AWS apigateway documentation change
Summary
Added documentation for SigV4a authentication support
Security assessment
Expanded authentication documentation to include SigV4a, a security feature. Enhances clarity but doesn't address a vulnerability.
Diff
diff --git a/apigateway/latest/developerguide/permissions.md b/apigateway/latest/developerguide/permissions.md index ca0520384..cd783b70a 100644 --- a//apigateway/latest/developerguide/permissions.md +++ b//apigateway/latest/developerguide/permissions.md @@ -47 +47 @@ For more information on how to use this permissions model, see [API Gateway iden -To allow an API caller to invoke the API or refresh its caching, you must create IAM policies that permit a specified API caller to invoke the API method for which user authentication is enabled. The API developer sets the method's `authorizationType` property to `AWS_IAM` to require that the caller submit the user's credentials to be authenticated. Then, you attach the policy to a user, role, or group. +To allow an API caller to invoke the API or refresh its caching, you must create IAM policies that permit a specified API caller to invoke the API method for which user authentication is enabled. The API developer sets the method's `authorizationType` property to `AWS_IAM` to require that the caller submit the user's credentials to be authenticated. API Gateway supports Signature Version 4a (SigV4a) and Signature Version 4 (SigV4) to authenticate the user's credentials. For more information, see [AWS Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). Then, you attach the policy to a user, role, or group.