AWS AmazonS3 medium security documentation change
Summary
Modified presigned URL policy to enforce signature age validation and updated syntax
Security assessment
Changed policy enforces signature expiration (10 minutes) and fixes syntax (quoted numeric value). This directly addresses potential security risks from long-lived presigned URLs.
Diff
diff --git a/AmazonS3/latest/userguide/using-presigned-url.md b/AmazonS3/latest/userguide/using-presigned-url.md index f76067dc5..997a92272 100644 --- a//AmazonS3/latest/userguide/using-presigned-url.md +++ b//AmazonS3/latest/userguide/using-presigned-url.md @@ -81,0 +82,6 @@ To enforce specific behavior when presigned URL requests are authenticated by us +JSON + + +**** + + @@ -87 +93 @@ To enforce specific behavior when presigned URL requests are authenticated by us - "Sid": "Deny a presigned URL request if the signature is more than 10 min old", + "Sid": "Deny a request if the signature is more than 10 min old", @@ -89 +95,3 @@ To enforce specific behavior when presigned URL requests are authenticated by us - "Principal": {"AWS":"*"}, + "Principal": { + "AWS": "*" + }, @@ -94 +102 @@ To enforce specific behavior when presigned URL requests are authenticated by us - "s3:signatureAge": 600000 + "s3:signatureAge": "600000"