AWS Security ChangesHomeSearch

AWS AmazonS3 high security documentation change

Service: AmazonS3 · 2025-08-28 · Security-related high

File: AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md

Summary

Removed a JSON example of a bucket policy enforcing bucket-owner-full-control ACLs

Security assessment

This example was critical for maintaining object ownership during ACL migration. Its removal might lead to misconfigured ownership transitions, risking unintended access retention by previous owners.

Diff

diff --git a/AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md b/AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md
index b0f258227..809404872 100644
--- a//AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md
+++ b//AmazonS3/latest/userguide/object-ownership-migrating-acls-prerequisites.md
@@ -330,32 +329,0 @@ If your bucket policy uses an ACL-related condition key to require the `bucket-o
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "Only allow writes to my bucket with bucket owner full control",
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": [
-                        "arn:aws:iam::111122223333:user/ExampleUser"
-                    ]
-                },
-                "Action": [
-                    "s3:PutObject"
-                ],
-                "Resource": "arn:aws:s3:::example-s3-bucket;/*",
-                "Condition": {
-                    "StringEquals": {
-                        "s3:x-amz-acl": "bucket-owner-full-control"
-                    }
-                }
-            }
-        ]
-    }
-    
-