AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-04-28 · Documentation medium

File: AmazonS3/latest/userguide/create-directory-bucket-LZ.md

Summary

Added documentation about using s3express:AllAccessRestrictedToLocalZoneGroup condition key to restrict network access

Security assessment

Introduces documentation for a new security control (network border restriction) but does not indicate it's addressing a specific existing vulnerability. This is a proactive security feature addition rather than a response to a security incident.

Diff

diff --git a/AmazonS3/latest/userguide/create-directory-bucket-LZ.md b/AmazonS3/latest/userguide/create-directory-bucket-LZ.md
index 5c3542717..a8d1c1f6e 100644
--- a//AmazonS3/latest/userguide/create-directory-bucket-LZ.md
+++ b//AmazonS3/latest/userguide/create-directory-bucket-LZ.md
@@ -14,0 +15,2 @@ In Dedicated Local Zones, you can create directory buckets to store and retrieve
+  * To restrict access to only within the Local Zone network border groups, you can use the condition key `s3express:AllAccessRestrictedToLocalZoneGroup` in your IAM policies. For more information, see [Authenticating and authorizing for directory buckets in Local Zones](./iam-directory-bucket-LZ.html).
+