AWS AmazonS3 documentation change
Summary
Added documentation about using s3express:AllAccessRestrictedToLocalZoneGroup condition key to restrict network access
Security assessment
Introduces documentation for a new security control (network border restriction) but does not indicate it's addressing a specific existing vulnerability. This is a proactive security feature addition rather than a response to a security incident.
Diff
diff --git a/AmazonS3/latest/userguide/create-directory-bucket-LZ.md b/AmazonS3/latest/userguide/create-directory-bucket-LZ.md index 5c3542717..a8d1c1f6e 100644 --- a//AmazonS3/latest/userguide/create-directory-bucket-LZ.md +++ b//AmazonS3/latest/userguide/create-directory-bucket-LZ.md @@ -14,0 +15,2 @@ In Dedicated Local Zones, you can create directory buckets to store and retrieve + * To restrict access to only within the Local Zone network border groups, you can use the condition key `s3express:AllAccessRestrictedToLocalZoneGroup` in your IAM policies. For more information, see [Authenticating and authorizing for directory buckets in Local Zones](./iam-directory-bucket-LZ.html). +