diff --git a/.latest-tag-aws-sdk-go b/.latest-tag-aws-sdk-go
index b0786476..3c81a4b3 100644
--- a/.latest-tag-aws-sdk-go
+++ b/.latest-tag-aws-sdk-go
@@ -1 +1 @@
-v1.49.17
+v1.49.18
diff --git a/src/aws_cloudwatch_logs.erl b/src/aws_cloudwatch_logs.erl
index 6d2c31e6..4da95d35 100644
--- a/src/aws_cloudwatch_logs.erl
+++ b/src/aws_cloudwatch_logs.erl
@@ -448,9 +448,21 @@ create_log_stream(Client, Input, Options)
%% @doc Deletes a CloudWatch Logs account policy.
%%
-%% To use this operation, you must be signed on with the
+%% This stops the policy from applying to all log groups or a subset of log
+%% groups in the account. Log-group level policies will still be in effect.
+%%
+%% To use this operation, you must be signed on with the correct permissions
+%% depending on the type of policy that you are deleting.
+%%
+%% - To delete a data protection policy, you must have the
%% `logs:DeleteDataProtectionPolicy' and `logs:DeleteAccountPolicy'
%% permissions.
+%%
+%%
- To delete a subscription filter policy, you must have the
+%% `logs:DeleteSubscriptionFilter' and `logs:DeleteAccountPolicy'
+%% permissions.
+%%
+%%
delete_account_policy(Client, Input)
when is_map(Client), is_map(Input) ->
delete_account_policy(Client, Input, []).
@@ -1040,12 +1052,15 @@ list_tags_log_group(Client, Input, Options)
when is_map(Client), is_map(Input), is_list(Options) ->
request(Client, <<"ListTagsLogGroup">>, Input, Options).
-%% @doc Creates an account-level data protection policy that applies to all
-%% log groups in the account.
+%% @doc Creates an account-level data protection policy or subscription
+%% filter policy that applies to all log groups or a subset of log groups in
+%% the account.
+%%
+%% Data protection policy
%%
%% A data protection policy can help safeguard sensitive data that's
%% ingested by your log groups by auditing and masking the sensitive log
-%% data. Each account can have only one account-level policy.
+%% data. Each account can have only one account-level data protection policy.
%%
%% Sensitive data is detected and masked when it is ingested into a log
%% group. When you set a data protection policy, log events ingested into the
@@ -1053,7 +1068,7 @@ list_tags_log_group(Client, Input, Options)
%%
%% If you use `PutAccountPolicy' to create a data protection policy for
%% your whole account, it applies to both existing log groups and all log
-%% groups that are created later in this account. The account policy is
+%% groups that are created later in this account. The account-level policy is
%% applied to existing log groups with eventual consistency. It might take up
%% to 5 minutes before sensitive data in existing log groups begins to be
%% masked.
@@ -1069,16 +1084,47 @@ list_tags_log_group(Client, Input, Options)
%% For more information, including a list of types of data that can be
%% audited and masked, see Protect sensitive log data with masking.
%%
-%% To use the `PutAccountPolicy' operation, you must be signed on with
-%% the `logs:PutDataProtectionPolicy' and `logs:PutAccountPolicy'
-%% permissions.
+%% To use the `PutAccountPolicy' operation for a data protection policy,
+%% you must be signed on with the `logs:PutDataProtectionPolicy' and
+%% `logs:PutAccountPolicy' permissions.
%%
%% The `PutAccountPolicy' operation applies to all log groups in the
-%% account. You can also use PutDataProtectionPolicy to create a data
-%% protection policy that applies to just one log group. If a log group has
-%% its own data protection policy and the account also has an account-level
-%% data protection policy, then the two policies are cumulative. Any
-%% sensitive term specified in either policy is masked.
+%% account. You can use PutDataProtectionPolicy to create a data protection
+%% policy that applies to just one log group. If a log group has its own data
+%% protection policy and the account also has an account-level data
+%% protection policy, then the two policies are cumulative. Any sensitive
+%% term specified in either policy is masked.
+%%
+%% Subscription filter policy
+%%
+%% A subscription filter policy sets up a real-time feed of log events from
+%% CloudWatch Logs to other Amazon Web Services services. Account-level
+%% subscription filter policies apply to both existing log groups and log
+%% groups that are created later in this account. Supported destinations are
+%% Kinesis Data Streams, Kinesis Data Firehose, and Lambda. When log events
+%% are sent to the receiving service, they are Base64 encoded and compressed
+%% with the GZIP format.
+%%
+%% The following destinations are supported for subscription filters:
+%%
+%% - An Kinesis Data Streams data stream in the same account as the
+%% subscription policy, for same-account delivery.
+%%
+%%
- An Kinesis Data Firehose data stream in the same account as the
+%% subscription policy, for same-account delivery.
+%%
+%%
- A Lambda function in the same account as the subscription
+%% policy, for same-account delivery.
+%%
+%%
- A logical destination in a different account created with
+%% PutDestination, for cross-account delivery. Kinesis Data Streams and
+%% Kinesis Data Firehose are supported as logical destinations.
+%%
+%%
Each account can have one account-level subscription filter
+%% policy. If you are updating an existing filter, you must specify the
+%% correct name in `PolicyName'. To perform a `PutAccountPolicy'
+%% subscription filter operation for any destination except a Lambda
+%% function, you must also have the `iam:PassRole' permission.
put_account_policy(Client, Input)
when is_map(Client), is_map(Input) ->
put_account_policy(Client, Input, []).
@@ -1511,6 +1557,9 @@ put_subscription_filter(Client, Input, Options)
%% session stream or by closing the client that is receiving the stream. The
%% session also ends if the established connection between the client and the
%% server breaks.
+%%
+%% For examples of using an SDK to start a Live Tail session, see Start a
+%% Live Tail session using an Amazon Web Services SDK.
start_live_tail(Client, Input)
when is_map(Client), is_map(Input) ->
start_live_tail(Client, Input, []).