AWS neptune documentation change
Summary
Added 'expectedBucketOwner' parameter to Neptune export functionality to validate S3 bucket ownership
Security assessment
This change adds a security feature that helps prevent data exfiltration by validating S3 bucket ownership before export operations, but doesn't indicate a specific security vulnerability being fixed
Diff
diff --git a/neptune/latest/userguide/export-parameters.md b/neptune/latest/userguide/export-parameters.md index 99e4e9446..d8ad277e2 100644 --- a//neptune/latest/userguide/export-parameters.md +++ b//neptune/latest/userguide/export-parameters.md @@ -7 +7 @@ -commandoutputS3PathjobSizeparamsadditionalParams +commandoutputS3PathexpectedBucketOwnerjobSizeparamsadditionalParams @@ -13 +13 @@ Whether you are using the Neptune-Export service or the `neptune-export` command -The object passed in to the export process has up to five top-level fields: +The object passed in to the export process has the following top-level fields: @@ -18,0 +19 @@ The object passed in to the export process has up to five top-level fields: + "expectedBucketOwner" : "(your AWS account ID for Amazon S3 bucket)", @@ -29,0 +31,2 @@ The object passed in to the export process has up to five top-level fields: + * [The expectedBucketOwner parameter](./export-parameters.html#export-parameters-expectedBucketOwner) + @@ -146,0 +150,7 @@ The value must begin with `s3://`, followed by a valid bucket name and optionall +## The `expectedBucketOwner` parameter + +The `expectedBucketOwner` top-level parameter is optional. When set to an AWS account ID, it validates that the Amazon S3 bucket specified in `outputS3Path` is owned by that account. If omitted, it defaults to the account ID resolved from the credentials used for Amazon S3 operations. + + + "expectedBucketOwner" : "(your AWS account ID for Amazon S3 bucket)" +