AWS Security ChangesHomeSearch

AWS datazone medium security documentation change

Service: datazone · 2025-05-31 · Security-related medium

File: datazone/latest/userguide/hybrid-mode.md

Summary

Removed user ARN from S3 encryption policy

Security assessment

Removed explicit user ARN from allowed principals in encryption policy, reducing potential attack surface by limiting access to service roles only

Diff

diff --git a/datazone/latest/userguide/hybrid-mode.md b/datazone/latest/userguide/hybrid-mode.md
index 8d5d96377..7dae03c5e 100644
--- a//datazone/latest/userguide/hybrid-mode.md
+++ b//datazone/latest/userguide/hybrid-mode.md
@@ -92,2 +92 @@ If your Amazon S3 location is encrypted with a customer managed key, do the foll
-                            "arn:aws:iam::111122223333:role/service-role/AmazonDataZoneDataLocationManage-<region>-<domain-id>",
-                            "arn:aws:iam::111122223333:user/keyuser"
+                            "arn:aws:iam::111122223333:role/service-role/AmazonDataZoneDataLocationManage-<region>-<domain-id>"