AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2026-05-28 · Documentation low

File: AmazonS3/latest/userguide/security_iam_service-with-iam.md

Summary

Updated IAM policy condition example from 's3:x-amz-acl' to 's3:x-amz-storage-class'.

Security assessment

Change replaces an ACL-related condition with a storage class condition. No security vulnerability or incident is referenced. Storage class conditions relate to cost optimization, not security.

Diff

diff --git a/AmazonS3/latest/userguide/security_iam_service-with-iam.md b/AmazonS3/latest/userguide/security_iam_service-with-iam.md
index 29f85c87b..c1628b4e3 100644
--- a//AmazonS3/latest/userguide/security_iam_service-with-iam.md
+++ b//AmazonS3/latest/userguide/security_iam_service-with-iam.md
@@ -743 +743 @@ JSON
-In the example, the `Condition` block specifies the `StringEquals` condition that is applied to the specified key-value pair, `"s3:x-amz-acl":["public-read"]`. There is a set of predefined keys that you can use in expressing a condition. The example uses the `s3:x-amz-acl` condition key. This condition requires the user to include the `x-amz-acl` header with value `public-read` in every `PutObject` request.
+In the example, the `Condition` block specifies the `StringEquals` condition that is applied to the specified key-value pair, `"s3:x-amz-storage-class":["STANDARD_IA"]`. There is a set of predefined keys that you can use in expressing a condition. The example uses the `s3:x-amz-storage-class` condition key. This condition requires the user to include the `x-amz-storage-class` header with value `STANDARD_IA` in every `PutObject` request.