AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-16 · Documentation medium

File: apigateway/latest/developerguide/http-api-lambda-authorizer.md

Summary

Added policy scope requirements for cached authorizers and route updates

Security assessment

Clarifies need for comprehensive policy coverage when using caching features, enhancing security documentation without evidence of patching a vulnerability

Diff

diff --git a/apigateway/latest/developerguide/http-api-lambda-authorizer.md b/apigateway/latest/developerguide/http-api-lambda-authorizer.md
index 8fa7677cd..afb769324 100644
--- a//apigateway/latest/developerguide/http-api-lambda-authorizer.md
+++ b//apigateway/latest/developerguide/http-api-lambda-authorizer.md
@@ -182,5 +181,0 @@ IAM policy
-JSON
-
-JSON
-    
-
@@ -419 +414 @@ To enable caching, your authorizer must have at least one identity source.
-If you enable simple responses for an authorizer, the authorizer's response fully allows or denies all API requests that match the cached identity source values. For more granular permissions, disable simple responses and return an IAM policy.
+If you enable simple responses for an authorizer, the authorizer's response fully allows or denies all API requests that match the cached identity source values. For more granular permissions, disable simple responses and return an IAM policy. Depending on your authorizer, your IAM policy might need to control access to multiple.
@@ -447 +442 @@ The following [add-permission](https://docs.aws.amazon.com/cli/latest/reference/
-After you've created an authorizer and granted API Gateway permission to invoke it, update your route to use the authorizer. The following [update-route](https://docs.aws.amazon.com/cli/latest/reference/apigatewayv2/update-route.html) command adds the Lambda authorizer to the route.
+After you've created an authorizer and granted API Gateway permission to invoke it, update your route to use the authorizer. The following [update-route](https://docs.aws.amazon.com/cli/latest/reference/apigatewayv2/update-route.html) command adds the Lambda authorizer to the route. If your Lambda authorizer uses policy caching, make sure you update the policy to control access for the additional route.