AWS prescriptive-guidance documentation change
Summary
Split long sentence about log exposure mitigation into two sentences for clarity.
Security assessment
Formatting change only. Preserves existing security guidance about log redaction without modifications to security content.
Diff
diff --git a/prescriptive-guidance/latest/presigned-url-best-practices/logging-interactions.md b/prescriptive-guidance/latest/presigned-url-best-practices/logging-interactions.md index 213218c85..c1802d2d0 100644 --- a//prescriptive-guidance/latest/presigned-url-best-practices/logging-interactions.md +++ b//prescriptive-guidance/latest/presigned-url-best-practices/logging-interactions.md @@ -21 +21,3 @@ The purpose of an intermediary is usually to block unwanted egress and to track -We recommend that URI logging redact the `X-Amz-Signature` query string parameter, redact the entire query string, or treat the information as highly confidential, as with direct access to the intermediary server. Although these protections are highly recommended, the fact that presigned URLs expire mitigates the risks of log exposure, as long as the exposure is delayed long enough for the signatures to expire. +We recommend that URI logging redact the `X-Amz-Signature` query string parameter, redact the entire query string, or treat the information as highly confidential, as with direct access to the intermediary server. + +Although these protections are highly recommended, the fact that presigned URLs expire mitigates the risks of log exposure, as long as the exposure is delayed long enough for the signatures to expire.