Vulnerabilities in 22 APIs across 16 Amazon Web Services products can be exploited to compromise basic information on the user and gain access to details of cloud accounts. The vulnerability is contained within a feature that authenticates resource-based policies while accessing commonly used services such as Amazon S3 buckets. These vulnerabilities have been observed across all the three AWS regions – including domains for government services and China – with Amazon Simple Storage Service, or S3, KMS and Amazon Simple Queue Service all open to being abused.”]
Source: https://www.cuinfosecurity.com/aws-flaw-allows-attackers-to-find-users-access-codes-a-15408