AWS efs medium security documentation change
Summary
Clarified that `aws:SourceIp` condition key applies only to public IP address ranges
Security assessment
Corrects a potential misconfiguration by specifying that `aws:SourceIp` is for public IPs. Using this key for private IPs in policies could lead to unintended access, making this a security-relevant documentation improvement.
Diff
diff --git a/efs/latest/ug/iam-access-control-nfs-efs.md b/efs/latest/ug/iam-access-control-nfs-efs.md index 460431b20..118013fb0 100644 --- a//efs/latest/ug/iam-access-control-nfs-efs.md +++ b//efs/latest/ug/iam-access-control-nfs-efs.md @@ -40 +40 @@ EFS Condition Key | Description | Operator -`aws:SourceIp` | Private IP address of the client accessing an EFS file system. | String +`aws:SourceIp` | Use this key to compare the requester's IP address with the IP address that you specify in the policy. The `aws:SourceIp` condition key can only be used for public IP address ranges. | String