AWS elasticbeanstalk high security documentation change
Summary
Added enforcement that Elastic Beanstalk S3 bucket must be owned by the account running the application
Security assessment
The change explicitly adds a security control to prevent bucket ownership issues, which could lead to security vulnerabilities if not properly managed
Diff
diff --git a/elasticbeanstalk/latest/dg/AWSHowTo.S3.md index d2b5d0a64..1239a8feb 100644 --- a/elasticbeanstalk/latest/dg/AWSHowTo.S3.md +++ b/elasticbeanstalk/latest/dg/AWSHowTo.S3.md @@ -11 +11 @@ This topic explains how Elastic Beanstalk utilizes Amazon Simple Storage Service -Elastic Beanstalk creates an encrypted Amazon S3 bucket named `elasticbeanstalk-`region`-`account-id`` for each region in which you create environments. Elastic Beanstalk uses this bucket to store objects, for example temporary configuration files, that are required for the proper operation of your application. +Elastic Beanstalk creates an encrypted Amazon S3 bucket named `elasticbeanstalk-`region`-`account-id`` for each region in which you create environments. Elastic Beanstalk uses this bucket to store objects, for example temporary configuration files, that are required for the proper operation of your application. Elastic Beanstalk deployments enforce that this bucket is owned by the account running the application.