to form a query. For more information, see [Use natural language to generate and update CloudWatch Logs Insights queries](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Assist.html).
+     * For each finding, choose **Add to findings** or **Discard**. 
@@ -45 +54 @@ If you want to run a different query, when you get to the Logs Insights page you
-     * (Optional) If you know of telemetry in another AWS service that might apply to this investigation, you can go to that service's console and add the telemetry to the investigation. For example, to add a Lambda metric to the investigation, you can do the following:
+When you choose **Add to findings** , the telemetry is added to the **Findings** section, and CloudWatch investigations uses this information to direct its further scanning and suggestions.
@@ -47 +56 @@ If you want to run a different query, when you get to the Logs Insights page you
-       1. Open the Lambda console.
+     * For a CloudWatch Logs Insights query result, to change or edit the query and re-run it, open the context (right-click) menu for the results, and then choose **Open in Logs Insights**. For more information, see [Analyzing log data with CloudWatch Logs Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html).
@@ -49 +58 @@ If you want to run a different query, when you get to the Logs Insights page you
-       2. In the **Monitor** section, find the metric.
+To run a different query, when you get to the Logs Insights page, choose to use query assist to form a query using natural language. For more information, see [Use natural language to generate and update CloudWatch Logs Insights queries](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Insights-Query-Assist.html).
@@ -51 +60 @@ If you want to run a different query, when you get to the Logs Insights page you
-       3. Open the context menu for the metric, choose **Investigate** , **Add to investigation** Then, in the **Investigate** pane, select the name of the investigation.
+     * (Optional) If you know of telemetry in another AWS service that might apply to this investigation, go to that service's console and add the telemetry to the investigation. 
@@ -55 +64 @@ If you want to run a different query, when you get to the Logs Insights page you
-For each hyypotheses, you can choose **Add to findings** or **Discard**.
+For each hypothesis, choose **Add to findings** or **Discard**.
@@ -57 +66 @@ For each hyypotheses, you can choose **Add to findings** or **Discard**.
-  11. When you think you have completed the investigation and found the root cause of the issue, you can choose the **Overview** tab and then choose **Investigation summary**. CloudWatch investigations then creates a natural-language summary of the important findings and hypotheses from the investigation.
+  11. When you think you have completed the investigation and found the root cause of the issue, choose the **Overview** tab and then choose **Investigation summary**. CloudWatch investigations then creates a natural-language summary of the important findings and hypotheses from the investigation.
@@ -70 +79 @@ Invoke a Lambda function from an alarm
-Alarm events and EventBridge
+Stop, terminate, reboot, or recover an EC2 instance