AWS AmazonS3 medium security documentation change
Summary
Changed IAM policy condition from 'ArnLike' to 'ArnEquals' and removed wildcards from the example ARN.
Security assessment
Switching to 'ArnEquals' enforces exact ARN matching, reducing the risk of overly permissive policies. This addresses a potential misconfiguration vulnerability.
Diff
diff --git a/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md b/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md index 99e19c12a..a86e00ba9 100644 --- a//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md +++ b//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md @@ -63,2 +63,2 @@ The following is an example of an AWS Identity and Access Management (IAM) polic - "ArnLike": { - "aws:SourceArn": "arn:aws:s3:*:*:amzn-s3-demo-bucket" + "ArnEquals": { + "aws:SourceArn": "arn:aws:s3:::amzn-s3-demo-bucket"