AWS Security ChangesHomeSearch

AWS mediastore medium security documentation change

Service: mediastore · 2025-10-25 · Security-related medium

File: mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md

Summary

Removed an example policy requiring 'aws:SecureTransport' and 'aws:Referer' conditions for CloudFront access.

Security assessment

The removed policy enforced HTTPS and a referer check, which are security controls. Removing this example could lead to insecure configurations if users no longer enforce these conditions.

Diff

diff --git a/mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md b/mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md
index 118bfbfb7..e215f3d5e 100644
--- a//mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md
+++ b//mediastore/latest/ug/cdns-allowing-cloudfront-to-access-mediastore.md
@@ -46,23 +45,0 @@ The following example policy, which is similar to the example policy for [Public
-        {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid": "CloudFrontRead",
-          "Effect": "Allow",
-          "Principal": "*",
-          "Action": [
-            "mediastore:GetObject",
-            "mediastore:DescribeObject"
-          ],
-          "Resource": "arn:aws:mediastore:<region>:<owner acct number>:container/<container name>/*",
-          "Condition": {
-            "StringEquals": {
-              "aws:Referer": "<secretValue>"
-            },
-            "Bool": {
-              "aws:SecureTransport": "true"
-            }
-          }
-        }
-     ]}
-