AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-28 · Documentation low

File: apigateway/latest/developerguide/apigateway-authorization-flow.md

Summary

Removed multiple JSON examples of API Gateway resource policies (IP restrictions, VPC endpoints, cross-account access).

Security assessment

Policy example removals do not indicate security fixes but may reduce documentation clarity. No evidence of addressing vulnerabilities in the examples.

Diff

diff --git a/apigateway/latest/developerguide/apigateway-authorization-flow.md b/apigateway/latest/developerguide/apigateway-authorization-flow.md
index 4a428170c..8d1230ecd 100644
--- a//apigateway/latest/developerguide/apigateway-authorization-flow.md
+++ b//apigateway/latest/developerguide/apigateway-authorization-flow.md
@@ -34,25 +33,0 @@ The following is an example of such a resource policy.
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": "*",
-                "Action": "execute-api:Invoke",
-                "Resource": "arn:aws:execute-api:us-east-1:111111111111:api-id/",
-                "Condition": {
-                    "IpAddress": {
-                        "aws:SourceIp": ["192.0.2.0/24", "198.51.100.0/24" ]
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -67,27 +41,0 @@ The following example resource policy allows calls only from the VPC endpoint wh
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Deny",
-                "Principal": "*",
-                "Action": "execute-api:Invoke",
-                "Resource": [
-                    "arn:aws:execute-api:us-east-1:111111111111:api-id/"
-                ],
-                "Condition" : {
-                    "StringNotEquals": {
-                        "aws:SourceVpce": "vpce-1a2b3c4d"
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -106,27 +53,0 @@ The following is an example of a cross-account resource policy. Assuming the IAM
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": "*",
-                "Action": "execute-api:Invoke",
-                "Resource": [
-                    "arn:aws:execute-api:us-east-1:111111111111:api-id/"
-                ],
-                "Condition" : {
-                    "StringEquals": {
-                        "aws:SourceVpc": "vpc-2f09a348"
-                        }
-                }
-            }
-        ]
-    }
-    
-
@@ -141,25 +61,0 @@ The following is an example of a resource policy that allows calls only from spe
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": "*",
-                "Action": "execute-api:Invoke",
-                "Resource": "arn:aws:execute-api:us-east-1:111111111111:api-id/",
-                "Condition": {
-                    "IpAddress": {
-                        "aws:SourceIp": ["192.0.2.0/24", "198.51.100.0/24" ]
-                    }
-                }
-            }
-        ]
-    }
-    
-