AWS AmazonS3 high security documentation change
Summary
Removed a JSON example of a bucket policy enforcing bucket-owner-full-control ACLs
Security assessment
This example was critical for maintaining object ownership during ACL migration. Its removal might lead to misconfigured ownership transitions, risking unintended access retention by previous owners.
Diff
diff --git a/AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md b/AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md index b0f258227..809404872 100644 --- a//AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md +++ b//AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md @@ -330,32 +329,0 @@ If your bucket policy uses an ACL-related condition key to require the `bucket-o -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Only allow writes to my bucket with bucket owner full control", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::111122223333:user/ExampleUser" - ] - }, - "Action": [ - "s3:PutObject" - ], - "Resource": "arn:aws:s3:::example-s3-bucket;/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - -