AWS efs high security documentation change
Summary
Removed wildcard principal (*) from example IAM policies and updated terminology
Security assessment
Removing the wildcard principal in example policies addresses a security risk by preventing overly permissive access. This change demonstrates secure policy configuration by requiring explicit principals.
Diff
diff --git a/efs/latest/ug/using-aws-transfer-integration.md b/efs/latest/ug/using-aws-transfer-integration.md index 164f4534f..22d879578 100644 --- a//efs/latest/ug/using-aws-transfer-integration.md +++ b//efs/latest/ug/using-aws-transfer-integration.md @@ -71 +71 @@ Configuring an Amazon EFS file system to work with Transfer Family requires the -Make sure that the Transfer Family users have access to the necessary file and directories on your EFS file system. Assign access permissions to the directory using the list of POSIX IDs allocated to the Transfer Family users. In this example, a user creates a directory named `transferFam` under the EFS mount point. Creating a directory is optional, depending on your use case. If needed, you can choose its name and location on the EFS file system. +Make sure that the Transfer Family users have access to the necessary file and directories on your EFS file system. Assign access permissions to the directory using the list of POSIX IDs allocated to the Transfer Family users. In this example, a user creates a directory named `transferFam` under the Amazon EFS mount point. Creating a directory is optional, depending on your use case. If needed, you can choose its name and location on the EFS file system. @@ -154,3 +153,0 @@ The following example is a non-public file system policy that grants cross-accou - "Principal": { - "AWS": "*" - }, @@ -190,3 +186,0 @@ The following file system policy adds a statement granting access to the IAM rol - "Principal": { - "AWS": "*" - },