AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-06-19 · Documentation medium

File: AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.md

Summary

Added new 'Queries for resource tags' section with filtering/stats examples using @aws.tag fields

Security assessment

New examples demonstrate security-relevant log filtering using resource tags (e.g., env=production, team ownership), enhancing security auditing capabilities without addressing specific vulnerabilities.

Diff

diff --git a/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.md b/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.md
index 462cf156f..ea69c141a 100644
--- a//AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.md
+++ b//AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.md
@@ -7 +7 @@
-General queriesQueries for Lambda logsQueries for Amazon VPC flow logsQueries for Route 53 logsQueries for CloudTrail logsQueries for Amazon API GatewayQueries for NAT gatewayQueries for Apache server logsQueries for Amazon EventBridgeExamples of the parse command
+General queriesQueries for Lambda logsQueries for Amazon VPC flow logsQueries for Route 53 logsQueries for CloudTrail logsQueries for Amazon API GatewayQueries for NAT gatewayQueries for Apache server logsQueries for Amazon EventBridgeQueries for resource tagsExamples of the parse command
@@ -34,0 +35,2 @@ For more information about query syntax, see [CloudWatch Logs Insights language
+  * Queries for resource tags
+
@@ -320,0 +323,17 @@ Get the number of EventBridge events grouped by event detail type
+## Queries for resource tags
+
+**Filter logs by a resource tag value.**
+    
+    
+    filter @aws.tag.env = "production"
+
+**Filter by a tag key that contains special characters.**
+    
+    
+    filter @`aws.tag.aws:cloudformation:stack-name` = "my-stack"
+
+**Get a count of log events grouped by a tag value.**
+    
+    
+    stats count(*) by @aws.tag.team
+