AWS incident-manager high security documentation change
Summary
Removed details about API request signing requirements using IAM credentials or AWS STS
Security assessment
Deleting authentication requirements removes critical security guidance. Unsigned API requests or lack of temporary credentials could lead to unauthorized access. This directly impacts secure API usage patterns.
Diff
diff --git a/incident-manager/latest/userguide/infrastructure-security.md b/incident-manager/latest/userguide/infrastructure-security.md index 8cd979311..5157a922a 100644 --- a//incident-manager/latest/userguide/infrastructure-security.md +++ b//incident-manager/latest/userguide/infrastructure-security.md @@ -20,2 +19,0 @@ You use AWS published API calls to access Incident Manager through the network. -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -