AWS Security ChangesHomeSearch

AWS AmazonS3 medium security documentation change

Service: AmazonS3 · 2025-08-28 · Security-related medium

File: AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md

Summary

Removed an IAM policy example restricting SNS publishing permissions to a specific S3 bucket

Security assessment

The policy included security conditions (aws:SourceArn and aws:SourceAccount) to limit SNS permissions. Removing it could result in overly broad service-to-service communication policies.

Diff

diff --git a/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md b/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md
index 392927bb2..133659183 100644
--- a//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md
+++ b//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md
@@ -47,34 +46,0 @@ The following is an example of an AWS Identity and Access Management (IAM) polic
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Id": "example-ID",
-        "Statement": [
-            {
-                "Sid": "Example SNS topic policy",
-                "Effect": "Allow",
-                "Principal": {
-                    "Service": "s3.amazonaws.com"
-                },
-                "Action": [
-                    "SNS:Publish"
-                ],
-                "Resource": "arn:aws:sns:aws-region:111122223333:example-sns-topic",
-                "Condition": {
-                    "ArnEquals": {
-                        "aws:SourceArn": "arn:aws:s3:::amzn-s3-demo-bucket"
-                    },
-                    "StringEquals": {
-                        "aws:SourceAccount": "bucket-owner-account-id"
-                    }
-                }
-            }
-        ]
-    } 
-    
-