AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-22 · Documentation low

File: apigateway/latest/developerguide/apigateway-resource-policies-examples.md

Summary

Updated policy example to include Signature Version 4a (SigV4a) protocol support

Security assessment

Added documentation about SigV4a security protocol support but no specific vulnerability addressed

Diff

diff --git a/apigateway/latest/developerguide/apigateway-resource-policies-examples.md b/apigateway/latest/developerguide/apigateway-resource-policies-examples.md
index 7ace57778..b7c81c8e2 100644
--- a//apigateway/latest/developerguide/apigateway-resource-policies-examples.md
+++ b//apigateway/latest/developerguide/apigateway-resource-policies-examples.md
@@ -28 +28 @@ The following example policies use a simplified syntax to specify the API resour
-The following example resource policy grants API access in one AWS account to two roles in a different AWS account via [Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) (SigV4) protocols. Specifically, the developer and the administrator role for the AWS account identified by ``account-id-2`` are granted the `execute-api:Invoke` action to execute the `GET` action on the `pets` resource (API) in your AWS account.
+The following example resource policy grants API access in one AWS account to two roles in a different AWS account via [Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) (SigV4) or [Signature Version 4a](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html#how-sigv4a-works) (SigV4a) protocols. Specifically, the developer and the administrator role for the AWS account identified by ``account-id-2`` are granted the `execute-api:Invoke` action to execute the `GET` action on the `pets` resource (API) in your AWS account.