AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-16 · Documentation medium

File: apigateway/latest/developerguide/configure-api-gateway-lambda-authorization.md

Summary

Added guidance to update policies when attaching authorizers to new methods with caching

Security assessment

Warns about potential authorization inconsistencies when expanding API methods with cached policies, improving security documentation without referencing a specific vulnerability

Diff

diff --git a/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization.md b/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization.md
index 700b720df..31a307f62 100644
--- a//apigateway/latest/developerguide/configure-api-gateway-lambda-authorization.md
+++ b//apigateway/latest/developerguide/configure-api-gateway-lambda-authorization.md
@@ -174 +174 @@ After your create your Lambda authorizer, you can test it. The following [test-i
-After you configure your Lambda authorizer, you must attach it to a method for your API.
+After you configure your Lambda authorizer, you must attach it to a method for your API. If your authorizer uses authorization caching, make sure you update the policy to control access for the additional method.
@@ -199 +199 @@ After you configure your Lambda authorizer, you must attach it to a method for y
-After you configure your Lambda authorizer, you must attach it to a method for your API. You can create a new method or use a patch operation to attach an authorizer to an existing method.
+After you configure your Lambda authorizer, you must attach it to a method for your API. You can create a new method or use a patch operation to attach an authorizer to an existing method. If your authorizer uses authorization caching, make sure you update the policy to control access for the additional method.