AWS mediaconvert high security documentation change
Summary
Updated IAM policy example syntax - changed 'ForAllValues:BoolIfExists' with array values to multiple 'BoolIfExists' statements with boolean values
Security assessment
Corrects IAM policy syntax to properly enforce security controls for input sources. The original array-based syntax under ForAllValues could lead to unintended policy evaluation results, while the new syntax properly restricts HTTP inputs while allowing HTTPS/S3.
Diff
diff --git a/mediaconvert/latest/ug/disallow-inputs.md b/mediaconvert/latest/ug/disallow-inputs.md index 7524f42a9..cb8a2d7f3 100644 --- a/mediaconvert/latest/ug/disallow-inputs.md +++ b/mediaconvert/latest/ug/disallow-inputs.md @@ -99,11 +99,8 @@ The following JSON is an example IAM policy using MediaConvert condition keys th - "ForAllValues:BoolIfExists": { - "mediaconvert:HttpInputsAllowed": [ - "false" - ], - "mediaconvert:HttpsInputsAllowed": [ - "true" - ], - - "mediaconvert:S3InputsAllowed": [ - "true" - ] + "BoolIfExists": { + "mediaconvert:HttpInputsAllowed": false + }, + "BoolIfExists": { + "mediaconvert:HttpsInputsAllowed": true + }, + "BoolIfExists": { + "mediaconvert:S3InputsAllowed": true