AWS AmazonS3 documentation change
Summary
Added SNS topic policy example with source ARN and account restrictions.
Security assessment
New example demonstrates security best practices for S3-SNS integration using conditions to restrict access. While security-related, no specific vulnerability is addressed.
Diff
diff --git a/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md b/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md index 3a25ab913..c803ea4ff 100644 --- a//AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md +++ b//AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.md @@ -171,0 +172,26 @@ You get an email requesting you to confirm your subscription to the topic. Confi + { + "Version": "2012-10-17", + "Id": "example-ID", + "Statement": [ + { + "Sid": "example-statement-ID", + "Effect": "Allow", + "Principal": { + "Service": "s3.amazonaws.com" + }, + "Action": [ + "SNS:Publish" + ], + "Resource": "arn:aws:sns:us-west-2:111122223333:s3-notification-topic", + "Condition": { + "ArnLike": { + "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1" + }, + "StringEquals": { + "aws:SourceAccount": "bucket-owner-123456789012" + } + } + } + ] + } +