AWS Security ChangesHomeSearch

AWS IAM high security documentation change

Service: IAM · 2025-05-10 · Security-related high

File: IAM/latest/UserGuide/access-keys_inline-policy.md

Summary

Corrected IPv6 CIDR notation from /74 to /64 in policy example

Security assessment

Fixing the CIDR mask from an invalid /74 to valid /64 prevents potential policy misconfiguration that could allow broader network access than intended. This addresses a security best practice for precise network boundary definitions.

Diff

diff --git a/IAM/latest/UserGuide/access-keys_inline-policy.md b/IAM/latest/UserGuide/access-keys_inline-policy.md
index 48683298c..7e4b54cd4 100644
--- a//IAM/latest/UserGuide/access-keys_inline-policy.md
+++ b//IAM/latest/UserGuide/access-keys_inline-policy.md
@@ -97 +97 @@ The IP addresses must not be obfuscated by a VPN or a proxy server.
-This policy example denies the use of an IAM user’s access keys with this policy applied, unless the request originated from the networks (specified in CIDR notation) “203.0.113.0/24”, “2001:DB8:1234:5678::/74”, or the specific IP address “203.0.114.1” 
+This policy example denies the use of an IAM user’s access keys with this policy applied, unless the request originated from the networks (specified in CIDR notation) “203.0.113.0/24”, “2001:DB8:1234:5678::/64”, or the specific IP address “203.0.114.1”