AWS config high security documentation change
Summary
Added note requiring fixed values in S3 bucket policies
Security assessment
Prevents insecure bucket policies that could allow public read access through variable usage
Diff
diff --git a/config/latest/developerguide/s3-bucket-public-read-prohibited.md b/config/latest/developerguide/s3-bucket-public-read-prohibited.md index c88227767..ec207d016 100644 --- a//config/latest/developerguide/s3-bucket-public-read-prohibited.md +++ b//config/latest/developerguide/s3-bucket-public-read-prohibited.md @@ -28,0 +29,4 @@ The rule is noncompliant when: +###### Note + +To be considered non-public, an S3 bucket policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables). +