AWS Security ChangesHomeSearch

AWS AmazonS3 medium security documentation change

Service: AmazonS3 · 2025-07-25 · Security-related medium

File: AmazonS3/latest/userguide/using-presigned-url.md

Summary

Modified presigned URL policy to enforce signature age validation and updated syntax

Security assessment

Changed policy enforces signature expiration (10 minutes) and fixes syntax (quoted numeric value). This directly addresses potential security risks from long-lived presigned URLs.

Diff

diff --git a/AmazonS3/latest/userguide/using-presigned-url.md b/AmazonS3/latest/userguide/using-presigned-url.md
index f76067dc5..997a92272 100644
--- a//AmazonS3/latest/userguide/using-presigned-url.md
+++ b//AmazonS3/latest/userguide/using-presigned-url.md
@@ -81,0 +82,6 @@ To enforce specific behavior when presigned URL requests are authenticated by us
+JSON
+    
+
+****
+    
+    
@@ -87 +93 @@ To enforce specific behavior when presigned URL requests are authenticated by us
-             "Sid": "Deny a presigned URL request if the signature is more than 10 min old",
+                "Sid": "Deny a  request if the signature is more than 10 min old",
@@ -89 +95,3 @@ To enforce specific behavior when presigned URL requests are authenticated by us
-             "Principal": {"AWS":"*"},
+                "Principal": {
+                    "AWS": "*"
+                },
@@ -94 +102 @@ To enforce specific behavior when presigned URL requests are authenticated by us
-                   "s3:signatureAge": 600000
+                        "s3:signatureAge": "600000"