AWS waf documentation change
Summary
Removed a sentence about requiring signed requests using IAM access keys or AWS STS temporary credentials.
Security assessment
The removed content was general security guidance about API authentication requirements. While security-related, this appears to be documentation cleanup rather than addressing a specific vulnerability. However, removing this could reduce visibility of security best practices.
Diff
diff --git a/waf/latest/developerguide/infrastructure-security.md b/waf/latest/developerguide/infrastructure-security.md index f40071193..4d11a62bf 100644 --- a//waf/latest/developerguide/infrastructure-security.md +++ b//waf/latest/developerguide/infrastructure-security.md @@ -24,2 +23,0 @@ You use AWS published API calls to access AWS WAF through the network. Clients m -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -