AWS AmazonS3 medium security documentation change
Summary
Removed an IAM policy example restricting SNS publishing permissions to a specific S3 bucket
Security assessment
The policy included security conditions (aws:SourceArn and aws:SourceAccount) to limit SNS permissions. Removing it could result in overly broad service-to-service communication policies.
Diff
diff --git a/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md b/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md index 392927bb2..133659183 100644 --- a//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md +++ b//AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.md @@ -47,34 +46,0 @@ The following is an example of an AWS Identity and Access Management (IAM) polic -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Id": "example-ID", - "Statement": [ - { - "Sid": "Example SNS topic policy", - "Effect": "Allow", - "Principal": { - "Service": "s3.amazonaws.com" - }, - "Action": [ - "SNS:Publish" - ], - "Resource": "arn:aws:sns:aws-region:111122223333:example-sns-topic", - "Condition": { - "ArnEquals": { - "aws:SourceArn": "arn:aws:s3:::amzn-s3-demo-bucket" - }, - "StringEquals": { - "aws:SourceAccount": "bucket-owner-account-id" - } - } - } - ] - } - -