AWS AmazonS3 documentation change
Summary
Updated IAM policy condition example from 's3:x-amz-acl' to 's3:x-amz-storage-class'.
Security assessment
Change replaces an ACL-related condition with a storage class condition. No security vulnerability or incident is referenced. Storage class conditions relate to cost optimization, not security.
Diff
diff --git a/AmazonS3/latest/userguide/security_iam_service-with-iam.md b/AmazonS3/latest/userguide/security_iam_service-with-iam.md index 29f85c87b..c1628b4e3 100644 --- a//AmazonS3/latest/userguide/security_iam_service-with-iam.md +++ b//AmazonS3/latest/userguide/security_iam_service-with-iam.md @@ -743 +743 @@ JSON -In the example, the `Condition` block specifies the `StringEquals` condition that is applied to the specified key-value pair, `"s3:x-amz-acl":["public-read"]`. There is a set of predefined keys that you can use in expressing a condition. The example uses the `s3:x-amz-acl` condition key. This condition requires the user to include the `x-amz-acl` header with value `public-read` in every `PutObject` request. +In the example, the `Condition` block specifies the `StringEquals` condition that is applied to the specified key-value pair, `"s3:x-amz-storage-class":["STANDARD_IA"]`. There is a set of predefined keys that you can use in expressing a condition. The example uses the `s3:x-amz-storage-class` condition key. This condition requires the user to include the `x-amz-storage-class` header with value `STANDARD_IA` in every `PutObject` request.