AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-03-16 · Documentation low

File: AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md

Summary

Updated service-linked role policy to include EC2 detailed monitoring permissions and added policy update note

Security assessment

Routine update to permissions documentation for telemetry configuration capabilities, no explicit security context provided.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md b/AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md
index da8b582fc..9c86e11d6 100644
--- a//AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md
+++ b//AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md
@@ -206 +206 @@ This policy grants permissions for:
-  * Basic telemetry operations including describing VPCs, flow logs, log groups. It also includes permissions to enable logging configuration for EKS cluster logging, WAF put logging configuration, enabling NLB logs as well as Route53 Resolver query logging. 
+  * Basic telemetry operations including describing VPCs, flow logs, log groups. It also includes permissions to enable logging configuration for EKS cluster logging, WAF put logging configuration, enabling NLB logs, Route53 Resolver query logging, and Amazon EC2 detailed monitoring. 
@@ -632,0 +633 @@ Change | Description | Date
+AWSObservabilityAdminTelemetryEnablementServiceRolePolicy – Update to service-linked role policy. |  Updated information about the  AWSObservabilityAdminTelemetryEnablementServiceRolePolicy that grants CloudWatch the permissions necessary to enable and manage telemetry configurations for the additional AWS resources based on telemetry rules. | March 10, 2026