AWS AmazonS3 medium security documentation change
Summary
Simplified terminology from 'Dedicated Local Zones' to 'Local Zones' and removed details about default security settings (S3 Block Public Access, Object Ownership enforcement) and IAM policy condition key guidance
Security assessment
Removal of explicit documentation about default security controls (Block Public Access, Object Ownership) and the s3express:AllAccessRestrictedToLocalZoneGroup IAM condition key reduces visibility into critical security configurations. This could lead to misconfigurations if users are unaware of these enforced protections.
Diff
diff --git a/AmazonS3/latest/userguide/opt-in-directory-bucket-lz.md b/AmazonS3/latest/userguide/opt-in-directory-bucket-lz.md index f780b509f..58861bfb0 100644 --- a//AmazonS3/latest/userguide/opt-in-directory-bucket-lz.md +++ b//AmazonS3/latest/userguide/opt-in-directory-bucket-lz.md @@ -5,7 +5 @@ -# Enable accounts for Dedicated Local Zones - -The following topic describes how accounts are enabled for Dedicated Local Zones. - -For all the services in AWS Dedicated Local Zones (Dedicated Local Zones), including Amazon S3, your administrator must enable your AWS account before you can create or access any resource in the Dedicated Local Zone. - -To further protect your data in Amazon S3, by default, you only have access to the S3 resources that you create. Buckets in Local Zones have all S3 Block Public Access settings enabled by default and S3 Object Ownership is set to bucket owner enforced. These settings can't be modified. Optionally, to restrict access to only within the Local Zone network border groups, you can use the condition key `s3express:AllAccessRestrictedToLocalZoneGroup` in your IAM policies. For more information, see [Authenticating and authorizing for directory buckets in Local Zones](./iam-directory-bucket-LZ.html). +# Enable accounts for Local Zones