AWS codeguru high security documentation change
Summary
Removed line about requiring signed API requests with IAM credentials or AWS STS
Security assessment
Deletion of explicit requirement for API request signing removes critical security guidance. This could lead to insecure implementations if developers are unaware of authentication requirements, directly impacting access control integrity.
Diff
diff --git a/codeguru/latest/reviewer-ug/infrastructure-security.md b/codeguru/latest/reviewer-ug/infrastructure-security.md index 4617e32e5..2aa5bca0f 100644 --- a//codeguru/latest/reviewer-ug/infrastructure-security.md +++ b//codeguru/latest/reviewer-ug/infrastructure-security.md @@ -20,2 +19,0 @@ You use AWS published API calls to access CodeGuru Reviewer through the network. -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -