AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-06-04 · Documentation low

File: AmazonCloudWatch/latest/monitoring/nw-monitor-how-it-works.md

Summary

Specified TCP source port range (1024-65535) and added firewall configuration guidance.

Security assessment

Adds network security documentation for firewall configuration but doesn't address a specific vulnerability. Proactive guidance to prevent monitoring failures.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/nw-monitor-how-it-works.md b/AmazonCloudWatch/latest/monitoring/nw-monitor-how-it-works.md
index aeaa05702..8407da80b 100644
--- a//AmazonCloudWatch/latest/monitoring/nw-monitor-how-it-works.md
+++ b//AmazonCloudWatch/latest/monitoring/nw-monitor-how-it-works.md
@@ -55 +55 @@ ICMP-based probes carry ICMP echo requests from your AWS hosted resources to the
-TCP-based probes carry TCP SYN packets from your AWS hosted resources to the destination address and port, and expect a TCP SYN+ACK packet in response. Network Synthetic Monitor uses the information on the TCP SYN and TCP SYN+ACK messages to calculate round-trip time and packet loss metrics. Network Synthetic Monitor periodically switches source TCP ports to increase network coverage, which increases the probability of detecting packet loss. 
+TCP-based probes carry TCP SYN packets from your AWS hosted resources to the destination address and port, and expect a TCP SYN+ACK packet in response. Network Synthetic Monitor uses the information on the TCP SYN and TCP SYN+ACK messages to calculate round-trip time and packet loss metrics. Network Synthetic Monitor periodically switches source TCP ports (using ports in the range 1024–65535) to increase network coverage, which increases the probability of detecting packet loss. Ensure that your firewall rules allow TCP traffic from this entire source port range to the configured destination port.