AWS Security ChangesHomeSearch

AWS AmazonS3 medium security documentation change

Service: AmazonS3 · 2025-11-04 · Security-related medium

File: AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.md

Summary

Clarified permissions required to deny deletions in versioning-suspended buckets.

Security assessment

Explains how to secure versioning-suspended buckets against unauthorized deletions, addressing a potential security gap.

Diff

diff --git a/AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.md b/AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.md
index 8066939bd..56dfdbace 100644
--- a//AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.md
+++ b//AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.md
@@ -30 +30,3 @@ The following figure shows a bucket that doesn't have a null version. In this ca
-Even in a versioning-suspended bucket, the bucket owner can permanently delete a specified version by including the version ID in the `DELETE` request. The following figure shows that deleting a specified object version permanently removes that version of the object. Only the bucket owner can delete a specified object version.
+Even in a versioning-suspended bucket, the bucket owner can permanently delete a specified version by including the version ID in the `DELETE` request, unless permissions for the `DELETE` request have been explicitly denied. For example, to deny deletion of any objects that have a `null` version ID, you must explicitly deny the `s3:DeleteObject` and `s3:DeleteObjectVersions` permissions.
+
+The following figure shows that deleting a specified object version permanently removes that version of the object. Only the bucket owner can delete a specified object version.