|
|
|
|
|
|
by gunapologist99
1641 days ago
|
|
|
> * Objects with a default-deny bucket policy could not have been circumvented with the support team's escalated privilege. So if you have a policy that looks something like this, that data was not exposed Service accounts are not constrained by customer bucket policies. In fact, not even SCP's are restricted by service-linked roles: "SCPs do not affect any service-linked role. Service-linked roles enable other AWS services to integrate with AWS Organizations and can't be restricted by SCPs." https://docs.aws.amazon.com/organizations/latest/userguide/o... |
|
|