AWS AmazonS3 high security documentation change
Summary
Removed multiple JSON examples including policies enforcing SSE-KMS encryption, HTTPS-only access, and referer-based restrictions
Security assessment
Deleted examples included security-critical policies: enforcing encryption-at-rest (SSE-KMS), blocking insecure HTTP traffic, and restricting access via HTTP referer. Their removal reduces visibility into security best practices, increasing risks of data exposure or unauthorized access.
Diff
diff --git a/AmazonS3/latest/userguide/example-bucket-policies.md b/AmazonS3/latest/userguide/example-bucket-policies.md index f1a15ea7d..b4fc43aa0 100644 --- a//AmazonS3/latest/userguide/example-bucket-policies.md +++ b//AmazonS3/latest/userguide/example-bucket-policies.md @@ -133,25 +132,0 @@ The following example policy denies any objects from being written to the bucket -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Id": "PutObjPolicy", - "Statement": [{ - "Sid": "DenyObjectsThatAreNotSSEKMSWithSpecificKey", - "Principal": "*", - "Effect": "Deny", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::amzn-s3-demo-bucket/*", - "Condition": { - "ArnNotEqualsIfExists": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:aws-region:111122223333:key/01234567-89ab-cdef-0123-456789abcdef" - } - } - }] - } - - @@ -471,27 +445,0 @@ In the following example, the bucket policy explicitly denies HTTP requests. -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "RestrictToTLSRequestsOnly", - "Action": "s3:*", - "Effect": "Deny", - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-bucket", - "arn:aws:s3:::example-s3-bucket;/*" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Principal": "*" - }] - } - - @@ -504,25 +451,0 @@ To allow read access to these objects from your website, you can add a bucket po -JSON - - -**** - - - - { - "Version":"2012-10-17", - "Id":"HTTP referer policy example", - "Statement":[ - { - "Sid":"Allow only GET requests originating from www.example.com and example.com.", - "Effect":"Allow", - "Principal":"*", - "Action":["s3:GetObject","s3:GetObjectVersion"], - "Resource":"arn:aws:s3:::amzn-s3-demo-bucket/*", - "Condition":{ - "StringLike":{"aws:Referer":["http://www.example.com/*","http://example.com/*"]} - } - } - ] - } - -