AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-22 · Documentation low

File: apigateway/latest/developerguide/apigateway-authorization-flow.md

Summary

Added clarification about authorization workflow consistency with custom domain names for private APIs

Security assessment

Documentation improvement about workflow consistency, no security implications or feature additions

Diff

diff --git a/apigateway/latest/developerguide/apigateway-authorization-flow.md b/apigateway/latest/developerguide/apigateway-authorization-flow.md
index ae8bfe3c3..4a428170c 100644
--- a//apigateway/latest/developerguide/apigateway-authorization-flow.md
+++ b//apigateway/latest/developerguide/apigateway-authorization-flow.md
@@ -63 +63 @@ In this workflow, a Lambda authorizer is configured for the API in addition to a
-The following example resource policy allows calls only from the VPC endpoint whose VPC endpoint ID is ``vpce-1a2b3c4d``. During the "pre-auth" evaluation, only the calls coming from the VPC endpoint indicated in the example are allowed to move forward and evaluate the Lambda authorizer. All remaining calls are blocked.
+The following example resource policy allows calls only from the VPC endpoint whose VPC endpoint ID is ``vpce-1a2b3c4d``. During the "pre-auth" evaluation, only the calls coming from the VPC endpoint indicated in the example are allowed to move forward and evaluate the Lambda authorizer. All remaining calls are blocked. This authorization workflow is the same if you use a custom domain name for a private API.