AWS IAM documentation change
Summary
Removed section about S3 directory bucket access points and cross-account policy analysis
Security assessment
Content removal doesn't indicate security fixes - appears to be documentation reorganization rather than security-related changes
Diff
diff --git a/IAM/latest/UserGuide/access-analyzer-resources.md b/IAM/latest/UserGuide/access-analyzer-resources.md index 44bcc40c9..df27f7bdb 100644 --- a//IAM/latest/UserGuide/access-analyzer-resources.md +++ b//IAM/latest/UserGuide/access-analyzer-resources.md @@ -66,6 +65,0 @@ Amazon S3 directory buckets organize data hierarchically into directories as opp -Amazon S3 directory buckets also support access points, which enforce distinct permissions and network controls for all requests made to the directory bucket through the access point. Each access point can have an access point policy that works in conjunction with the bucket policy that is attached to the underlying directory bucket. With access points for directory buckets, you can restrict access to specific prefixes, API actions, or a virtual private cloud (VPC). - -###### Note - -IAM Access Analyzer doesn’t analyze the access point policy attached to cross-account access points because the access point and its policy are outside the analyzer account. IAM Access Analyzer generates a public finding when a bucket delegates access to a cross-account access point and Block Public Access is not enabled on the bucket or account. When you enable Block Public Access, the public finding is resolved and IAM Access Analyzer generates a cross-account finding for the cross-account access point. -