AWS Security ChangesHomeSearch

AWS config medium security documentation change

Service: config · 2025-10-22 · Security-related medium

File: config/latest/developerguide/infrastructure-security.md

Summary

Removed statement about requiring signed requests with IAM credentials or AWS STS

Security assessment

Removal of security-related documentation about request signing requirements could impact understanding of security best practices, though no explicit vulnerability is mentioned.

Diff

diff --git a/config/latest/developerguide/infrastructure-security.md b/config/latest/developerguide/infrastructure-security.md
index 28f2593f1..77c7530bc 100644
--- a//config/latest/developerguide/infrastructure-security.md
+++ b//config/latest/developerguide/infrastructure-security.md
@@ -20,2 +19,0 @@ You use AWS published API calls to access AWS Config through the network. Client
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-