diff --git a/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/query.rego b/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/query.rego
index 3ab90ee52f0..83d771cfd77 100644
--- a/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/query.rego
+++ b/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/query.rego
@@ -58,9 +58,9 @@ expressionArr := [
 #{ ($.eventSource = \"s3.amazonaws.com\") && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }
 CxPolicy[result] {
 	doc := input.document[i]
-	_ := doc.resource.aws_cloudwatch_log_metric_filter[name]
+	filterResource := doc.resource.aws_cloudwatch_log_metric_filter[name]
+	is_s3_policy_change_filter(filterResource)
 
-	
 	count([alarm | alarm := doc.resource.aws_cloudwatch_metric_alarm[_]; contains(alarm.metric_name, name)]) == 0 
 	
 	result := {
@@ -75,6 +75,10 @@ CxPolicy[result] {
 	}
 }
 
+is_s3_policy_change_filter(filter) {
+	contains(filter.pattern, "s3.amazonaws.com")
+}
+
 
 check_expression_missing(filter) {
 	filter._kics_filter_expr._op == "&&"
@@ -90,6 +94,7 @@ CxPolicy[result] {
 	resources := doc.resource.aws_cloudwatch_log_metric_filter
 
 	resourceNames := [resourceName | [path, value] := walk(resources);
+	    is_s3_policy_change_filter(value);
 	    filter := common_lib.json_unmarshal(value.pattern);
 	    not check_expression_missing(filter);
 	    resourceName := path[count(path)-1]
@@ -107,4 +112,4 @@ CxPolicy[result] {
 		"keyActualValue": "aws_cloudwatch_log_metric_filter with wrong pattern",
 		"searchLine": common_lib.build_search_line(["resource","aws_cloudwatch_log_metric_filter", resourceName, "pattern"], []),
 	}
-}
\ No newline at end of file
+}
diff --git a/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/negative1.tf b/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/negative1.tf
index b1de8c283e9..1192b1e9c07 100644
--- a/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/negative1.tf
+++ b/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/negative1.tf
@@ -49,3 +49,15 @@ resource "aws_cloudwatch_metric_alarm" "cis_no_mfa_console_signin_cw_alarm" {
   alarm_actions             = [aws_sns_topic.CIS_Alerts_SNS_Topic.arn]
   insufficient_data_actions = []
 }
+
+resource "aws_cloudwatch_log_metric_filter" "custom_application_metric_filter" {
+  name           = "CustomApplicationMetric"
+  pattern        = "[MYTEXT]"
+  log_group_name = aws_cloudwatch_log_group.Application_CloudWatch_LogsGroup.name
+
+  metric_transformation {
+    name      = "CustomApplicationMetric"
+    namespace = "Application_Metric_Alarm_Namespace"
+    value     = "1"
+  }
+}
diff --git a/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/positive_expected_result.json
index 6e6bdca530c..d191155177e 100644
--- a/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/positive_expected_result.json
+++ b/assets/queries/terraform/aws/cloudwatch_s3_policy_change_alarm_missing/test/positive_expected_result.json
@@ -11,12 +11,6 @@
     "line": 3,
     "fileName": "positive1.tf"
   },
-  {
-    "queryName": "CloudWatch S3 policy Change Alarm Missing",
-    "severity": "MEDIUM",
-    "line": 30,
-    "fileName": "positive1.tf"
-  },
   {
     "queryName": "CloudWatch S3 policy Change Alarm Missing",
     "severity": "MEDIUM",
@@ -44,7 +38,7 @@
   {
     "queryName": "CloudWatch S3 policy Change Alarm Missing",
     "severity": "MEDIUM",
-    "line": 31,
+    "line": 4,
     "fileName": "positive5.tf"
   }
 ]