AWS AmazonCloudWatch documentation change
Summary
Corrected IAM permission syntax and added missing cloudwatch:PutLogAlarm permission reference.
Security assessment
Clarifies required IAM permissions (security controls) for alarm operations. Specifically adds documentation about cloudwatch:PutLogAlarm permission, improving accuracy of security feature documentation.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md b/AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md index 5f773fc09..a4c6db0ea 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md @@ -13 +13 @@ The following list explains some details about how tagging works with CloudWatch - * To be able to set or update tags for a CloudWatch resource, you must be signed on to an account that has the `cloudwatch:TagResource` permission. For example, to create an alarm and set tags for it, you must have the `cloudwatch:TagResource` permission in addition to the `the cloudwatch:PutMetricAlarm ` permission. We recommend that you make sure anyone in your organization who will create or update CloudWatch resources has the `cloudwatch:TagResource` permission. + * To be able to set or update tags for a CloudWatch resource, you must be signed on to an account that has the `cloudwatch:TagResource` permission. For example, to create an alarm and set tags for it, you must have the `cloudwatch:TagResource` permission in addition to the `cloudwatch:PutMetricAlarm` (or `cloudwatch:PutLogAlarm` for log alarms) permission. We recommend that you make sure anyone in your organization who will create or update CloudWatch resources has the `cloudwatch:TagResource` permission.