AWS Security ChangesHomeSearch

AWS apigateway high security documentation change

Service: apigateway · 2025-10-22 · Security-related high

File: apigateway/latest/developerguide/infrastructure-security.md

Summary

Removed critical details about requiring signed requests with IAM credentials or AWS STS temporary security credentials

Security assessment

Deleting instructions about mandatory request signing and temporary credentials removes guidance essential for secure API access. This could lead to insecure configurations if developers omit authentication requirements.

Diff

diff --git a/apigateway/latest/developerguide/infrastructure-security.md b/apigateway/latest/developerguide/infrastructure-security.md
index 16a37ac86..7142f4920 100644
--- a//apigateway/latest/developerguide/infrastructure-security.md
+++ b//apigateway/latest/developerguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access API Gateway through the network. Clien
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-