AWS Security ChangesHomeSearch

AWS neptune documentation change

Service: neptune · 2026-04-25 · Documentation medium

File: neptune/latest/userguide/export-parameters.md

Summary

Added 'expectedBucketOwner' parameter to Neptune export functionality to validate S3 bucket ownership

Security assessment

This change adds a security feature that helps prevent data exfiltration by validating S3 bucket ownership before export operations, but doesn't indicate a specific security vulnerability being fixed

Diff

diff --git a/neptune/latest/userguide/export-parameters.md b/neptune/latest/userguide/export-parameters.md
index 99e4e9446..d8ad277e2 100644
--- a//neptune/latest/userguide/export-parameters.md
+++ b//neptune/latest/userguide/export-parameters.md
@@ -7 +7 @@
-commandoutputS3PathjobSizeparamsadditionalParams
+commandoutputS3PathexpectedBucketOwnerjobSizeparamsadditionalParams
@@ -13 +13 @@ Whether you are using the Neptune-Export service or the `neptune-export` command
-The object passed in to the export process has up to five top-level fields:
+The object passed in to the export process has the following top-level fields:
@@ -18,0 +19 @@ The object passed in to the export process has up to five top-level fields:
+          "expectedBucketOwner" : "(your AWS account ID for Amazon S3 bucket)",
@@ -29,0 +31,2 @@ The object passed in to the export process has up to five top-level fields:
+  * [The expectedBucketOwner parameter](./export-parameters.html#export-parameters-expectedBucketOwner)
+
@@ -146,0 +150,7 @@ The value must begin with `s3://`, followed by a valid bucket name and optionall
+## The `expectedBucketOwner` parameter
+
+The `expectedBucketOwner` top-level parameter is optional. When set to an AWS account ID, it validates that the Amazon S3 bucket specified in `outputS3Path` is owned by that account. If omitted, it defaults to the account ID resolved from the credentials used for Amazon S3 operations.
+    
+    
+      "expectedBucketOwner" : "(your AWS account ID for Amazon S3 bucket)"
+