AWS AWSEC2 documentation change
Summary
Added requirement for s3:PutBucketOwnershipControls permission to enable ACLs for new S3 buckets during AMI copy operations
Security assessment
The change documents a new permission requirement for configuring bucket ACLs during AMI copies, which relates to access control mechanisms. However, there's no evidence of a specific security vulnerability being addressed. The addition helps users properly configure permissions for secure AMI copying operations.
Diff
diff --git a/AWSEC2/latest/UserGuide/copy-ami-permissions.md b/AWSEC2/latest/UserGuide/copy-ami-permissions.md index f8e2a4cad..999e67459 100644 --- a//AWSEC2/latest/UserGuide/copy-ami-permissions.md +++ b//AWSEC2/latest/UserGuide/copy-ami-permissions.md @@ -22 +22,3 @@ If you're copying an instance stored-backed AMI, you need the following _additio - * `s3:GetBucketAcl` – To read the ACL permissions for the source bucket + * `s3:PutBucketOwnershipControls` – To enable ACLs for the newly created S3 bucket so that objects can be written with the `aws-exec-read` [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) + + * `s3:GetBucketAcl` – To read the ACLs for the source bucket