AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-04-04 · Documentation low

File: securityhub/latest/userguide/exposure-s3-bucket.md

Summary

Restructured and consolidated S3 bucket exposure findings, removing redundant sections and clarifying public write access documentation

Security assessment

This change reorganizes existing security documentation but doesn't introduce new security vulnerabilities or features. It removes redundant sections about S3 bucket public access and access point public access settings, and renames 'write access' to 'public write access' for clarity. The changes appear to be documentation cleanup and consolidation rather than addressing specific security issues.

Diff

diff --git a/securityhub/latest/userguide/exposure-s3-bucket.md b/securityhub/latest/userguide/exposure-s3-bucket.md
index e63fed903..7c3ee145b 100644
--- a//securityhub/latest/userguide/exposure-s3-bucket.md
+++ b//securityhub/latest/userguide/exposure-s3-bucket.md
@@ -37,2 +36,0 @@ The remediation guidance provided in this topic might require additional consult
-    * [Amazon S3 bucket has public access](./exposure-s3-bucket.html#s3-bucket-reachability-bucket-public-access)
-
@@ -41,3 +39 @@ The remediation guidance provided in this topic might require additional consult
-    * [The Amazon S3 bucket has write access](./exposure-s3-bucket.html#public-write-allowed)
-
-    * [The Amazon S3 access point has public access settings enabled](./exposure-s3-bucket.html#s3-bucket-reachability-access-point-public-access)
+    * [The Amazon S3 bucket has public write access](./exposure-s3-bucket.html#public-write-allowed)
@@ -138,21 +133,0 @@ Here are reachability traits for Amazon S3 buckets and suggested remediation ste
-### Amazon S3 bucket has public access
-
-By default, Amazon S3 buckets and objects are private, but they can be made public through various configurations. If you modify bucket policies, access point policies, or object permissions to allow public access, you risk exposing sensitive data.
-
-  1. **Assess bucket**
-
-Assess whether your bucket can be made private based on your organizational policy, compliance requirements, or data classification. If you didn't intend to grant bucket access to the public or other AWS accounts, follow the remaining remediation instructions.
-
-  2. **Configure the bucket to be private**
-
-Choose one of the following options to configure private access for your Amazon S3 bucket:
-
-     * **Account level** – To block public access for all buckets in your account using account-level settings, see [Configuring block public access settings for your account](https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-account.html) in the _Amazon Simple Storage Service User Guide_.
-
-     * **Bucket level** – To block public access for a specific bucket, see [Configuring block public access settings for yourAmazon S3buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/configuring-block-public-access-bucket.html) in the _Amazon Simple Storage Service User Guide_.
-
-     * **Bucket ACL or policies** – To modify the bucket access control list (ACL), bucket policy, Multi-Region Access Point (MRAP) policy, or access point policy to remove public access to the bucket, see [Reviewing and changing bucket access](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-analyzer.html#changing-bucket-access) in the _Amazon Simple Storage Service User Guide_. If you block public access at the account level or bucket level, those blocks take precedence over a policy that permits public access.
-
-
-
-
@@ -178 +153 @@ If public read access is required, consider these more secure alternatives:
-### The Amazon S3 bucket has write access
+### The Amazon S3 bucket has public write access
@@ -197,11 +171,0 @@ If public read access is required, consider these more secure alternatives:
-
-
-
-
-### The Amazon S3 access point has public access settings enabled
-
-Amazon S3 access points provide customized access to shared datasets in Amazon S3 buckets. When you enable public access for an access point, it could allow anyone on the internet to access your data. Following standard security principles, AWS recommends restricting public access to Amazon S3 access points. 
-
-  1. **Create a new access point with block public access enabled**
-
-Amazon S3 doesn't support changing an access point’s public access settings after an access point has been created. For information about creating an access point, see [Managing public access to access points for general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html) in the _Amazon Simple Storage Service User Guide_. For more information about managing public access to access points, see [Creating access points for general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-bpa-settings.html) in the _Amazon Simple Storage Service User Guide_.