AWS eventbridge high security documentation change
Summary
Removed documentation about requiring signed API requests using IAM access keys or AWS STS temporary credentials
Security assessment
The deleted content specifically described fundamental security requirements for API authentication. Removing this documentation could lead users to believe authentication is optional, potentially resulting in insecure configurations where API requests are not properly signed. This directly impacts security posture by omitting critical credential requirements.
Diff
diff --git a/eventbridge/latest/userguide/eb-infrastructure.md b/eventbridge/latest/userguide/eb-infrastructure.md index f8d263651..16f6a58ef 100644 --- a//eventbridge/latest/userguide/eb-infrastructure.md +++ b//eventbridge/latest/userguide/eb-infrastructure.md @@ -18,2 +17,0 @@ You use AWS published API calls to access EventBridge through the network. Clien -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -