AWS Security ChangesHomeSearch

AWS vpc medium security documentation change

Service: vpc · 2025-10-22 · Security-related medium

File: vpc/latest/userguide/infrastructure-security.md

Summary

Removed two lines explaining request signing requirements and AWS STS usage for API access

Security assessment

Deletion of documentation about mandatory request signing with IAM credentials/AWS STS removes guidance about fundamental security controls for API access. This could lead to insecure implementations if users are unaware of authentication requirements. The removed content directly relates to authentication security mechanisms.

Diff

diff --git a/vpc/latest/userguide/infrastructure-security.md b/vpc/latest/userguide/infrastructure-security.md
index 8418b284e..4020f79d8 100644
--- a//vpc/latest/userguide/infrastructure-security.md
+++ b//vpc/latest/userguide/infrastructure-security.md
@@ -20,2 +19,0 @@ You use AWS published API calls to access Amazon VPC through the network. Client
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-