AWS Security ChangesHomeSearch

AWS workspaces-web high security documentation change

Service: workspaces-web · 2025-10-22 · Security-related high

File: workspaces-web/latest/adminguide/infrastructure-security.md

Summary

Removed guidance about signing API requests with access keys or STS temporary credentials

Security assessment

Deleting instructions for securing API access (authentication via access keys/STS) removes critical security best practices documentation. This omission could lead to insecure configurations if users are unaware of signing requirements, directly impacting authentication security.

Diff

diff --git a/workspaces-web/latest/adminguide/infrastructure-security.md b/workspaces-web/latest/adminguide/infrastructure-security.md
index fcd5a6753..4ace7df41 100644
--- a//workspaces-web/latest/adminguide/infrastructure-security.md
+++ b//workspaces-web/latest/adminguide/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access Amazon WorkSpaces Secure Browser throu
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-