AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-11-22 · Documentation medium

File: AmazonS3/latest/userguide/VersionedObjectPermissionsandACLs.md

Summary

Replaced example grantee email with canonical user ID and removed DisplayName fields in ACL XML example.

Security assessment

The change clarifies the use of canonical user IDs (a security best practice) instead of email addresses for ACLs, improving documentation accuracy. While this promotes secure configuration, there is no indication of addressing a specific security vulnerability.

Diff

diff --git a/AmazonS3/latest/userguide/VersionedObjectPermissionsandACLs.md b/AmazonS3/latest/userguide/VersionedObjectPermissionsandACLs.md
index 2db92669a..3d2580ffa 100644
--- a//AmazonS3/latest/userguide/VersionedObjectPermissionsandACLs.md
+++ b//AmazonS3/latest/userguide/VersionedObjectPermissionsandACLs.md
@@ -11 +11 @@ Permissions for objects in Amazon S3 are set at the version level. Each version
-The following request sets the permission of the grantee, `[email protected]`, to `FULL_CONTROL` on the key, `my-image.jpg`, version ID, `3HL4kqtJvjVBH40Nrjfkd`.
+The following request sets the permission of the grantee with canonical user ID `b4bf1b36f9716f094c3079dcf5ac9982d4f2847de46204d47448bc557fb5ac2a`, to `FULL_CONTROL` on the key, `my-image.jpg`, version ID, `3HL4kqtJvjVBH40Nrjfkd`.
@@ -23 +22,0 @@ The following request sets the permission of the grantee, `[email protected]
-        <DisplayName>[email protected]</DisplayName>
@@ -29 +27,0 @@ The following request sets the permission of the grantee, `[email protected]
-            <DisplayName>[email protected]</DisplayName>