AWS lambda documentation change
Summary
Added CloudWatch Logs permissions (CreateLogGroup, CreateLogStream, PutLogEvents) to the operator role policy for Lambda-managed instances.
Security assessment
Enables logging capabilities which improve security monitoring and auditing, but doesn't address a specific vulnerability.
Diff
diff --git a/lambda/latest/dg/lambda-managed-instances-operator-role.md b/lambda/latest/dg/lambda-managed-instances-operator-role.md index 6cd7100db..16aa693b0 100644 --- a//lambda/latest/dg/lambda-managed-instances-operator-role.md +++ b//lambda/latest/dg/lambda-managed-instances-operator-role.md @@ -90,0 +91,15 @@ The operator role needs permissions to manage capacity providers and the underly + }, + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogGroup" + ], + "Resource": "arn:aws:logs:*:*:log-group:*" + }, + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:log-group:*:log-stream:*"