AWS Security ChangesHomeSearch

AWS firehose medium security documentation change

Service: firehose · 2025-07-16 · Security-related medium

File: firehose/latest/dev/httpdeliveryrequestresponse.md

Summary

Added requirement for Secrets Manager JSON format when configuring API keys

Security assessment

Enforces proper secret storage format to prevent misconfiguration risks. Directly addresses secure credential handling.

Diff

diff --git a/firehose/latest/dev/httpdeliveryrequestresponse.md b/firehose/latest/dev/httpdeliveryrequestresponse.md
index 6ef7c928c..d70534307 100644
--- a//firehose/latest/dev/httpdeliveryrequestresponse.md
+++ b//firehose/latest/dev/httpdeliveryrequestresponse.md
@@ -55 +55 @@ The ARN of the Firehose stream represented in ASCII string format. The ARN encod
-This header carries an API key or other credentials. You have the ability to create or update the API-key (aka authorization token) when creating or updating your delivery-stream. Amazon Data Firehose restricts the size of the access key to 4096 bytes. Amazon Data Firehose does not attempt to interpret this key in any way. The configured key is copied verbatim into the value of this header. 
+This header carries an API key or other credentials. You have the ability to create or update the API-key (aka authorization token) when creating or updating your delivery-stream. Amazon Data Firehose restricts the size of the access key to 4096 bytes. Amazon Data Firehose does not attempt to interpret this key in any way. The configured key is copied verbatim into the value of this header. However, if you use Secrets Manager to configure the key, then the secret must follow a specific JSON object format: `{"api_key": "..."}`.