AWS keyspaces medium security documentation change
Summary
Reduced maximum limit for GetRecords from 10000 to 1000, extended shard iterator validity from 5 to 15 minutes, and updated HTTP status codes for errors (403/404/429 to 400).
Security assessment
Changing HTTP 403 (Forbidden) to 400 (Bad Request) for permission-related errors may obscure authorization failures, potentially leading to misconfigured error handling. This could mask security issues like insufficient permissions. The limit reduction might mitigate resource exhaustion risks but lacks explicit security context.
Diff
diff --git a/keyspaces/latest/StreamsAPIReference/API_GetRecords.md b/keyspaces/latest/StreamsAPIReference/API_GetRecords.md index 7bc16fd0b..0cfc119ae 100644 --- a//keyspaces/latest/StreamsAPIReference/API_GetRecords.md +++ b//keyspaces/latest/StreamsAPIReference/API_GetRecords.md @@ -28 +28 @@ The request accepts the following data in JSON format. -The maximum number of records to return in a single `GetRecords` request. Default value is 1000. You can specify a limit between 1 and 10000, but the actual number returned might be less than the specified maximum if the size of the data for the returned records exceeds the internal size limit. +The maximum number of records to return in a single `GetRecords` request. Default value is 1000. You can specify a limit between 1 and 1000, but the actual number returned might be less than the specified maximum if the size of the data for the returned records exceeds the internal size limit. @@ -39 +39 @@ Required: No -The unique identifier of the shard iterator. A shard iterator specifies the position in the shard from which you want to start reading data records sequentially. You obtain this value by calling the `GetShardIterator` operation. Each shard iterator is valid for 5 minutes after creation. +The unique identifier of the shard iterator. A shard iterator specifies the position in the shard from which you want to start reading data records sequentially. You obtain this value by calling the `GetShardIterator` operation. Each shard iterator is valid for 15 minutes after creation. @@ -149 +149 @@ This exception occurs when your IAM user or role lacks the required permissions -HTTP Status Code: 403 +HTTP Status Code: 400 @@ -167 +167 @@ This exception occurs when you attempt to access a keyspace, table, stream, or o -HTTP Status Code: 404 +HTTP Status Code: 400 @@ -176 +176 @@ This exception occurs when you send too many requests in a short period of time. -HTTP Status Code: 429 +HTTP Status Code: 400