AWS Security ChangesHomeSearch

AWS serverlessrepo medium security documentation change

Service: serverlessrepo · 2025-10-22 · Security-related medium

File: serverlessrepo/latest/devguide/infrastructure-security.md

Summary

Removed details about API request signing requirements using IAM credentials or AWS STS

Security assessment

Deleting guidance about mandatory request signing and temporary credentials weakens documentation about authentication security controls. This could lead to insecure implementations if developers are unaware of these fundamental security requirements for API access.

Diff

diff --git a/serverlessrepo/latest/devguide/infrastructure-security.md b/serverlessrepo/latest/devguide/infrastructure-security.md
index 98e38740e..cc6db9c9c 100644
--- a//serverlessrepo/latest/devguide/infrastructure-security.md
+++ b//serverlessrepo/latest/devguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access AWS Serverless Application Repository
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-