AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-06-19 · Documentation medium

File: AmazonS3/latest/userguide/security_iam_service-with-iam.md

Summary

Added note about IAM policy requirements and expanded SecureTransport policy example

Security assessment

The changes emphasize the need for explicit IAM policies even when using root delegation and provide a concrete example of enforcing HTTPS. While security-related, there is no evidence this addresses an active vulnerability rather than general security guidance.

Diff

diff --git a/AmazonS3/latest/userguide/security_iam_service-with-iam.md b/AmazonS3/latest/userguide/security_iam_service-with-iam.md
index 4df64f718..9ae63ef51 100644
--- a//AmazonS3/latest/userguide/security_iam_service-with-iam.md
+++ b//AmazonS3/latest/userguide/security_iam_service-with-iam.md
@@ -78,0 +79,4 @@ The following are examples.
+###### Note
+
+The examples above grant permissions to the root user, which delegates permissions to the account level. However, IAM policies are still required on the specific roles and users in the account.
+
@@ -125 +129,6 @@ The following example blocks access if a secure transport protocol isn’t used:
-    {"Effect": "Deny", 
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "DenyBucketAccessIfSTPNotUsed",
+          "Effect": "Deny",
@@ -128 +137 @@ The following example blocks access if a secure transport protocol isn’t used:
-     "Resource": <bucket ARN>,
+          "Resource": "arn:aws:s3:::amzn-s3-demo-bucket",
@@ -130 +139,4 @@ The following example blocks access if a secure transport protocol isn’t used:
-       "Boolean": { "aws:SecureTransport" : "false"}
+            "Bool": {
+              "aws:SecureTransport": "false"
+            }
+          }
@@ -131,0 +144 @@ The following example blocks access if a secure transport protocol isn’t used:
+      ]