AWS prescriptive-guidance high security documentation change
Summary
Added 'Principal': '*' to S3 bucket policy examples in Resource Condition Policies (RCP) for presigned URL guardrails
Security assessment
Adding a wildcard principal (*) in IAM policies can introduce security risks if not properly constrained. However, in this context, it appears to be part of a broader RCP configuration to enforce presigned URL restrictions. The change directly modifies security controls but requires careful validation to avoid unintended access.
Diff
diff --git a/prescriptive-guidance/latest/presigned-url-best-practices/additional-guardrails.md b/prescriptive-guidance/latest/presigned-url-best-practices/additional-guardrails.md index d4536311b..1dfea39c7 100644 --- a//prescriptive-guidance/latest/presigned-url-best-practices/additional-guardrails.md +++ b//prescriptive-guidance/latest/presigned-url-best-practices/additional-guardrails.md @@ -144,0 +145 @@ The following RCP restricts presigned URL usage across all S3 buckets in an orga + "Principal": "*", @@ -158,0 +160 @@ The following RCP restricts presigned URL usage across all S3 buckets in an orga + "Principal": "*",