AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-28 · Documentation low

File: apigateway/latest/developerguide/apigateway-private-api-create.md

Summary

Removed a JSON resource policy example allowing specific IAM roles to invoke an API endpoint

Security assessment

The change removes a policy example but does not indicate a security vulnerability fix. It appears to be documentation cleanup rather than addressing a specific security issue.

Diff

diff --git a/apigateway/latest/developerguide/apigateway-private-api-create.md b/apigateway/latest/developerguide/apigateway-private-api-create.md
index 1c973388c..fbc51d262 100644
--- a//apigateway/latest/developerguide/apigateway-private-api-create.md
+++ b//apigateway/latest/developerguide/apigateway-private-api-create.md
@@ -482,27 +481,0 @@ In your resource policy, if you set the Principal to an AWS principal, such as t
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": [
-                        "arn:aws:iam::111122223333:role/developer",
-                        "arn:aws:iam::111122223333:role/Admin"
-                    ]
-                },
-                "Action": "execute-api:Invoke",
-                "Resource": [
-                    "execute-api:/stage/GET/pets"
-                ]
-            }
-        ]
-    }
-    
-