AWS AmazonS3 medium security documentation change
Summary
Updated policy description to explain session mode fallback behavior and simplified example title.
Security assessment
Clarifies security behavior of session mode prioritization (ReadWrite first). Ensures policies align with intended access levels.
Diff
diff --git a/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.md b/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.md index e289b2076..53dd39ca0 100644 --- a//AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.md +++ b//AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.md @@ -9 +9 @@ This section provides example directory bucket policies. To use these policies, -The following example bucket policy allows AWS account ID ``111122223333`` to use the `CreateSession` API operation with the default `ReadWrite` session for the specified directory bucket. This policy grants access to the Zonal endpoint (object level) API operations. +The following example bucket policy allows AWS account ID ``111122223333`` to use the `CreateSession` API operation for the specified directory bucket. When no session mode is specified, the session will be created with the maximum allowable privilege (attempting `ReadWrite` first, then `ReadOnly` if not permitted). This policy grants access to the Zonal endpoint (object level) API operations. @@ -11 +11 @@ The following example bucket policy allows AWS account ID ``111122223333`` to us -###### Example – Bucket policy to allow `CreateSession` calls with the default `ReadWrite` session +###### Example– Bucket policy to allow `CreateSession` calls