AWS managedservices high security documentation change
Summary
Updated descriptions for S3 public access block parameters with clearer security implications
Security assessment
Changes explicitly explain security controls for S3 bucket public access settings, helping prevent misconfigurations that could lead to data exposure. The revised descriptions emphasize security outcomes (blocking public access vs allowing it) which directly relates to security best practices.
Diff
diff --git a/managedservices/latest/ctref/schemas.md b/managedservices/latest/ctref/schemas.md index 88d9beace..282e8ac4b 100644 --- a//managedservices/latest/ctref/schemas.md +++ b//managedservices/latest/ctref/schemas.md @@ -9446 +9446 @@ Change type schemas specify the execution input parameters for a change type. - "description": "(Optional) Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only AWS services and authorized users within this account if the bucket has a public policy.", + "description": "(Optional) To restrict public bucket policies for the specified bucket to only AWS services and authorized users within this account, choose 'true'. To allow public and cross-account access as defined in bucket policies, choose 'false'.", @@ -9451 +9451 @@ Change type schemas specify the execution input parameters for a change type. - "description": "(Optional) Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket.", + "description": "(Optional) To prevent creation of new public ACLs and block public access granted through ACLs for this bucket and objects, choose 'true'. To allow creation and modification of bucket ACLs that grant public access, choose 'false'.", @@ -9456 +9456 @@ Change type schemas specify the execution input parameters for a change type. - "description": "(Optional) Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.", + "description": "(Optional) To ignore all public ACLs on this bucket and objects within it, making them ineffective regardless of their settings, choose 'true'. To honor and allow existing public ACLs to grant access as configured, choose 'false'.", @@ -9461 +9461 @@ Change type schemas specify the execution input parameters for a change type. - "description": "(Optional) Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.", + "description": "(Optional) To reject calls to PUT Bucket policy that would allow public access and block the creation and modification of public bucket policies, choose 'true'. To allow the creation and modification of bucket policies that can grant public access, choose 'false'.",