AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-06-25 · Documentation low

File: AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md

Summary

Corrected permission reference in tagging documentation by removing outdated log alarm permission and fixing syntax around PutMetricAlarm permission.

Security assessment

The change involves documentation cleanup of IAM permissions with no mention of vulnerabilities, exploits, or security incidents. It updates syntax but doesn't introduce new security content.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md b/AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md
index a4c6db0ea..5f773fc09 100644
--- a//AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md
+++ b//AmazonCloudWatch/latest/monitoring/CloudWatch_alarms_and_tagging.md
@@ -13 +13 @@ The following list explains some details about how tagging works with CloudWatch
-  * To be able to set or update tags for a CloudWatch resource, you must be signed on to an account that has the `cloudwatch:TagResource` permission. For example, to create an alarm and set tags for it, you must have the `cloudwatch:TagResource` permission in addition to the `cloudwatch:PutMetricAlarm` (or `cloudwatch:PutLogAlarm` for log alarms) permission. We recommend that you make sure anyone in your organization who will create or update CloudWatch resources has the `cloudwatch:TagResource` permission.
+  * To be able to set or update tags for a CloudWatch resource, you must be signed on to an account that has the `cloudwatch:TagResource` permission. For example, to create an alarm and set tags for it, you must have the `cloudwatch:TagResource` permission in addition to the `the cloudwatch:PutMetricAlarm ` permission. We recommend that you make sure anyone in your organization who will create or update CloudWatch resources has the `cloudwatch:TagResource` permission.