AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-04-16 · Documentation low

File: AmazonS3/latest/userguide/directory-bucket-create.md

Summary

Clarified that ACL enforcement changes apply specifically to general purpose buckets (not directory buckets)

Security assessment

Change adds specificity about bucket types in existing security context (ACL enforcement), but does not introduce new security features or address vulnerabilities. The security practice (using policies over ACLs) was already documented.

Diff

diff --git a/AmazonS3/latest/userguide/directory-bucket-create.md b/AmazonS3/latest/userguide/directory-bucket-create.md
index 8d332e620..5358db931 100644
--- a//AmazonS3/latest/userguide/directory-bucket-create.md
+++ b//AmazonS3/latest/userguide/directory-bucket-create.md
@@ -9 +9 @@ To start using the Amazon S3 Express One Zone storage class, you create a direct
-There are two types of Amazon S3 buckets, general purpose buckets and directory buckets. You should choose the bucket type that best fits your application and performance requirements. General purpose buckets are the original S3 bucket type. General purpose buckets are recommended for most use cases and access patterns and allow objects stored across all storage classes, except S3 Express One Zone. For more information about general purpose buckets, see [Buckets overview](./UsingBucket.html).
+There are two types of Amazon S3 buckets, general purpose buckets and directory buckets. You should choose the bucket type that best fits your application and performance requirements. General purpose buckets are the original S3 bucket type. General purpose buckets are recommended for most use cases and access patterns and allow objects stored across all storage classes, except S3 Express One Zone. For more information about general purpose buckets, see [General purpose buckets overview](./UsingBucket.html).
@@ -105 +105 @@ Do not include sensitive information, such as account numbers, in the bucket nam
-**Bucket owner enforced (default)** – ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect access permissions to data in the S3 bucket. The bucket uses policies exclusively to define access control.
+**Bucket owner enforced (default)** – ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the general purpose bucket. ACLs no longer affect access permissions to data in the S3 general purpose bucket. The bucket uses policies exclusively to define access control.