AWS AmazonS3 documentation change
Summary
Removed two example bucket policies demonstrating principal and IP-based access controls
Security assessment
Removal of examples without explicit security context. Wildcard principals in examples could be risky, but deletion doesn't indicate a security fix.
Diff
diff --git a/AmazonS3/latest/s3-outposts/S3OutpostsIAM.md b/AmazonS3/latest/s3-outposts/S3OutpostsIAM.md index 169dca7e1..157327147 100644 --- a//AmazonS3/latest/s3-outposts/S3OutpostsIAM.md +++ b//AmazonS3/latest/s3-outposts/S3OutpostsIAM.md @@ -125,24 +124,0 @@ The following bucket policy uses an AWS account principal to grant access to an -JSON - - -**** - - - - { - "Version":"2012-10-17", - "Id":"ExampleBucketPolicy1", - "Statement":[ - { - "Sid":"statement1", - "Effect":"Allow", - "Principal":{ - "AWS":"123456789012" - }, - "Action":"s3-outposts:*", - "Resource":"arn:aws:s3-outposts:region:123456789012:outpost/op-01ac5d28a6a232904/bucket/" - } - ] - } - - @@ -153,30 +128,0 @@ The following bucket policy uses a wildcard principal (`*`) with the `aws:Source -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Id": "ExampleBucketPolicy2", - "Statement": [ - { - "Sid": "statement1", - "Effect": "Allow", - "Principal": { "AWS" : "*" }, - "Action":"s3-outposts:*", - "Resource":"arn:aws:s3-outposts:region:123456789012:outpost/op-01ac5d28a6a232904/bucket/", - "Condition" : { - "IpAddress" : { - "aws:SourceIp": "192.0.2.0/24" - }, - "NotIpAddress" : { - "aws:SourceIp": "198.51.100.0/24" - } - } - } - ] - } - -