AWS connect documentation change
Summary
Added detailed JSON policy example for S3 bucket access permissions
Security assessment
The change provides a security-focused IAM policy template with source account/ARN conditions, demonstrating security best practices for resource access control but does not address a specific vulnerability.
Diff
diff --git a/connect/latest/adminguide/setup-prompts-s3.md b/connect/latest/adminguide/setup-prompts-s3.md index e7452a6e9..749a6d767 100644 --- a//connect/latest/adminguide/setup-prompts-s3.md +++ b//connect/latest/adminguide/setup-prompts-s3.md @@ -35,0 +36,34 @@ To allow Amazon Connect to play prompts from an S3 bucket, when you set up your +JSON + + +**** + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "statement1", + "Effect": "Allow", + "Principal": { + "Service": "connect.amazonaws.com" + }, + "Action": [ + "s3:ListBucket", + "s3:GetObject" + ], + "Resource": [ + "arn:aws:s3:::amzn-s3-demo-bucket1", + "arn:aws:s3:::amzn-s3-demo-bucket1/*" + ], + "Condition": { + "StringEquals": { + "aws:SourceAccount": "account-id", + "aws:SourceArn": "arn:aws:connect:region:account-id:instance/instance-id" + } + } + } + ] + } + +