AWS Security ChangesHomeSearch

AWS snowball medium security documentation change

Service: snowball · 2025-08-10 · Security-related medium

File: snowball/latest/developer-guide/transfer-troubleshooting.md

Summary

Modified IAM policy example: Changed 'Deny' to 'Allow', replaced 'NotPrincipal' with 'Principal' and 'NotIpAddress' with 'IpAddress' (203.0.113.0/24)

Security assessment

The policy change corrects a security misconfiguration by enforcing explicit allow-list access control. The original policy used negation logic (Deny + NotPrincipal/NotIpAddress), which could have allowed unintended access. The new policy restricts access to a specific principal and IP range, addressing potential over-permission risks.

Diff

diff --git a/snowball/latest/developer-guide/transfer-troubleshooting.md b/snowball/latest/developer-guide/transfer-troubleshooting.md
index 15486204d..177d372f3 100644
--- a//snowball/latest/developer-guide/transfer-troubleshooting.md
+++ b//snowball/latest/developer-guide/transfer-troubleshooting.md
@@ -373,2 +373,2 @@ JSON
-                "Effect": "Deny",
-                "NotPrincipal": {
+                "Effect": "Allow",
+                "Principal": {
@@ -388 +388 @@ JSON
-                    "NotIpAddress": {
+                    "IpAddress": {
@@ -390 +390 @@ JSON
-                            "IPAddress"
+                            "203.0.113.0/24"