AWS AmazonCloudWatch documentation change
Summary
Updated service-linked role documentation: Added same clarification about role creation behavior in Organizations as in telemetry-config-turn-on.md
Security assessment
Duplicate clarification of role creation behavior across accounts. No security vulnerability fix or new security feature documentation—only operational detail refinement.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md b/AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md index 0275cb1ed..7d3f04b3c 100644 --- a//AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md +++ b//AmazonCloudWatch/latest/monitoring/using-service-linked-roles.md @@ -53 +53 @@ The **ServiceRoleForCloudWatchCrossAccountV2** service role permissions policy a -CloudWatch observability admin creates and uses a service-linked role named **AWSServiceRoleForObservabilityAdmin** – CloudWatch uses this service-linked role to support resource and telemetry config discovery for AWS Organizations. The role is created in all member accounts of the Organization. +CloudWatch observability admin creates and uses a service-linked role named **AWSServiceRoleForObservabilityAdmin** – CloudWatch uses this service-linked role to support resource and telemetry config discovery for AWS Organizations. When a management account creates an organization-level rule, the service-linked role is automatically created in all member accounts and the delegated administrator account in the organization. However, when a delegated administrator account creates an organization-level rule, the service-linked role is automatically created in all member accounts but is _not_ automatically created in the management account. If a delegated administrator account creates the organization-level rule, you must manually create the service-linked role in the management account.