AWS AmazonCloudWatch documentation change
Summary
Added documentation for new 'ProcessWithPipeline' IAM permission
Security assessment
Documents a new IAM permission required for log processing pipelines, which is a security feature controlling access to data transformation. No evidence of addressing a vulnerability. Security impact: Improves security documentation by clarifying permission requirements for sensitive log processing operations.
Diff
diff --git a/AmazonCloudWatch/latest/logs/permissions-reference-cwl.md b/AmazonCloudWatch/latest/logs/permissions-reference-cwl.md index bdeff6355..cfd2f2fde 100644 --- a//AmazonCloudWatch/latest/logs/permissions-reference-cwl.md +++ b//AmazonCloudWatch/latest/logs/permissions-reference-cwl.md @@ -49,0 +50 @@ ListLogGroupsForEntity (CloudWatch console-only permission) | `logs:ListLogGrou +ProcessWithPipeline (permission only) | `logs:ProcessWithPipeline` Required to process and transform log events through pipeline transformers before storage. This permission must be granted on the IAM role passed as the CloudWatch Logs source role in a pipeline configuration. The resource is the log group ARN.