AWS apigateway documentation change
Summary
Added guidance about controlling access to multiple resources in Lambda authorizer policy examples
Security assessment
The change improves documentation about proper access control configuration in authorization policies, which is security-related best practice but does not address a specific vulnerability.
Diff
diff --git a/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.md b/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.md index eeb27429c..63ede4a2b 100644 --- a//apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.md +++ b//apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.md @@ -39 +39 @@ JSON -Here, a policy statement specifies whether to allow or deny (`Effect`) the API Gateway execution service to invoke (`Action`) the specified API method (`Resource`). You can use a wild card (`*`) to specify a resource type (method). For information about setting valid policies for calling an API, see [Statement reference of IAM policies for executing API in API Gateway](./api-gateway-control-access-using-iam-policies-to-invoke-api.html#api-gateway-calling-api-permissions). +Here, a policy statement specifies whether to allow or deny (`Effect`) the API Gateway execution service to invoke (`Action`) the specified API method (`Resource`). You might need to control access to multiple resources based on your authorizer. You can use a wild card (`*`) to specify a resource type (method). For information about setting valid policies for calling an API, see [Statement reference of IAM policies for executing API in API Gateway](./api-gateway-control-access-using-iam-policies-to-invoke-api.html#api-gateway-calling-api-permissions).