AWS cli medium security documentation change
Summary
Modified required permissions from 'list S3 bucket' to specific 's3:PutObject' and 's3:AbortMultipartUpload' permissions
Security assessment
This change corrects and specifies the exact permissions required for cache report generation, addressing potential over-permissioning issues. The update enforces least privilege by removing broad 'list' permission and specifying precise write actions, which directly impacts security posture.
Diff
diff --git a/cli/latest/reference/storagegateway/start-cache-report.md b/cli/latest/reference/storagegateway/start-cache-report.md index f950cbbb7..b7da4bf06 100644 --- a//cli/latest/reference/storagegateway/start-cache-report.md +++ b//cli/latest/reference/storagegateway/start-cache-report.md @@ -15 +15 @@ - * [AWS CLI 2.27.42 Command Reference](../../index.html) » + * [AWS CLI 2.27.45 Command Reference](../../index.html) » @@ -67 +67 @@ The following requirements must be met to successfully generate a cache report: - * You must have permissions to list the entire Amazon S3 bucket associated with the specified file share. + * You must have `s3:PutObject` and `s3:AbortMultipartUpload` permissions for the Amazon S3 bucket where you want to store the cache report. @@ -388 +388 @@ CacheReportARN -> (string) - * [AWS CLI 2.27.42 Command Reference](../../index.html) » + * [AWS CLI 2.27.45 Command Reference](../../index.html) »