AWS AmazonS3 high security documentation change
Summary
Removed a JSON example of a bucket policy requiring bucket-owner-full-control ACL for object uploads
Security assessment
The removed policy enforced ACL ownership controls to ensure uploaded objects are owned by the bucket owner. Removing this example could lead to misconfigurations where uploaded objects retain unintended access permissions, creating potential data access risks.
Diff
diff --git a/AmazonS3/latest/userguide/ensure-object-ownership.md b/AmazonS3/latest/userguide/ensure-object-ownership.md index 0d0978acb..aa0efecc0 100644 --- a//AmazonS3/latest/userguide/ensure-object-ownership.md +++ b//AmazonS3/latest/userguide/ensure-object-ownership.md @@ -61,32 +60,0 @@ The following bucket policy specifies that account ``111122223333`` can upload o -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Only allow writes to my bucket with bucket owner full control", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::111122223333:user/ExampleUser" - ] - }, - "Action": [ - "s3:PutObject" - ], - "Resource": "arn:aws:s3:::example-s3-bucket;/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - -