AWS transfer high security documentation change
Summary
Added security guidance about disabling API Gateway caching for authentication requests
Security assessment
Explicit security documentation about preventing authentication failures caused by caching. Addresses potential authentication vulnerabilities by requiring live responses.
Diff
diff --git a/transfer/latest/userguide/authentication-api-gateway.md b/transfer/latest/userguide/authentication-api-gateway.md index 94a6e9f53..9b3c608f0 100644 --- a//transfer/latest/userguide/authentication-api-gateway.md +++ b//transfer/latest/userguide/authentication-api-gateway.md @@ -35,0 +36,13 @@ To improve security, you can configure a web application firewall. AWS WAF is a +###### Do not enable API Gateway caching + +Do not enable caching for your API Gateway method when using it as a custom identity provider for Transfer Family. Caching is inappropriate and invalid for authentication requests because: + + * Each authentication request is unique and requires a live response, not a cached response + + * Caching provides no benefits since Transfer Family never sends duplicate or repeated requests to the API Gateway + + * Enabling caching will cause the API Gateway to respond with mismatched data, resulting in invalid responses to authentication requests + + + +