AWS lambda documentation change
Summary
Updated policy description to include CloudWatch Logs permissions and added changelog entry for the policy update.
Security assessment
Documents expanded permissions for security logging features but doesn't address any specific security vulnerability. The logging capabilities enhance security posture by enabling better monitoring.
Diff
diff --git a/lambda/latest/dg/security-iam-awsmanpol.md b/lambda/latest/dg/security-iam-awsmanpol.md index af602ddbe..6b6055a51 100644 --- a//lambda/latest/dg/security-iam-awsmanpol.md +++ b//lambda/latest/dg/security-iam-awsmanpol.md @@ -217 +217 @@ For more information about this policy, including the JSON policy document and p -This policy enables automated Amazon Elastic Compute Cloud instance management for Lambda capacity providers. It grants permissions to the Lambda scaler service to perform instance lifecycle operations on your behalf. +This policy enables automated Amazon Elastic Compute Cloud instance management and Amazon CloudWatch logging for Lambda capacity providers. It grants permissions to Lambda to perform instance lifecycle operations and write logs on your behalf. @@ -246,0 +247,4 @@ This policy includes the following permissions: + * `logs:CreateLogGroup` – Allows Lambda to create CloudWatch Logs log groups. + + * `logs:CreateLogStream` and `logs:PutLogEvents` – Allows Lambda to create log streams and write log events to CloudWatch Logs. + @@ -272,0 +277 @@ Change | Description | Date +[AWSLambdaManagedEC2ResourceOperator](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSLambdaManagedEC2ResourceOperator.html) – Change | Lambda updated the `AWSLambdaManagedEC2ResourceOperator` policy to allow the `logs:CreateLogGroup`, `logs:CreateLogStream`, and `logs:PutLogEvents` actions. These permissions enable Lambda to write logs to CloudWatch Logs. | June 10, 2026