AWS r53recovery high security documentation change
Summary
Removed critical security information about request signing requirements using IAM credentials or AWS STS
Security assessment
Deletion of documentation explaining mandatory request signing could lead to insecure implementations. This removes explicit guidance about fundamental security controls for API access.
Diff
diff --git a/r53recovery/latest/dg/infrastructure-security.md b/r53recovery/latest/dg/infrastructure-security.md index 27473d56b..9a0d1c6ac 100644 --- a//r53recovery/latest/dg/infrastructure-security.md +++ b//r53recovery/latest/dg/infrastructure-security.md @@ -18,2 +17,0 @@ You use AWS published API calls to access ARC through the network. Clients must -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -