AWS grafana high security documentation change
Summary
Removed instructions about signing API requests with IAM access keys or AWS STS temporary credentials.
Security assessment
Omitting details about requiring signed API requests removes critical guidance for securing API access. This could lead to misconfigurations where users disable or ignore request signing, increasing the risk of unauthorized access—a concrete security impact.
Diff
diff --git a/grafana/latest/userguide/infrastructure-security.md b/grafana/latest/userguide/infrastructure-security.md index 43b12d4ae..03a35665a 100644 --- a//grafana/latest/userguide/infrastructure-security.md +++ b//grafana/latest/userguide/infrastructure-security.md @@ -18,2 +17,0 @@ You use AWS published API calls to access Amazon Managed Grafana through the net -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -