AWS apigateway medium security documentation change
Summary
Added warning about updating IAM policies for IPv6 compatibility with dualstack endpoints
Security assessment
Directly addresses potential security impact of outdated policies blocking access when using dualstack endpoints
Diff
diff --git a/apigateway/latest/developerguide/apigateway-resource-policies-examples.md b/apigateway/latest/developerguide/apigateway-resource-policies-examples.md index 61c813b3a..3adfd8c27 100644 --- a/apigateway/latest/developerguide/apigateway-resource-policies-examples.md +++ b/apigateway/latest/developerguide/apigateway-resource-policies-examples.md @@ -81,0 +82,2 @@ The following example resource policy denies (blocks) incoming traffic to an API +If you use any IAM user policies or API Gateway resource policies to control access to API Gateway or any API Gateway APIs, confirm that your policies are updated to include IPv6 address ranges. Policies that aren’t updated to handle IPv6 addresses might impact client’s access to API Gateway when they start using the dualstack endpoint. For more information, see [Using IPv6 addresses in IAM policies](./api-ref.html#api-reference-service-endpoints-dualstack-iam). +