AWS Security ChangesHomeSearch

AWS efs medium security documentation change

Service: efs · 2025-05-03 · Security-related medium

File: efs/latest/ug/iam-access-control-nfs-efs.md

Summary

Clarified that `aws:SourceIp` condition key applies only to public IP address ranges

Security assessment

Corrects a potential misconfiguration by specifying that `aws:SourceIp` is for public IPs. Using this key for private IPs in policies could lead to unintended access, making this a security-relevant documentation improvement.

Diff

diff --git a/efs/latest/ug/iam-access-control-nfs-efs.md b/efs/latest/ug/iam-access-control-nfs-efs.md
index 460431b20..118013fb0 100644
--- a//efs/latest/ug/iam-access-control-nfs-efs.md
+++ b//efs/latest/ug/iam-access-control-nfs-efs.md
@@ -40 +40 @@ EFS Condition Key | Description | Operator
-`aws:SourceIp` | Private IP address of the client accessing an EFS file system. | String  
+`aws:SourceIp` | Use this key to compare the requester's IP address with the IP address that you specify in the policy. The `aws:SourceIp` condition key can only be used for public IP address ranges. | String