AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-22 · Documentation low

File: cli/latest/reference/s3api/delete-object.md

Summary

Added note about explicit denial of delete permissions causing 403 errors

Security assessment

The change clarifies security policy enforcement behavior but does not address a specific vulnerability. It improves documentation about permission impacts, which helps users configure secure policies.

Diff

diff --git a/cli/latest/reference/s3api/delete-object.md b/cli/latest/reference/s3api/delete-object.md
index 6ef176803..16065da61 100644
--- a//cli/latest/reference/s3api/delete-object.md
+++ b//cli/latest/reference/s3api/delete-object.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.39 Command Reference](../../index.html) »
+  * [AWS CLI 2.32.3 Command Reference](../../index.html) »
@@ -94,0 +95,5 @@ Permissions
+
+### Note
+
+If the `s3:DeleteObject` or `s3:DeleteObjectVersion` permissions are explicitly denied in your bucket policy, attempts to delete any unversioned objects result in a `403 Access Denied` error.
+
@@ -416 +421 @@ RequestCharged -> (string)
-  * [AWS CLI 2.31.39 Command Reference](../../index.html) »
+  * [AWS CLI 2.32.3 Command Reference](../../index.html) »