AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-04-01 · Documentation low

File: AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md

Summary

Updated pricing information for vended logs and added AWS Security Hub CSPM as a new log source that sends vended logs.

Security assessment

This change updates billing information and adds a new log source (AWS Security Hub CSPM) to the table. While Security Hub is a security service, the documentation change itself doesn't address security vulnerabilities or add security feature documentation - it's primarily administrative updates about log sources and pricing.

Diff

diff --git a/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md b/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
index 1ec591178..a762c40d1 100644
--- a//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
+++ b//AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.md
@@ -9 +9 @@ While many services publish logs only to CloudWatch Logs, some AWS services can
-Even when logs are published directly to Amazon S3 or Firehose, charges apply. For more information, see _Vended Logs_ on the **Logs** tab at [Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/).
+Even when you publish logs directly to Amazon S3 or Firehose, CloudWatch delivery charges apply. If you send logs to Amazon S3, then ``AWS_REGION`-S3-Egress-Bytes` charges appear in Cost Explorer or on your bill. If you send logs to Firehose, then ``AWS_REGION`-FH-Egress-Bytes` charges appear. For more information about vended logs pricing, see the **Logs** tab at [Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/).
@@ -76,0 +77 @@ Log source | Log type | [Logs sent to CloudWatch Logs](./AWS-logs-infrastructure
+[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) | Vended logs | [Supported [V2 Permissions]](./AWS-vended-logs-permissions-V2.html) |  |  |