AWS res documentation change
Summary
Multiple updates replacing placeholder values (<BUCKET-NAME>, <ACCOUNT_ID>, etc.) with concrete examples like 'amzn-s3-demo-bucket' and '111122223333'
Security assessment
Changes improve example clarity but do not modify security controls or address specific vulnerabilities
Diff
diff --git a/res/archive/release-minus-4/ug/S3-buckets.md b/res/archive/release-minus-4/ug/S3-buckets.md index 5ed940d40..4773775e3 100644 --- a//res/archive/release-minus-4/ug/S3-buckets.md +++ b//res/archive/release-minus-4/ug/S3-buckets.md @@ -180 +180 @@ RES has the ability to mount buckets from other AWS accounts, provided these buc - 3. Paste the following JSON policy (replace `<BUCKET-NAME>` with the name of the S3 bucket located in Account B): + 3. Paste the following JSON policy (replace `amzn-s3-demo-bucket` with the name of the S3 bucket located in Account B): @@ -231 +231 @@ JSON - 3. Paste the following JSON policy (replace `<ACCOUNT_ID>` with the actual account ID of Account A, `<ENVIRONMENT_NAME>` with the environment name of the RES deployment, and `<REGION>` with the AWS region RES is deployed to): + 3. Paste the following JSON policy (replace `111122223333` with the actual account ID of Account A, `{RES_ENVIRONMENT_NAME}` with the environment name of the RES deployment, and `us-east-1` with the AWS region RES is deployed to): @@ -306 +306 @@ JSON - 2. Add the following policy to grant the IAM role from Account A access to the bucket (replace `<AccountA_ID>` with the actual account ID of Account A and `<BUCKET-NAME>` with the name of the S3 bucket): + 2. Add the following policy to grant the IAM role from Account A access to the bucket (replace `111122223333` with the actual account ID of Account A and `amzn-s3-demo-bucket` with the name of the S3 bucket): @@ -377 +377 @@ To prevent users from exfiltrating data from secure S3 buckets into their own S3 - 2. In the policy editor, enter a policy that restricts access to resources within your account or a specific account. Here's an example policy (replace `mybucket` with your S3 bucket name and `111122223333` and `444455556666` with the appropriate AWS account IDs that you want to have access): + 2. In the policy editor, enter a policy that restricts access to resources within your account or a specific account. Here's an example policy (replace `amzn-s3-demo-bucket` with your S3 bucket name and `111122223333` and `444455556666` with the appropriate AWS account IDs that you want to have access):