AWS IAM high security documentation change
Summary
Corrected IPv6 CIDR notation from /74 to /64 in policy example
Security assessment
Fixing the CIDR mask from an invalid /74 to valid /64 prevents potential policy misconfiguration that could allow broader network access than intended. This addresses a security best practice for precise network boundary definitions.
Diff
diff --git a/IAM/latest/UserGuide/access-keys_inline-policy.md b/IAM/latest/UserGuide/access-keys_inline-policy.md index 48683298c..7e4b54cd4 100644 --- a//IAM/latest/UserGuide/access-keys_inline-policy.md +++ b//IAM/latest/UserGuide/access-keys_inline-policy.md @@ -97 +97 @@ The IP addresses must not be obfuscated by a VPN or a proxy server. -This policy example denies the use of an IAM user’s access keys with this policy applied, unless the request originated from the networks (specified in CIDR notation) “203.0.113.0/24”, “2001:DB8:1234:5678::/74”, or the specific IP address “203.0.114.1” +This policy example denies the use of an IAM user’s access keys with this policy applied, unless the request originated from the networks (specified in CIDR notation) “203.0.113.0/24”, “2001:DB8:1234:5678::/64”, or the specific IP address “203.0.114.1”