AWS waf documentation change
Summary
Removed a paragraph explaining API request signing requirements using IAM access keys or AWS STS temporary security credentials.
Security assessment
The removed content described standard security practices for API authentication but did not indicate a vulnerability being fixed. This appears to be a documentation simplification rather than addressing a specific security issue.
Diff
diff --git a/waf/latest/developerguide/shd-infrastructure-security.md b/waf/latest/developerguide/shd-infrastructure-security.md index fba0aaec0..3b3bceae8 100644 --- a//waf/latest/developerguide/shd-infrastructure-security.md +++ b//waf/latest/developerguide/shd-infrastructure-security.md @@ -24,2 +23,0 @@ You use AWS published API calls to access Shield through the network. Clients mu -Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests. -