AWS Security ChangesHomeSearch

AWS appsync high security documentation change

Service: appsync · 2025-10-22 · Security-related high

File: appsync/latest/devguide/infrastructure-security.md

Summary

Removed details about API request signing requirements (access keys, secret keys, and AWS STS)

Security assessment

Deleting authentication requirements for API calls removes critical security guidance. This could lead developers to overlook mandatory request signing practices, increasing risk of unauthorized access.

Diff

diff --git a/appsync/latest/devguide/infrastructure-security.md b/appsync/latest/devguide/infrastructure-security.md
index 3a9fa4019..87b90d782 100644
--- a//appsync/latest/devguide/infrastructure-security.md
+++ b//appsync/latest/devguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access AWS AppSync through the network. Clien
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-