AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-22 · Documentation low

File: cli/latest/reference/s3api/delete-objects.md

Summary

Added note about explicit denial of delete permissions causing 403 errors

Security assessment

Similar to delete-object.md change, this clarifies security policy behavior without addressing a specific vulnerability. Enhances documentation for secure policy configuration.

Diff

diff --git a/cli/latest/reference/s3api/delete-objects.md b/cli/latest/reference/s3api/delete-objects.md
index 245de14ab..074813b8f 100644
--- a//cli/latest/reference/s3api/delete-objects.md
+++ b//cli/latest/reference/s3api/delete-objects.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.39 Command Reference](../../index.html) »
+  * [AWS CLI 2.32.3 Command Reference](../../index.html) »
@@ -84,0 +85,5 @@ Permissions
+
+### Note
+
+If the `s3:DeleteObject` or `s3:DeleteObjectVersion` permissions are explicitly denied in your bucket policy, attempts to delete any unversioned objects result in a `403 Access Denied` error.
+
@@ -916 +921 @@ Errors -> (list)
-  * [AWS CLI 2.31.39 Command Reference](../../index.html) »
+  * [AWS CLI 2.32.3 Command Reference](../../index.html) »