AWS Security ChangesHomeSearch

AWS wellarchitected high security documentation change

Service: wellarchitected · 2025-10-22 · Security-related high

File: wellarchitected/latest/userguide/infrastructure-security.md

Summary

Removed details about request signing requirements using IAM credentials or AWS STS

Security assessment

Deleting instructions about mandatory request signing removes critical security guidance for authenticating AWS API calls. This could lead to misconfigured clients if users are unaware of the requirement to sign requests, increasing risk of unauthorized access.

Diff

diff --git a/wellarchitected/latest/userguide/infrastructure-security.md b/wellarchitected/latest/userguide/infrastructure-security.md
index bc6b9e532..190be004e 100644
--- a//wellarchitected/latest/userguide/infrastructure-security.md
+++ b//wellarchitected/latest/userguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access AWS WA Tool through the network. Clien
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-