AWS network-firewall documentation change
Summary
Added JSON formatting markers and corrected S3 permissions (ListAllMyBuckets)
Security assessment
Fixed S3 action name to ListAllMyBuckets for accuracy. Improves security documentation but not a vulnerability fix.
Diff
diff --git a/network-firewall/latest/developerguide/logging-s3.md b/network-firewall/latest/developerguide/logging-s3.md index df9ad3f93..10cfbba9a 100644 --- a//network-firewall/latest/developerguide/logging-s3.md +++ b//network-firewall/latest/developerguide/logging-s3.md @@ -75,0 +76,6 @@ You must have the following permissions settings to configure your firewall to s +JSON + + +**** + + @@ -98 +104 @@ You must have the following permissions settings to configure your firewall to s - "s3:GetBucketPolicy", + "s3:GetBucketPolicy" @@ -101 +107 @@ You must have the following permissions settings to configure your firewall to s - Amazon S3 bucket ARN" + "arn:aws:s3:::bucket-name" @@ -111,0 +119,6 @@ If the user creating the log owns the bucket, the service automatically attaches +JSON + + +**** + + @@ -137,0 +152,6 @@ For example, the following bucket policy allows AWS accounts `111122223333` and +JSON + + +**** + + @@ -214,0 +236,6 @@ The following view shows both standard Amazon S3 permissions and the additional +JSON + + +**** + + @@ -240 +267 @@ The following view shows both standard Amazon S3 permissions and the additional - "s3:ListBuckets", + "s3:ListAllMyBuckets",