AWS prescriptive-guidance documentation change
Summary
Clarified policy types affecting presigned URLs by specifying 'identity-based policies' and adding 'resource control policies' to authorization factors
Security assessment
The change enhances documentation about authorization controls for presigned URLs but doesn't address a specific vulnerability. It provides clearer guidance about IAM policy types without indicating a security incident.
Diff
diff --git a/prescriptive-guidance/latest/presigned-url-best-practices/overview.md b/prescriptive-guidance/latest/presigned-url-best-practices/overview.md index b6fe54bdc..f9817b02e 100644 --- a//prescriptive-guidance/latest/presigned-url-best-practices/overview.md +++ b//prescriptive-guidance/latest/presigned-url-best-practices/overview.md @@ -34 +34 @@ A presigned request can only allow actions that are allowed by the credentials t - * Policies that are associated with the principal who is associated with the credentials + * Identity-based policies that are associated with the principal who is associated with the credentials @@ -39,0 +40,2 @@ A presigned request can only allow actions that are allowed by the credentials t + * Resource control policies that affect the session or principal +