AWS apigateway documentation change
Summary
Added documentation about Signature Version 4a (SigV4a) protocol support alongside existing SigV4 for AWS_IAM authorization
Security assessment
The change adds documentation about SigV4a as an additional signing protocol option, which is a security feature enhancement rather than addressing a specific vulnerability. While SigV4a improves security through regional flexibility and broader cryptographic coverage, there's no evidence this change fixes an existing security issue.
Diff
diff --git a/apigateway/latest/developerguide/api-gateway-create-api-from-example.md b/apigateway/latest/developerguide/api-gateway-create-api-from-example.md index bbc5b9c88..c5da55032 100644 --- a//apigateway/latest/developerguide/api-gateway-create-api-from-example.md +++ b//apigateway/latest/developerguide/api-gateway-create-api-from-example.md @@ -110 +110 @@ Paste the **Invoke URL** value (obtained in the previous step) into the address -Invoking the API method as shown is possible because its **Authorization** type is set to `NONE`. If the `AWS_IAM` authorization were used, you would sign the request using the [Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) (SigV4) protocols. For an example of such a request, see [Tutorial: Create a REST API with an HTTP non-proxy integration](./api-gateway-create-api-step-by-step.html). +Invoking the API method as shown is possible because its **Authorization** type is set to `NONE`. If the `AWS_IAM` authorization were used, you would sign the request using the [Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) (SigV4) or [Signature Version 4a](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html#how-sigv4a-works) (SigV4a) protocols. For an example of such a request, see [Tutorial: Create a REST API with an HTTP non-proxy integration](./api-gateway-create-api-step-by-step.html).