AWS Security ChangesHomeSearch

AWS config high security documentation change

Service: config · 2025-05-31 · Security-related high

File: config/latest/developerguide/s3-bucket-public-write-prohibited.md

Summary

Added note requiring fixed values in S3 bucket policies

Security assessment

Addresses risk of public write access through policy variables that could lead to data modification risks

Diff

diff --git a/config/latest/developerguide/s3-bucket-public-write-prohibited.md b/config/latest/developerguide/s3-bucket-public-write-prohibited.md
index 093ec58b0..96124b7c6 100644
--- a//config/latest/developerguide/s3-bucket-public-write-prohibited.md
+++ b//config/latest/developerguide/s3-bucket-public-write-prohibited.md
@@ -32,0 +33,4 @@ This rule does not evaluate changes to account level public block access. To che
+###### Note
+
+To be considered non-public, an S3 bucket policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables).
+