AWS appsync medium security documentation change
Summary
Updated WAF integration details to reflect Connect operation support
Security assessment
Corrects documentation about WAF protections to prevent misconfigurations, addressing potential security gaps.
Diff
diff --git a/appsync/latest/eventapi/using-waf-protect-apis.md index f6afe53fb..46a14fb98 100644 --- a/appsync/latest/eventapi/using-waf-protect-apis.md +++ b/appsync/latest/eventapi/using-waf-protect-apis.md @@ -58 +58 @@ After you create a web ACL in the AWS WAF Console, it can take a few minutes for -AWS WAF integration only supports the `Subscription registration message` event for real-time endpoints. AWS AppSync will respond with an error message instead of a `start_ack` message for any `Subscription registration message` blocked by AWS WAF. +AWS WAF integration only supports the `Connect` operation for real-time endpoints. AWS AppSync will respond with an error message for any connection blocked by AWS WAF.