Missing resource type for CloudWatch Events

[copumpkin]

In the ARC page for CloudWatch Events, we only see one type of resource, for rule. But if you poke around CloudWatch Event Bus policies, there appears to be another "resource" for the event bus itself:

$ aws events describe-event-bus --output text --query Policy | python -mjson.tool
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "e18039e0-d668-11e8-bcd2-354ccfb68e3b1540260658302",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789012:root"
            },
            "Action": "events:PutEvents",
            "Resource": "arn:aws:events:us-east-1:123456789012:event-bus/default"
        }
    ]
}

I haven't tested how sensitive PutEvents is to the event-bus resource (i.e., will I be limited from putting events to an external account?) but it seems like it should at least be listed in the resources for CWE, and probably for the PutEvents action as well.

I was unsure whether to file this against the IAM docs repo or the CWE one, but I figured that since the ARC pages live under the IAM namespace it would make more sense to send here. If you think it belongs on the other side I can cross-post over there.

[stephswo]

The list of actions, resources, and conditions that we publish in the IAM user guide is automated based on content from each service. Thanks for letting us know that this service includes information that is not known to IAM. I will forward this information to the service's engineering team so that they can add the missing information.