s3:TlsVersion condition example grants access to any (anonymous) users

Question

s3:TlsVersion condition example grants access to any (anonymous) users

oedm opened this issue 3 years ago · 2 comments

The second example of Example 8: Requiring a minimum TLS version shows an use case which grants access to upload files to everyone ("Principal": "*") if they match the condition of the TLS Version.
In my opinion, this is a poor example inside the official documentation, since inexperienced users could simple copy & paste that example without realizing they open up their bucket to the whole world.

I would like to suggest to expand that example with an IAM role (pull request will follow) in order to mitigate this risky bucket policy.

Thanks!
Marcel

Answer 1 · 2022-03-15T18:24:37.000Z

Thank you for your request. I'll review your pull request and use that to track the status of the update.

Answer 2 · 2022-09-22T10:40:55.000Z

Hi @DBirtolo-AMZ,
sorry to bother you afterwards, but the change is still not published onto the official web page after arround 6 months.

best regards
Marcel