AWS Security ChangesHomeSearch

AWS grafana high security documentation change

Service: grafana · 2025-10-22 · Security-related high

File: grafana/latest/userguide/infrastructure-security.md

Summary

Removed instructions about signing API requests with IAM access keys or AWS STS temporary credentials.

Security assessment

Omitting details about requiring signed API requests removes critical guidance for securing API access. This could lead to misconfigurations where users disable or ignore request signing, increasing the risk of unauthorized access—a concrete security impact.

Diff

diff --git a/grafana/latest/userguide/infrastructure-security.md b/grafana/latest/userguide/infrastructure-security.md
index 43b12d4ae..03a35665a 100644
--- a//grafana/latest/userguide/infrastructure-security.md
+++ b//grafana/latest/userguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access Amazon Managed Grafana through the net
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-