Update tidb-cloud/config-s3-and-gcs-access.md

Co-authored-by: Grace Cai <[email protected]>
pingcap · Oct 9, 2024 · 5f9cab9 · 5f9cab9
1 parent d3859a9
commit 5f9cab9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/tidb-cloud/config-s3-and-gcs-access.md b/tidb-cloud/config-s3-and-gcs-access.md
@@ -117,7 +117,7 @@ Configure the bucket access for TiDB Cloud and get the Role ARN as follows:
 
         - Under **Trusted entity type**, select **AWS account**.
         - Under **An AWS account**, select **Another AWS account**, and then paste the TiDB Cloud account ID to the **Account ID** field.
-        - Under **Options**, click **Require external ID (To avoid [Confused Deputy Problem](https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html))**, and then paste the TiDB Cloud External ID to the **External ID** field. If the role is created without "Require external ID", other users having your S3 bucket URI and IAM role ARN may be able to access your Amazon S3 bucket. If the role is created with the account ID and external ID, only the TiDB clusters running in your same project and same region can access the bucket.
+        - Under **Options**, click **Require external ID** to avoid the [confused deputy problem](https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html), and then paste the TiDB Cloud External ID to the **External ID** field. If the role is created without "Require external ID", anyone with your S3 bucket URI and IAM role ARN might be able to access your Amazon S3 bucket. If the role is created with both the account ID and external ID, only TiDB clusters running in the same project and the same region can access the bucket.
 
     3. Click **Next** to open the policy list, choose the policy you just created, and then click **Next**.
     4. Under **Role details**, set a name for the role, and then click **Create role** in the lower-right corner. After the role is created, the list of roles is displayed.