AWS ebs medium security documentation change
Summary
Updated resource-level permissions explanation to state they can apply to both the snapshot copy and source snapshot.
Security assessment
The change clarifies that resource-level permissions now apply to both source and destination snapshots, impacting access control policies. This directly affects security by correcting prior documentation that limited permissions to the copy only, potentially leading to misconfigured policies.
Diff
diff --git a/ebs/latest/userguide/ebs-copy-snapshot.md b/ebs/latest/userguide/ebs-copy-snapshot.md index 9d757f2ef..276faf5c6 100644 --- a//ebs/latest/userguide/ebs-copy-snapshot.md +++ b//ebs/latest/userguide/ebs-copy-snapshot.md @@ -61 +61 @@ For pricing information about copying snapshots across AWS Regions and accounts, - * Resource-level permissions specified for the snapshot copy operation apply only to the snapshot copy. You can't specify resource-level permissions for the source snapshot. For an example, see [ Example: Copying snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html#iam-copy-snapshot). + * Resource-level permissions specified for the snapshot copy operation can apply to the snapshot copy and the source snapshot. For an example, see [ Example: Copying snapshots](https://docs.aws.amazon.com/ebs/latest/userguide/security_iam_id-based-policy-examples.html#iam-copy-snapshot).