AWS apigateway high security documentation change
Summary
Modified IAM trust policy example by removing service principal (changed 'apigateway.amazonaws.com' to empty string)
Security assessment
Removing the service principal from an IAM trust relationship creates an invalid policy that could break authentication/authorization mechanisms if copied by users, introducing a security misconfiguration risk
Diff
diff --git a/apigateway/latest/developerguide/how-to-method-settings-console.md b/apigateway/latest/developerguide/how-to-method-settings-console.md index b78cdd035..b1d18a349 100644 --- a//apigateway/latest/developerguide/how-to-method-settings-console.md +++ b//apigateway/latest/developerguide/how-to-method-settings-console.md @@ -126,0 +127,6 @@ To create the IAM role, you can adapt the instructions in [Step 1: Create the AW +JSON + + +**** + + @@ -146,0 +154,6 @@ For the IAM role's trust relationship, specify the following, which enables API +JSON + + +**** + + @@ -154 +167 @@ For the IAM role's trust relationship, specify the following, which enables API - "Service": "apigateway.amazonaws.com" + "Service": ""