AWS Security ChangesHomeSearch

AWS AmazonS3 high security documentation change

Service: AmazonS3 · 2025-08-28 · Security-related high

File: AmazonS3/latest/userguide/ensure-object-ownership.md

Summary

Removed a JSON example of a bucket policy requiring bucket-owner-full-control ACL for object uploads

Security assessment

The removed policy enforced ACL ownership controls to ensure uploaded objects are owned by the bucket owner. Removing this example could lead to misconfigurations where uploaded objects retain unintended access permissions, creating potential data access risks.

Diff

diff --git a/AmazonS3/latest/userguide/ensure-object-ownership.md b/AmazonS3/latest/userguide/ensure-object-ownership.md
index 0d0978acb..aa0efecc0 100644
--- a//AmazonS3/latest/userguide/ensure-object-ownership.md
+++ b//AmazonS3/latest/userguide/ensure-object-ownership.md
@@ -61,32 +60,0 @@ The following bucket policy specifies that account ``111122223333`` can upload o
-JSON
-    
-
-****
-    
-    
-    
-    {
-       "Version": "2012-10-17",
-       "Statement": [
-          {
-             "Sid": "Only allow writes to my bucket with bucket owner full control",
-             "Effect": "Allow",
-             "Principal": {
-                "AWS": [
-                   "arn:aws:iam::111122223333:user/ExampleUser"
-                ]
-             },
-             "Action": [
-                "s3:PutObject"
-             ],
-             "Resource": "arn:aws:s3:::example-s3-bucket;/*",
-             "Condition": {
-                "StringEquals": {
-                   "s3:x-amz-acl": "bucket-owner-full-control"
-                }
-             }
-          }
-       ]
-    }
-    
-