AWS codeguru high security documentation change
Summary
Removed statement about requiring access keys/STS for signing API requests to CodeGuru Profiler.
Security assessment
Deleting the requirement for request signing undermines a core AWS security practice. This could mislead users into believing authentication is optional, creating a critical security risk for API access.
Diff
diff --git a/codeguru/latest/profiler-ug/infrastructure-security.md b/codeguru/latest/profiler-ug/infrastructure-security.md index d2c80f143..290c65197 100644 --- a//codeguru/latest/profiler-ug/infrastructure-security.md +++ b//codeguru/latest/profiler-ug/infrastructure-security.md @@ -22,2 +21,0 @@ You use AWS published API calls to access CodeGuru Profiler through the network. -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -