AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-09-19 · Documentation low

File: AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md

Summary

Added example bucket policy JSON for cross-account S3 Batch Operations manifest access

Security assessment

Documents secure cross-account access patterns for batch operations but does not indicate remediation of a security issue. Shows proper resource-based policy configuration.

Diff

diff --git a/AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md b/AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md
index abb3b000b..7678a3ef8 100644
--- a//AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md
+++ b//AmazonS3/latest/userguide/specify-batchjob-manifest-xaccount-csv.md
@@ -69,0 +70,28 @@ The following is an example of the bucket policy to apply to the source manifest
+JSON
+    
+
+****
+    
+    
+        {
+      "Version": "2012-10-17",		 	 	 
+      "Statement": [
+        {
+          "Sid": "AllowBatchOperationsSourceManifestRead",
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": [
+              "arn:aws:iam::111122223333:user/ConsoleUserCreatingJob",
+              "arn:aws:iam::111122223333:role/BatchOperationsDestinationRoleCOPY"
+            ]
+          },
+          "Action": [
+            "s3:GetObject",
+            "s3:GetObjectVersion"
+          ],
+          "Resource": "arn:aws:s3:::amzn-s3-demo-manifest-bucket/*"
+        }
+      ]
+    }
+    
+