AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-22 · Documentation low

File: apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md

Summary

Updated signature validation references to include SigV4a alongside SigV4

Security assessment

Expanded documentation to cover SigV4a authentication method without indicating a security fix

Diff

diff --git a/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md b/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md
index 060b6c1e7..43011aff7 100644
--- a//apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md
+++ b//apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md
@@ -31,2 +31,2 @@ No content | The invoker is evaluated as an anonymous user
-Valid [SigV4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) signature | The invoker is evaluated as the authenticated IAM identity from the signature  
-Invalid [SigV4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) signature | API Gateway denies access  
+Valid [SigV4 or SigV4a](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) signature | The invoker is evaluated as the authenticated IAM identity from the signature  
+Invalid [SigV4 or SigV4a](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) signature | API Gateway denies access