AWS mwaa high security documentation change
Summary
Removed statement about requiring signed API requests using IAM credentials or AWS STS
Security assessment
The deletion of guidance on API request signing removes documentation about a critical security control (authentication). This could lead to insecure implementations if users are unaware of the requirement to sign requests, directly impacting security posture.
Diff
diff --git a/mwaa/latest/userguide/infrastructure-security.md b/mwaa/latest/userguide/infrastructure-security.md index ae638856c..d1a96c8aa 100644 --- a//mwaa/latest/userguide/infrastructure-security.md +++ b//mwaa/latest/userguide/infrastructure-security.md @@ -18,2 +17,0 @@ You use AWS published API calls to access Amazon MWAA through the network. Clien -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -