AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-07-01 · Documentation low

File: waf/latest/developerguide/logging-s3.md

Summary

Fixed JSON formatting by replacing curly quotes with straight quotes in the S3 bucket policy example

Security assessment

Formatting correction improves policy readability but doesn't alter security guidance or address vulnerabilities. No security impact.

Diff

diff --git a/waf/latest/developerguide/logging-s3.md b/waf/latest/developerguide/logging-s3.md
index b0b0ecfa4..9d9c8cd8c 100644
--- a//waf/latest/developerguide/logging-s3.md
+++ b//waf/latest/developerguide/logging-s3.md
@@ -264 +264 @@ JSON
-In some cases, you may see `AccessDenied` errors in AWS CloudTrail if the `s3:ListBucket` permission has not been granted to `delivery.logs.amazonaws.com`. To avoid these errors in your CloudTrail logs, you must grant the `s3:ListBucket` permission to `delivery.logs.amazonaws.com` and you must include the `Condition` parameters shown with the `s3:GetBucketAcl `permission set in the preceding bucket policy. To make this simpler, instead of creating a new `Statement`, you can directly update the `AWSLogDeliveryAclCheck` to be `“Action”: [“s3:GetBucketAcl”, “s3:ListBucket”]`.
+In some cases, you may see `AccessDenied` errors in AWS CloudTrail if the `s3:ListBucket` permission has not been granted to `delivery.logs.amazonaws.com`. To avoid these errors in your CloudTrail logs, you must grant the `s3:ListBucket` permission to `delivery.logs.amazonaws.com` and you must include the `Condition` parameters shown with the `s3:GetBucketAcl `permission set in the preceding bucket policy. To make this simpler, instead of creating a new `Statement`, you can directly update the `AWSLogDeliveryAclCheck` to be `"Action": ["s3:GetBucketAcl", "s3:ListBucket"]`.