AWS Security ChangesHomeSearch

AWS codeguru high security documentation change

Service: codeguru · 2025-10-22 · Security-related high

File: codeguru/latest/reviewer-ug/infrastructure-security.md

Summary

Removed line about requiring signed API requests with IAM credentials or AWS STS

Security assessment

Deletion of explicit requirement for API request signing removes critical security guidance. This could lead to insecure implementations if developers are unaware of authentication requirements, directly impacting access control integrity.

Diff

diff --git a/codeguru/latest/reviewer-ug/infrastructure-security.md b/codeguru/latest/reviewer-ug/infrastructure-security.md
index 4617e32e5..2aa5bca0f 100644
--- a//codeguru/latest/reviewer-ug/infrastructure-security.md
+++ b//codeguru/latest/reviewer-ug/infrastructure-security.md
@@ -20,2 +19,0 @@ You use AWS published API calls to access CodeGuru Reviewer through the network.
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-