AWS Security ChangesHomeSearch

AWS mwaa high security documentation change

Service: mwaa · 2025-10-22 · Security-related high

File: mwaa/latest/userguide/infrastructure-security.md

Summary

Removed statement about requiring signed API requests using IAM credentials or AWS STS

Security assessment

The deletion of guidance on API request signing removes documentation about a critical security control (authentication). This could lead to insecure implementations if users are unaware of the requirement to sign requests, directly impacting security posture.

Diff

diff --git a/mwaa/latest/userguide/infrastructure-security.md b/mwaa/latest/userguide/infrastructure-security.md
index ae638856c..d1a96c8aa 100644
--- a//mwaa/latest/userguide/infrastructure-security.md
+++ b//mwaa/latest/userguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access Amazon MWAA through the network. Clien
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-