AWS IAM documentation change
Summary
Fixed a typo in the policy statement name from 'DenyAllS3ResoucesOutsideAccountExceptDataExchange' to 'DenyAllS3ResourcesOutsideAccountExceptDataExchange'.
Security assessment
The change only corrects a spelling error ('Resouces' → 'Resources') in a policy name reference. No security logic, permissions, or policy behavior was modified. The documentation still describes the same security controls for AWS Data Exchange access.
Diff
diff --git a/IAM/latest/UserGuide/reference_policies_examples_resource_account_data_exch.md b/IAM/latest/UserGuide/reference_policies_examples_resource_account_data_exch.md index 0b6ed95c8..3b79483fe 100644 --- a//IAM/latest/UserGuide/reference_policies_examples_resource_account_data_exch.md +++ b//IAM/latest/UserGuide/reference_policies_examples_resource_account_data_exch.md @@ -17 +17 @@ If you use AWS Data Exchange in your environment, the service creates and intera - * The statement, `DenyAllS3ResoucesOutsideAccountExceptDataExchange`, uses a combination of the `ResourceAccount` and `CalledVia` conditions to deny access to the three Amazon S3 actions excluded in the previous statement. The statement denies the actions if resources do not belong in the listed account and if the calling service is not AWS Data Exchange. The statement does not deny the actions if either the resource belongs to the listed account or the listed service principal, `dataexchange.amazonaws.com`, performs the operations. + * The statement, `DenyAllS3ResourcesOutsideAccountExceptDataExchange`, uses a combination of the `ResourceAccount` and `CalledVia` conditions to deny access to the three Amazon S3 actions excluded in the previous statement. The statement denies the actions if resources do not belong in the listed account and if the calling service is not AWS Data Exchange. The statement does not deny the actions if either the resource belongs to the listed account or the listed service principal, `dataexchange.amazonaws.com`, performs the operations.