AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-07-04 · Documentation low

File: apigateway/latest/developerguide/security_iam_id-based-policy-examples.md

Summary

Added JSON formatting blocks and modified IAM policy action/resource patterns

Security assessment

Enhances security documentation with policy examples but doesn't address specific vulnerabilities. Action change from 'apigateway:GET' to ':GET' and ARN pattern updates improve generality but lack explicit security context

Diff

diff --git a/apigateway/latest/developerguide/security_iam_id-based-policy-examples.md b/apigateway/latest/developerguide/security_iam_id-based-policy-examples.md
index 71092ec1f..44347d378 100644
--- a//apigateway/latest/developerguide/security_iam_id-based-policy-examples.md
+++ b//apigateway/latest/developerguide/security_iam_id-based-policy-examples.md
@@ -96,0 +97,6 @@ This example policy gives a user permission to get information about all of the
+JSON
+    
+
+****
+    
+    
@@ -104 +110 @@ This example policy gives a user permission to get information about all of the
-            "apigateway:GET"
+            ":GET"
@@ -107 +113 @@ This example policy gives a user permission to get information about all of the
-            "arn:aws:apigateway:us-east-1::/apis/a123456789/*"
+            "arn:aws::::/apis/a123456789/*"
@@ -116,0 +124,6 @@ This example policy allows a user to create APIs with only `REQUEST` or `JWT` au
+JSON
+    
+
+****
+    
+    
@@ -154,0 +169,6 @@ Because the `apis/*` resource also captures sub resources such as authorizers or
+JSON
+    
+
+****
+    
+    
@@ -199,0 +221,6 @@ We use the non-greedy matcher (`?`) to explicitly match against API IDs to preve
+JSON
+    
+
+****
+    
+    
@@ -255,0 +284,6 @@ This policy causes attempts to create or update a route (including through [impo
+JSON
+    
+
+****
+    
+    
@@ -300,0 +336,6 @@ This policy prevents a user from creating or updating a VPC link. A VPC link ena
+JSON
+    
+
+****
+    
+    
@@ -328,0 +371,6 @@ This policy prevents a user from creating or updating a `BasePathMapping`, `ApiM
+JSON
+    
+
+****
+    
+    
@@ -349,0 +399,6 @@ This policy allows a user to only update a routing rule to a priority between 10
+JSON
+    
+
+****
+    
+    
@@ -376,0 +433,6 @@ This policy allows a user to only update a base path mapping for any base path t
+JSON
+    
+
+****
+    
+    
@@ -403,0 +467,6 @@ This policy allows a user to only update the routing mode to `API_MAPPING_ONLY`
+JSON
+    
+
+****
+    
+