Feature request: flag permission policies using aws:Referer or aws:UserAgent
rdegraaf opened this issue · comments
Rennie deGraaf commented
Is your feature request related to a problem? Please describe.
AWS permission policies support the condition keys "aws:Referer
" and "aws:UserAgent
", intended to allow authorization decisions to incorporate the HTTP "Referer" and "User-Agent" headers set by the caller. However, these headers should not be trusted: a client can set them to whatever value it wishes. Consequently, all permission policies using these condition keys should be considered suspect.
Describe the solution you'd like
Flag all permission policies using either of these two keys for review.