AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2026-05-28 · Documentation medium

File: AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md

Summary

Added SNS topic policy example with source ARN and account restrictions.

Security assessment

New example demonstrates security best practices for S3-SNS integration using conditions to restrict access. While security-related, no specific vulnerability is addressed.

Diff

diff --git a/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md b/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md
index 3a25ab913..c803ea4ff 100644
--- a//AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md
+++ b//AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md
@@ -171,0 +172,26 @@ You get an email requesting you to confirm your subscription to the topic. Confi
+        {
+        "Version": "2012-10-17",
+        "Id": "example-ID",
+        "Statement": [
+            {
+                "Sid": "example-statement-ID",
+                "Effect": "Allow",
+                "Principal": {
+                    "Service": "s3.amazonaws.com"
+                },
+                "Action": [
+                    "SNS:Publish"
+                ],
+                "Resource": "arn:aws:sns:us-west-2:111122223333:s3-notification-topic",
+                "Condition": {
+                    "ArnLike": {
+                        "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1"
+                    },
+                    "StringEquals": {
+                        "aws:SourceAccount": "bucket-owner-123456789012"
+                    }
+                }
+            }
+        ]
+    }
+