AWS AmazonS3 documentation change
Summary
Added JSON formatting markers and updated example ARNs with specific regions/account IDs
Security assessment
Improves example accuracy but does not address security flaws or document new security controls. Policy logic remains unchanged.
Diff
diff --git a/AmazonS3/latest/s3-outposts/s3-outposts-privatelink-interface-endpoints.md b/AmazonS3/latest/s3-outposts/s3-outposts-privatelink-interface-endpoints.md index f5dc3fd83..503ee23a0 100644 --- a//AmazonS3/latest/s3-outposts/s3-outposts-privatelink-interface-endpoints.md +++ b//AmazonS3/latest/s3-outposts/s3-outposts-privatelink-interface-endpoints.md @@ -161,0 +162,6 @@ You can create an endpoint policy that restricts access to specific S3 on Outpos +JSON + + +**** + + @@ -167,2 +173,5 @@ You can create an endpoint policy that restricts access to specific S3 on Outpos - { "Sid": "Access-to-specific-bucket-only", - "Principal": {"AWS":"111122223333"}, + { + "Sid": "Access-to-specific-bucket-only", + "Principal": { + "AWS": "111122223333" + }, @@ -171 +180 @@ You can create an endpoint policy that restricts access to specific S3 on Outpos - "Resource": "arn:aws:s3-outposts:region:123456789012:outpost/op-01ac5d28a6a232904/bucket/example-outpost-bucket" + "Resource": "arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-01ac5d28a6a232904/bucket/example-outpost-bucket" @@ -181,0 +192,6 @@ The `aws:sourceVpce` condition specifies the endpoint and does not require an Am +JSON + + +**** + + @@ -189 +205,3 @@ The `aws:sourceVpce` condition specifies the endpoint and does not require an Am - "Principal": {"AWS":"111122223333"}, + "Principal": { + "AWS": "111122223333" + }, @@ -192 +210 @@ The `aws:sourceVpce` condition specifies the endpoint and does not require an Am - "Resource": "arn:aws:s3-outposts:region:123456789012:outpost/op-01ac5d28a6a232904/bucket/example-outpost-bucket", + "Resource": "arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-01ac5d28a6a232904/bucket/example-outpost-bucket", @@ -194 +212,3 @@ The `aws:sourceVpce` condition specifies the endpoint and does not require an Am - "StringEquals": {"aws:sourceVpce": "vpce-1a2b3c4d"} + "StringEquals": { + "aws:sourceVpce": "vpce-1a2b3c4d" + }