AWS privateca documentation change
Summary
Updated Amazon S3 documentation links from 'dev' to 'userguide' paths
Security assessment
The changes correct documentation URLs but do not alter security recommendations or address specific vulnerabilities. The security guidance about restrictive bucket policies remains unchanged.
Diff
diff --git a/privateca/latest/userguide/crl-planning.md b/privateca/latest/userguide/crl-planning.md index d1bce4bf3..2c87d0a6e 100644 --- a//privateca/latest/userguide/crl-planning.md +++ b//privateca/latest/userguide/crl-planning.md @@ -98 +98 @@ The CRL will only be deposited in Amazon S3 after a certificate has been issued -If you plan to create a CRL, you need to prepare an Amazon S3 bucket to store it in. AWS Private CA automatically deposits the CRL in the Amazon S3 bucket you designate and updates it periodically. For more information, see [Creating a bucket.](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-bucket.html) +If you plan to create a CRL, you need to prepare an Amazon S3 bucket to store it in. AWS Private CA automatically deposits the CRL in the Amazon S3 bucket you designate and updates it periodically. For more information, see [Creating a bucket.](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket.html) @@ -124 +124 @@ Enabled | Disabled | Not supported -The default policy applies no `SourceArn` restriction on the CA. We recommend that you apply a less permissive policy such as the following, which restricts access to both a specific AWS account and a specific private CA. Alternatively, you can use the [aws:SourceOrgID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceorgid) condition key to constrain access to a specific organization in AWS Organizations. For more information about bucket policies, see [Bucket policies for Amazon Simple Storage Service](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/bucket-policies.html). +The default policy applies no `SourceArn` restriction on the CA. We recommend that you apply a less permissive policy such as the following, which restricts access to both a specific AWS account and a specific private CA. Alternatively, you can use the [aws:SourceOrgID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceorgid) condition key to constrain access to a specific organization in AWS Organizations. For more information about bucket policies, see [Bucket policies for Amazon Simple Storage Service](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html). @@ -155 +155 @@ The default policy applies no `SourceArn` restriction on the CA. We recommend th -If you choose to allow the default policy, you can always [modify](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html) it later. +If you choose to allow the default policy, you can always [modify](https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html) it later. @@ -189 +189 @@ While completing the procedure, apply the following settings: -In this procedure, CloudFront modifies your bucket policy to allow it to access bucket objects. Consider [editing](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html) this policy to allow access only to objects under the `crl` folder. +In this procedure, CloudFront modifies your bucket policy to allow it to access bucket objects. Consider [editing](https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html) this policy to allow access only to objects under the `crl` folder.