AWS Security ChangesHomeSearch

AWS AmazonS3 medium security documentation change

Service: AmazonS3 · 2025-04-11 · Security-related medium

File: AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md

Summary

Changed IAM policy condition from 'ArnLike' to 'ArnEquals' and removed wildcards from the example ARN.

Security assessment

Switching to 'ArnEquals' enforces exact ARN matching, reducing the risk of overly permissive policies. This addresses a potential misconfiguration vulnerability.

Diff

diff --git a/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md b/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md
index 99e19c12a..a86e00ba9 100644
--- a//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md
+++ b//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md
@@ -63,2 +63,2 @@ The following is an example of an AWS Identity and Access Management (IAM) polic
-                    "ArnLike": {
-                        "aws:SourceArn": "arn:aws:s3:*:*:amzn-s3-demo-bucket"
+                    "ArnEquals": {
+                        "aws:SourceArn": "arn:aws:s3:::amzn-s3-demo-bucket"