AWS snowball medium security documentation change
Summary
Modified IAM policy example: Changed 'Deny' to 'Allow', replaced 'NotPrincipal' with 'Principal' and 'NotIpAddress' with 'IpAddress' (203.0.113.0/24)
Security assessment
The policy change corrects a security misconfiguration by enforcing explicit allow-list access control. The original policy used negation logic (Deny + NotPrincipal/NotIpAddress), which could have allowed unintended access. The new policy restricts access to a specific principal and IP range, addressing potential over-permission risks.
Diff
diff --git a/snowball/latest/developer-guide/transfer-troubleshooting.md b/snowball/latest/developer-guide/transfer-troubleshooting.md index 15486204d..177d372f3 100644 --- a//snowball/latest/developer-guide/transfer-troubleshooting.md +++ b//snowball/latest/developer-guide/transfer-troubleshooting.md @@ -373,2 +373,2 @@ JSON - "Effect": "Deny", - "NotPrincipal": { + "Effect": "Allow", + "Principal": { @@ -388 +388 @@ JSON - "NotIpAddress": { + "IpAddress": { @@ -390 +390 @@ JSON - "IPAddress" + "203.0.113.0/24"