AWS Security ChangesHomeSearch

AWS cli medium security documentation change

Service: cli · 2025-06-28 · Security-related medium

File: cli/latest/reference/storagegateway/start-cache-report.md

Summary

Modified required permissions from 'list S3 bucket' to specific 's3:PutObject' and 's3:AbortMultipartUpload' permissions

Security assessment

This change corrects and specifies the exact permissions required for cache report generation, addressing potential over-permissioning issues. The update enforces least privilege by removing broad 'list' permission and specifying precise write actions, which directly impacts security posture.

Diff

diff --git a/cli/latest/reference/storagegateway/start-cache-report.md b/cli/latest/reference/storagegateway/start-cache-report.md
index f950cbbb7..b7da4bf06 100644
--- a//cli/latest/reference/storagegateway/start-cache-report.md
+++ b//cli/latest/reference/storagegateway/start-cache-report.md
@@ -15 +15 @@
-  * [AWS CLI 2.27.42 Command Reference](../../index.html) »
+  * [AWS CLI 2.27.45 Command Reference](../../index.html) »
@@ -67 +67 @@ The following requirements must be met to successfully generate a cache report:
-  * You must have permissions to list the entire Amazon S3 bucket associated with the specified file share.
+  * You must have `s3:PutObject` and `s3:AbortMultipartUpload` permissions for the Amazon S3 bucket where you want to store the cache report.
@@ -388 +388 @@ CacheReportARN -> (string)
-  * [AWS CLI 2.27.42 Command Reference](../../index.html) »
+  * [AWS CLI 2.27.45 Command Reference](../../index.html) »