AWS Security ChangesHomeSearch

AWS mediaconvert high security documentation change

Service: mediaconvert · 2025-03-26 · Security-related high

File: mediaconvert/latest/ug/disallow-inputs.md

Summary

Updated IAM policy example syntax - changed 'ForAllValues:BoolIfExists' with array values to multiple 'BoolIfExists' statements with boolean values

Security assessment

Corrects IAM policy syntax to properly enforce security controls for input sources. The original array-based syntax under ForAllValues could lead to unintended policy evaluation results, while the new syntax properly restricts HTTP inputs while allowing HTTPS/S3.

Diff

diff --git a/mediaconvert/latest/ug/disallow-inputs.md b/mediaconvert/latest/ug/disallow-inputs.md
index 7524f42a9..cb8a2d7f3 100644
--- a/mediaconvert/latest/ug/disallow-inputs.md
+++ b/mediaconvert/latest/ug/disallow-inputs.md
@@ -99,11 +99,8 @@ The following JSON is an example IAM policy using MediaConvert condition keys th
-                    "ForAllValues:BoolIfExists": {
-                        "mediaconvert:HttpInputsAllowed": [
-                            "false"
-                        ],
-                        "mediaconvert:HttpsInputsAllowed": [
-                            "true"
-                        ],
-    
-                        "mediaconvert:S3InputsAllowed": [
-                            "true"
-                        ]
+                    "BoolIfExists": {
+                        "mediaconvert:HttpInputsAllowed": false
+                    },
+                    "BoolIfExists": {
+                        "mediaconvert:HttpsInputsAllowed": true
+                    },
+                    "BoolIfExists": {
+                        "mediaconvert:S3InputsAllowed": true