AWS mediastore medium security documentation change
Summary
Removed an example policy requiring 'aws:SecureTransport' and 'aws:Referer' conditions for CloudFront access.
Security assessment
The removed policy enforced HTTPS and a referer check, which are security controls. Removing this example could lead to insecure configurations if users no longer enforce these conditions.
Diff
diff --git a/mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md b/mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md index 118bfbfb7..e215f3d5e 100644 --- a//mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md +++ b//mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md @@ -46,23 +45,0 @@ The following example policy, which is similar to the example policy for [Public - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "CloudFrontRead", - "Effect": "Allow", - "Principal": "*", - "Action": [ - "mediastore:GetObject", - "mediastore:DescribeObject" - ], - "Resource": "arn:aws:mediastore:<region>:<owner acct number>:container/<container name>/*", - "Condition": { - "StringEquals": { - "aws:Referer": "<secretValue>" - }, - "Bool": { - "aws:SecureTransport": "true" - } - } - } - ]} -