AWS Security ChangesHomeSearch

AWS snowball medium security documentation change

Service: snowball · 2025-10-10 · Security-related medium

File: snowball/latest/api-reference/api-reference.md

Summary

Added JSON code block markers and updated IAM policy statements (changed Deny/NotPrincipal to Allow/Principal in bucket policy example)

Security assessment

The IAM policy change from Deny+NotPrincipal to Allow+Principal corrects a misconfigured access control policy. This prevents potential unintended access denials and ensures proper permissions alignment with security best practices for bucket policies.

Diff

diff --git a/snowball/latest/api-reference/api-reference.md b/snowball/latest/api-reference/api-reference.md
index 62e16155e..0ab949f0d 100644
--- a//snowball/latest/api-reference/api-reference.md
+++ b//snowball/latest/api-reference/api-reference.md
@@ -56,0 +57,6 @@ Using the job management API to create jobs requires the following trust policy.
+JSON
+    
+
+****
+    
+    
@@ -85,0 +93,6 @@ Creating an import job requires the following role policy.
+JSON
+    
+
+****
+    
+    
@@ -125,0 +140,6 @@ Creating an export job requires the following role policy.
+JSON
+    
+
+****
+    
+    
@@ -155,0 +177,6 @@ In some cases, the Amazon S3 buckets that you use with Snowball Edge have bucket
+JSON
+    
+
+****
+    
+    
@@ -161,2 +188,2 @@ In some cases, the Amazon S3 buckets that you use with Snowball Edge have bucket
-    		"Effect": "Deny",
-    		"NotPrincipal": {
+    		"Effect": "Allow",
+    		"Principal": {
@@ -210,0 +239,6 @@ The preceding procedure creates an IAM role that has write permissions for the A
+JSON
+    
+
+****
+    
+    
@@ -251,0 +287,6 @@ If you use server-side encryption with AWS KMS–managed keys (SSE-KMS) to encry
+JSON
+    
+
+****
+    
+