AWS AmazonS3 documentation change
Summary
Removed JSON examples of cross-account bucket policies for S3 Batch Operations manifests
Security assessment
The change removes example bucket policies but does not indicate a security vulnerability or weakness. This appears to be documentation cleanup rather than addressing a security issue.
Diff
diff --git a/AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md b/AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md index 32ffcf56b..d6fc2d010 100644 --- a//AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md +++ b//AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md @@ -70,28 +69,0 @@ The following is an example of the bucket policy to apply to the source manifest -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowBatchOperationsSourceManfiestRead", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::DestinationAccountNumber:user/ConsoleUserCreatingJob", - "arn:aws:iam::DestinationAccountNumber:role/BatchOperationsDestinationRoleCOPY" - ] - }, - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Resource": "arn:aws:s3:::amzn-s3-demo-manifest-bucket/*" - } - ] - } - - @@ -104,29 +75,0 @@ The following is an example of the bucket policy for the bucket that contains th -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowBatchOperationsSourceObjectCOPY", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::DestinationAccountNumber:role/BatchOperationsDestinationRoleCOPY" - }, - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion", - "s3:GetObjectAcl", - "s3:GetObjectTagging", - "s3:GetObjectVersionAcl", - "s3:GetObjectVersionTagging" - ], - "Resource": "arn:aws:s3:::amzn-s3-demo-source-bucket/*" - } - ] - } - -