AWS apigateway documentation change
Summary
Added requirement for clients to use SigV4/SigV4a when IAM authorization is enabled.
Security assessment
Explicitly documents the use of secure AWS signing protocols (SigV4/SigV4a) for API authentication, reinforcing security best practices. This clarifies existing security requirements but does not address a specific vulnerability.
Diff
diff --git a/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.md b/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.md index d0a1cda90..81d076f51 100644 --- a//apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.md +++ b//apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.md @@ -9 +9,3 @@ Control who can call an API Gateway API method with IAM policiesStatement refere -In this section, you learn about the permissions model for controlling access to your API using IAM permissions. We show a template IAM policy statement and the policy statement reference. The policy statement reference includes the formats of `Action` and `Resource` fields related to the API execution service. Use these references to create your IAM policy statement. When you create your IAM policy statement, you might need to consider the how API Gateway resource policies affect the authorization workflow. For more information, see [How API Gateway resource policies affect authorization workflow](./apigateway-authorization-flow.html). +In this section, you learn about the permissions model for controlling access to your API using IAM permissions. When IAM authorization is enabled, clients must use Signature Version 4a (SigV4a) and Signature Version 4 (SigV4) to sign their requests with AWS credentials. For more information, see [AWS Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). + +In this section, we show a template IAM policy statement and the policy statement reference. The policy statement reference includes the formats of `Action` and `Resource` fields related to the API execution service. Use these references to create your IAM policy statement. When you create your IAM policy statement, you might need to consider the how API Gateway resource policies affect the authorization workflow. For more information, see [How API Gateway resource policies affect authorization workflow](./apigateway-authorization-flow.html).