AWS cli documentation change
Summary
Updated session mode documentation for copy operations to match new permission evaluation logic
Security assessment
Aligns copy operation documentation with updated session creation logic, improving clarity about security controls but not addressing vulnerabilities.
Diff
diff --git a/cli/latest/reference/s3api/upload-part-copy.md b/cli/latest/reference/s3api/upload-part-copy.md index d3820221d..17ce292dc 100644 --- a//cli/latest/reference/s3api/upload-part-copy.md +++ b//cli/latest/reference/s3api/upload-part-copy.md @@ -15 +15 @@ - * [AWS CLI 2.34.5 Command Reference](../../index.html) » + * [AWS CLI 2.34.8 Command Reference](../../index.html) » @@ -93 +93 @@ You must have `READ` access to the source object and `WRITE` access to the desti - * If the source object that you want to copy is in a directory bucket, you must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy to read the object. By default, the session is in the `ReadWrite` mode. If you want to restrict the access, you can explicitly set the `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. + * If the source object that you want to copy is in a directory bucket, you must have the ** `s3express:CreateSession` ** permission in the `Action` element of a policy to read the object. If no session mode is specified, the session will be created with the maximum allowable privilege, attempting `ReadWrite` first, then `ReadOnly` if `ReadWrite` is not permitted. If you want to explicitly restrict the access to be read-only, you can set the `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. @@ -645 +645 @@ RequestCharged -> (string) - * [AWS CLI 2.34.5 Command Reference](../../index.html) » + * [AWS CLI 2.34.8 Command Reference](../../index.html) »