AWS snowball medium security documentation change
Summary
Added JSON code block markers and updated IAM policy statements (changed Deny/NotPrincipal to Allow/Principal in bucket policy example)
Security assessment
The IAM policy change from Deny+NotPrincipal to Allow+Principal corrects a misconfigured access control policy. This prevents potential unintended access denials and ensures proper permissions alignment with security best practices for bucket policies.
Diff
diff --git a/snowball/latest/api-reference/api-reference.md b/snowball/latest/api-reference/api-reference.md index 62e16155e..0ab949f0d 100644 --- a//snowball/latest/api-reference/api-reference.md +++ b//snowball/latest/api-reference/api-reference.md @@ -56,0 +57,6 @@ Using the job management API to create jobs requires the following trust policy. +JSON + + +**** + + @@ -85,0 +93,6 @@ Creating an import job requires the following role policy. +JSON + + +**** + + @@ -125,0 +140,6 @@ Creating an export job requires the following role policy. +JSON + + +**** + + @@ -155,0 +177,6 @@ In some cases, the Amazon S3 buckets that you use with Snowball Edge have bucket +JSON + + +**** + + @@ -161,2 +188,2 @@ In some cases, the Amazon S3 buckets that you use with Snowball Edge have bucket - "Effect": "Deny", - "NotPrincipal": { + "Effect": "Allow", + "Principal": { @@ -210,0 +239,6 @@ The preceding procedure creates an IAM role that has write permissions for the A +JSON + + +**** + + @@ -251,0 +287,6 @@ If you use server-side encryption with AWS KMS–managed keys (SSE-KMS) to encry +JSON + + +**** + +