AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-05-22 · Documentation low

File: AmazonCloudWatch/latest/logs/permissions-reference-cwl.md

Summary

Added documentation for new 'ProcessWithPipeline' IAM permission

Security assessment

Documents a new IAM permission required for log processing pipelines, which is a security feature controlling access to data transformation. No evidence of addressing a vulnerability. Security impact: Improves security documentation by clarifying permission requirements for sensitive log processing operations.

Diff

diff --git a/AmazonCloudWatch/latest/logs/permissions-reference-cwl.md b/AmazonCloudWatch/latest/logs/permissions-reference-cwl.md
index bdeff6355..cfd2f2fde 100644
--- a//AmazonCloudWatch/latest/logs/permissions-reference-cwl.md
+++ b//AmazonCloudWatch/latest/logs/permissions-reference-cwl.md
@@ -49,0 +50 @@ ListLogGroupsForEntity (CloudWatch console-only permission) |  `logs:ListLogGrou
+ProcessWithPipeline (permission only) |  `logs:ProcessWithPipeline` Required to process and transform log events through pipeline transformers before storage. This permission must be granted on the IAM role passed as the CloudWatch Logs source role in a pipeline configuration. The resource is the log group ARN.