AWS finspace medium security documentation change
Summary
Removed a paragraph explaining authentication requirements for API calls (access key/secret key and STS temporary credentials)
Security assessment
The removed content described fundamental security controls for API authentication. Removing this documentation could lead to misconfiguration risks if users are unaware of authentication requirements. However, there's no explicit mention of addressing a vulnerability.
Diff
diff --git a/finspace/latest/userguide/infrastructure-security.md b/finspace/latest/userguide/infrastructure-security.md index a95f5da4d..bcbc8892f 100644 --- a//finspace/latest/userguide/infrastructure-security.md +++ b//finspace/latest/userguide/infrastructure-security.md @@ -22,2 +21,0 @@ You use AWS published API calls to access FinSpace through the network. Clients -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -