AWS cloud9 high security documentation change
Summary
Removed critical details about API request signing requirements (access keys/STS temporary credentials)
Security assessment
Deleting authentication requirements for API calls removes essential security guidance. This could mislead users into thinking authentication is optional, creating potential for unauthorized access. The removed content specifically addressed fundamental security controls (credential requirements).
Diff
diff --git a/cloud9/latest/user-guide/infrastructure-security.md b/cloud9/latest/user-guide/infrastructure-security.md index 082a8c67f..3f85a8291 100644 --- a//cloud9/latest/user-guide/infrastructure-security.md +++ b//cloud9/latest/user-guide/infrastructure-security.md @@ -20,2 +19,0 @@ You use AWS published API calls to access AWS Cloud9 through the network. Client -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -