AWS Security ChangesHomeSearch

AWS resource-explorer medium security documentation change

Service: resource-explorer · 2025-10-22 · Security-related medium

File: resource-explorer/latest/userguide/infrastructure-security.md

Summary

Removed documentation about requiring signed API requests using access keys or AWS STS temporary credentials

Security assessment

The removed lines specifically described fundamental security requirements for API authentication. Omitting this information could lead developers to incorrectly assume authentication isn't required, creating potential for insecure implementations. This constitutes a security documentation regression.

Diff

diff --git a/resource-explorer/latest/userguide/infrastructure-security.md b/resource-explorer/latest/userguide/infrastructure-security.md
index 8076c0897..6d100d691 100644
--- a//resource-explorer/latest/userguide/infrastructure-security.md
+++ b//resource-explorer/latest/userguide/infrastructure-security.md
@@ -20,2 +19,0 @@ You use AWS published API calls to access Resource Explorer through the network.
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-