AWS apigateway documentation change
Summary
Removed a JSON resource policy example allowing specific IAM roles to invoke an API endpoint
Security assessment
The change removes a policy example but does not indicate a security vulnerability fix. It appears to be documentation cleanup rather than addressing a specific security issue.
Diff
diff --git a/apigateway/latest/developerguide/apigateway-private-api-create.md b/apigateway/latest/developerguide/apigateway-private-api-create.md index 1c973388c..fbc51d262 100644 --- a//apigateway/latest/developerguide/apigateway-private-api-create.md +++ b//apigateway/latest/developerguide/apigateway-private-api-create.md @@ -482,27 +481,0 @@ In your resource policy, if you set the Principal to an AWS principal, such as t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::111122223333:role/developer", - "arn:aws:iam::111122223333:role/Admin" - ] - }, - "Action": "execute-api:Invoke", - "Resource": [ - "execute-api:/stage/GET/pets" - ] - } - ] - } - -