AWS AmazonElastiCache documentation change
Summary
Updated the S3 bucket policy example for seeding Redis backups to include a service principal and specific S3 actions, replacing a more permissive policy.
Security assessment
The policy now specifies exact S3 actions required (e.g., s3:PutObject, s3:ListBucket) and uses a service principal, which enhances security by applying least-privilege permissions. However, no evidence of a security issue is present; this is a documentation improvement for security practices.
Diff
diff --git a/AmazonElastiCache/latest/dg/backups-seeding-redis.md b/AmazonElastiCache/latest/dg/backups-seeding-redis.md index 1ce1486e3..3894aa502 100644 --- a//AmazonElastiCache/latest/dg/backups-seeding-redis.md +++ b//AmazonElastiCache/latest/dg/backups-seeding-redis.md @@ -271 +270,0 @@ JSON - "Id": "Policy15397346", @@ -274 +273 @@ JSON - "Sid": "Stmt15399483", + "Sid": "ElastiCacheSnapshotExport", @@ -275,0 +275,3 @@ JSON + "Principal": { + "Service": "region.elasticache-snapshot.amazonaws.com" + }, @@ -276,0 +279 @@ JSON + "s3:PutObject", @@ -279 +282,3 @@ JSON - "s3:GetBucketAcl" + "s3:GetBucketAcl", + "s3:ListMultipartUploadParts", + "s3:ListBucketMultipartUploads" @@ -283,2 +288 @@ JSON - "arn:aws:s3:::amzn-s3-demo-bucket/backup1.rdb", - "arn:aws:s3:::amzn-s3-demo-bucket/backup2.rdb" + "arn:aws:s3:::amzn-s3-demo-bucket/*"