AWS apigateway documentation change
Summary
Updated signature validation references to include SigV4a alongside SigV4
Security assessment
Expanded documentation to cover SigV4a authentication method without indicating a security fix
Diff
diff --git a/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md b/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md index 060b6c1e7..43011aff7 100644 --- a//apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md +++ b//apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.md @@ -31,2 +31,2 @@ No content | The invoker is evaluated as an anonymous user -Valid [SigV4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) signature | The invoker is evaluated as the authenticated IAM identity from the signature -Invalid [SigV4](https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html) signature | API Gateway denies access +Valid [SigV4 or SigV4a](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) signature | The invoker is evaluated as the authenticated IAM identity from the signature +Invalid [SigV4 or SigV4a](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) signature | API Gateway denies access