AWS waf documentation change
Summary
Fixed JSON formatting by replacing curly quotes with straight quotes in the S3 bucket policy example
Security assessment
Formatting correction improves policy readability but doesn't alter security guidance or address vulnerabilities. No security impact.
Diff
diff --git a/waf/latest/developerguide/logging-s3.md b/waf/latest/developerguide/logging-s3.md index b0b0ecfa4..9d9c8cd8c 100644 --- a//waf/latest/developerguide/logging-s3.md +++ b//waf/latest/developerguide/logging-s3.md @@ -264 +264 @@ JSON -In some cases, you may see `AccessDenied` errors in AWS CloudTrail if the `s3:ListBucket` permission has not been granted to `delivery.logs.amazonaws.com`. To avoid these errors in your CloudTrail logs, you must grant the `s3:ListBucket` permission to `delivery.logs.amazonaws.com` and you must include the `Condition` parameters shown with the `s3:GetBucketAcl `permission set in the preceding bucket policy. To make this simpler, instead of creating a new `Statement`, you can directly update the `AWSLogDeliveryAclCheck` to be `“Action”: [“s3:GetBucketAcl”, “s3:ListBucket”]`. +In some cases, you may see `AccessDenied` errors in AWS CloudTrail if the `s3:ListBucket` permission has not been granted to `delivery.logs.amazonaws.com`. To avoid these errors in your CloudTrail logs, you must grant the `s3:ListBucket` permission to `delivery.logs.amazonaws.com` and you must include the `Condition` parameters shown with the `s3:GetBucketAcl `permission set in the preceding bucket policy. To make this simpler, instead of creating a new `Statement`, you can directly update the `AWSLogDeliveryAclCheck` to be `"Action": ["s3:GetBucketAcl", "s3:ListBucket"]`.