AWS inspector high security documentation change
Summary
Removed a paragraph stating that requests must be signed using access keys or AWS STS temporary credentials.
Security assessment
The removed content described a fundamental security requirement (request signing with IAM credentials or STS). Removing this documentation could mislead users into thinking authentication is optional, potentially leading to insecure API configurations. This directly impacts security posture.
Diff
diff --git a/inspector/v1/userguide/encryption-in-transit.md b/inspector/v1/userguide/encryption-in-transit.md index 711deb89b..4e49945a8 100644 --- a//inspector/v1/userguide/encryption-in-transit.md +++ b//inspector/v1/userguide/encryption-in-transit.md @@ -20,2 +19,0 @@ You use AWS published API calls to access Amazon Inspector Classic through the n -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -