AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-04-16 · Documentation low

File: AmazonS3/latest/userguide/setup-storagebrowser.md

Summary

Updated documentation to specify 'S3 general purpose buckets' instead of generic 'S3 buckets' in access grants context

Security assessment

Change clarifies bucket type but does not address security vulnerabilities or introduce new security features

Diff

diff --git a/AmazonS3/latest/userguide/setup-storagebrowser.md b/AmazonS3/latest/userguide/setup-storagebrowser.md
index 257ea676f..8abb4c2c6 100644
--- a//AmazonS3/latest/userguide/setup-storagebrowser.md
+++ b//AmazonS3/latest/userguide/setup-storagebrowser.md
@@ -45 +45 @@ To initialize the component with the Amplify authentication and storage methods,
-If you want to manage access for your IAM principals or your AWS account directly, you can create an IAM role that has permissions to invoke the [GetDataAccess](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetDataAccess.html) S3 API operation. To set this up, you must create an S3 Access Grants instance to map out permissions for S3 buckets and prefixes to the specified IAM identities. The Storage Browser component (which must be called on the client side after obtaining the IAM credentials) will then invoke the [ListCallerAccessGrants](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListCallerAccessGrants.html) S3 API operation to fetch the available grants to the identity requester and populate the locations in the component. After you obtain the `s3:GetDataAccess` permission, those credentials are then used by the Storage Browser component to request data access to S3.
+If you want to manage access for your IAM principals or your AWS account directly, you can create an IAM role that has permissions to invoke the [GetDataAccess](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetDataAccess.html) S3 API operation. To set this up, you must create an S3 Access Grants instance to map out permissions for S3 general purpose buckets and prefixes to the specified IAM identities. The Storage Browser component (which must be called on the client side after obtaining the IAM credentials) will then invoke the [ListCallerAccessGrants](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListCallerAccessGrants.html) S3 API operation to fetch the available grants to the identity requester and populate the locations in the component. After you obtain the `s3:GetDataAccess` permission, those credentials are then used by the Storage Browser component to request data access to S3.