AWS Security ChangesHomeSearch

AWS config high security documentation change

Service: config · 2025-05-31 · Security-related high

File: config/latest/developerguide/s3-bucket-public-read-prohibited.md

Summary

Added note requiring fixed values in S3 bucket policies

Security assessment

Prevents insecure bucket policies that could allow public read access through variable usage

Diff

diff --git a/config/latest/developerguide/s3-bucket-public-read-prohibited.md b/config/latest/developerguide/s3-bucket-public-read-prohibited.md
index c88227767..ec207d016 100644
--- a//config/latest/developerguide/s3-bucket-public-read-prohibited.md
+++ b//config/latest/developerguide/s3-bucket-public-read-prohibited.md
@@ -28,0 +29,4 @@ The rule is noncompliant when:
+###### Note
+
+To be considered non-public, an S3 bucket policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables).
+