AWS inspector high security documentation change
Summary
Removed a paragraph stating that requests must be signed using access keys or AWS STS temporary credentials.
Security assessment
The deletion of authentication requirements in infrastructure security documentation removes critical guidance about securing API access. This creates a risk of developers implementing unauthenticated requests, weakening overall security controls.
Diff
diff --git a/inspector/v1/userguide/infrastructure-security.md b/inspector/v1/userguide/infrastructure-security.md index 04b547104..b6c077e9b 100644 --- a//inspector/v1/userguide/infrastructure-security.md +++ b//inspector/v1/userguide/infrastructure-security.md @@ -20,2 +19,0 @@ You use AWS published API calls to access Amazon Inspector Classic through the n -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -