AWS Security ChangesHomeSearch

AWS lambda documentation change

Service: lambda · 2026-06-13 · Documentation medium

File: lambda/latest/dg/lambda-managed-instances-operator-role.md

Summary

Added CloudWatch Logs permissions (CreateLogGroup, CreateLogStream, PutLogEvents) to the operator role policy for Lambda-managed instances.

Security assessment

Enables logging capabilities which improve security monitoring and auditing, but doesn't address a specific vulnerability.

Diff

diff --git a/lambda/latest/dg/lambda-managed-instances-operator-role.md b/lambda/latest/dg/lambda-managed-instances-operator-role.md
index 6cd7100db..16aa693b0 100644
--- a//lambda/latest/dg/lambda-managed-instances-operator-role.md
+++ b//lambda/latest/dg/lambda-managed-instances-operator-role.md
@@ -90,0 +91,15 @@ The operator role needs permissions to manage capacity providers and the underly
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "logs:CreateLogGroup"
+          ],
+          "Resource": "arn:aws:logs:*:*:log-group:*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "logs:CreateLogStream",
+            "logs:PutLogEvents"
+          ],
+          "Resource": "arn:aws:logs:*:*:log-group:*:log-stream:*"