AWS apigateway high security documentation change
Summary
Removed critical details about requiring signed requests with IAM credentials or AWS STS temporary security credentials
Security assessment
Deleting instructions about mandatory request signing and temporary credentials removes guidance essential for secure API access. This could lead to insecure configurations if developers omit authentication requirements.
Diff
diff --git a/apigateway/latest/developerguide/infrastructure-security.md b/apigateway/latest/developerguide/infrastructure-security.md index 16a37ac86..7142f4920 100644 --- a//apigateway/latest/developerguide/infrastructure-security.md +++ b//apigateway/latest/developerguide/infrastructure-security.md @@ -18,2 +17,0 @@ You use AWS published API calls to access API Gateway through the network. Clien -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -