AWS Security ChangesHomeSearch

AWS res high security documentation change

Service: res · 2025-06-28 · Security-related high

File: res/latest/ug/S3-buckets-cross-account-access.md

Summary

Removed region specification from IAM role ARN in cross-account bucket policy example

Security assessment

Fixing the IAM role ARN format (removing invalid region component) prevents potential policy failures that could lead to unintended access denials. Incorrect ARNs could create security risks through misconfigured access controls.

Diff

diff --git a/res/latest/ug/S3-buckets-cross-account-access.md b/res/latest/ug/S3-buckets-cross-account-access.md
index a89e1204b..24a59315f 100644
--- a//res/latest/ug/S3-buckets-cross-account-access.md
+++ b//res/latest/ug/S3-buckets-cross-account-access.md
@@ -69 +69 @@ RES has the ability to mount buckets from other AWS accounts, provided these buc
-    3. Paste the following JSON policy (replace ``<ACCOUNT_ID>`` with the actual account ID of Account A, ``<ENVIRONMENT_NAME>`` with the environment name of the RES deployment, and ``<REGION>`` with the AWS region RES is deployed to): 
+    3. Paste the following JSON policy (replace ``<ACCOUNT_ID>`` with the actual account ID of Account A, and ``<ENVIRONMENT_NAME>`` with the environment name of the RES deployment: 
@@ -77 +77 @@ RES has the ability to mount buckets from other AWS accounts, provided these buc
-                        "AWS": "arn:aws:iam::<ACCOUNT_ID>:role/<ENVIRONMENT_NAME>-custom-credential-broker-lambda-role-<REGION>"
+                        "AWS": "arn:aws:iam::<ACCOUNT_ID>:role/<ENVIRONMENT_NAME>-custom-credential-broker-lambda-role"