AWS Security ChangesHomeSearch

AWS appsync medium security documentation change

Service: appsync · 2025-03-05 · Security-related medium

File: appsync/latest/eventapi/using-waf-protect-apis.md

Summary

Updated WAF integration details to reflect Connect operation support

Security assessment

Corrects documentation about WAF protections to prevent misconfigurations, addressing potential security gaps.

Diff

diff --git a/appsync/latest/eventapi/using-waf-protect-apis.md
index f6afe53fb..46a14fb98 100644
--- a/appsync/latest/eventapi/using-waf-protect-apis.md
+++ b/appsync/latest/eventapi/using-waf-protect-apis.md
@@ -58 +58 @@ After you create a web ACL in the AWS WAF Console, it can take a few minutes for
-AWS WAF integration only supports the `Subscription registration message` event for real-time endpoints. AWS AppSync will respond with an error message instead of a `start_ack` message for any `Subscription registration message` blocked by AWS WAF. 
+AWS WAF integration only supports the `Connect` operation for real-time endpoints. AWS AppSync will respond with an error message for any connection blocked by AWS WAF.