AWS systems-manager documentation change
Summary
Removed JSON policy example for S3 bucket permissions configuration
Security assessment
Removal of a policy example doesn't directly indicate a security issue. While policy configuration impacts security posture, the change appears to be documentation simplification rather than addressing a specific vulnerability. No evidence of CVE or exploit mitigation provided in the diff.
Diff
diff --git a/systems-manager/latest/userguide/inventory-create-resource-data-sync.md b/systems-manager/latest/userguide/inventory-create-resource-data-sync.md index 1b1f8b196..cfc55e74f 100644 --- a//systems-manager/latest/userguide/inventory-create-resource-data-sync.md +++ b//systems-manager/latest/userguide/inventory-create-resource-data-sync.md @@ -171,50 +170,0 @@ Optionally, replace `bucket-prefix` with the name of an Amazon S3 prefix (subdir -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "SSMBucketPermissionsCheck", - "Effect": "Allow", - "Principal": { - "Service": "ssm.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::" - }, - { - "Sid": " SSMBucketDelivery", - "Effect": "Allow", - "Principal": { - "Service": "ssm.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-bucket/bucket-prefix/*/accountid=*/*" - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:SourceOrgID": "organization-id" - } - } - }, - { - "Sid": " SSMBucketDeliveryTagging", - "Effect": "Allow", - "Principal": { - "Service": "ssm.amazonaws.com" - }, - "Action": "s3:PutObjectTagging", - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-bucket/bucket-prefix/*/accountid=*/*" - ] - } - ] - } - -