AWS apigateway documentation change
Summary
Added policy scope requirements for cached authorizers and route updates
Security assessment
Clarifies need for comprehensive policy coverage when using caching features, enhancing security documentation without evidence of patching a vulnerability
Diff
diff --git a/apigateway/latest/developerguide/http-api-lambda-authorizer.md b/apigateway/latest/developerguide/http-api-lambda-authorizer.md index 8fa7677cd..afb769324 100644 --- a//apigateway/latest/developerguide/http-api-lambda-authorizer.md +++ b//apigateway/latest/developerguide/http-api-lambda-authorizer.md @@ -182,5 +181,0 @@ IAM policy -JSON - -JSON - - @@ -419 +414 @@ To enable caching, your authorizer must have at least one identity source. -If you enable simple responses for an authorizer, the authorizer's response fully allows or denies all API requests that match the cached identity source values. For more granular permissions, disable simple responses and return an IAM policy. +If you enable simple responses for an authorizer, the authorizer's response fully allows or denies all API requests that match the cached identity source values. For more granular permissions, disable simple responses and return an IAM policy. Depending on your authorizer, your IAM policy might need to control access to multiple. @@ -447 +442 @@ The following [add-permission](https://docs.aws.amazon.com/cli/latest/reference/ -After you've created an authorizer and granted API Gateway permission to invoke it, update your route to use the authorizer. The following [update-route](https://docs.aws.amazon.com/cli/latest/reference/apigatewayv2/update-route.html) command adds the Lambda authorizer to the route. +After you've created an authorizer and granted API Gateway permission to invoke it, update your route to use the authorizer. The following [update-route](https://docs.aws.amazon.com/cli/latest/reference/apigatewayv2/update-route.html) command adds the Lambda authorizer to the route. If your Lambda authorizer uses policy caching, make sure you update the policy to control access for the additional route.