AWS mediastore high security documentation change
Summary
Enforced 'aws:SecureTransport' condition to 'true' (HTTPS-only) in cross-account HTTP policy example.
Security assessment
The change mandates HTTPS for requests, mitigating risks of data interception. This explicitly strengthens security controls in the example policy.
Diff
diff --git a/mediastore/latest/ug/policies-examples-cross-acccount-http.md b/mediastore/latest/ug/policies-examples-cross-acccount-http.md index 9d3eae991..4aa69b255 100644 --- a//mediastore/latest/ug/policies-examples-cross-acccount-http.md +++ b//mediastore/latest/ug/policies-examples-cross-acccount-http.md @@ -10,0 +11,6 @@ This example policy allows users to retrieve an object through an HTTP request. +JSON + + +**** + + @@ -14 +20,2 @@ This example policy allows users to retrieve an object through an HTTP request. - "Statement" : [ { + "Statement": [ + { @@ -18 +25 @@ This example policy allows users to retrieve an object through an HTTP request. - "AWS" : "arn:aws:iam::<other acct number>:root" + "AWS": "arn:aws:iam::333333333333:root" @@ -20,2 +27,5 @@ This example policy allows users to retrieve an object through an HTTP request. - "Action" : [ "mediastore:GetObject", "mediastore:DescribeObject" ], - "Resource" : "arn:aws:mediastore:<region>:<owner acct number>:container/<container name>/*", + "Action": [ + "mediastore:GetObject", + "mediastore:DescribeObject" + ], + "Resource": "arn:aws:mediastore:us-east-2:333333333333:container/<container name>/*", @@ -24 +34,2 @@ This example policy allows users to retrieve an object through an HTTP request. - "aws:SecureTransport" : [ "true", "false" ] + "aws:SecureTransport": "true" + } @@ -27 +38 @@ This example policy allows users to retrieve an object through an HTTP request. - } ] + ]