AWS codecommit high security documentation change
Summary
Removed content about requiring signed requests with IAM credentials or AWS STS temporary security credentials
Security assessment
This change deletes critical information about mandatory request signing and IAM credential requirements, which are fundamental security controls. Removing this documentation could mislead users into thinking authentication mechanisms are optional, creating potential for insecure configurations and unauthorized access.
Diff
diff --git a/codecommit/latest/userguide/data-protection.md b/codecommit/latest/userguide/data-protection.md index 994f825ad..4757bdbb5 100644 --- a//codecommit/latest/userguide/data-protection.md +++ b//codecommit/latest/userguide/data-protection.md @@ -20,2 +19,0 @@ You use AWS published API calls to access through the network. Clients must supp -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -