AWS IAM documentation change
Summary
Fixed typographical errors in SigV4a documentation (capitalization and grammar)
Security assessment
Changes are purely editorial corrections (Sigv4a → SigV4a, 'is rejected' → 'are rejected') with no indication of addressing a security vulnerability or weakness. The content remains about the same security feature (SigV4a signing).
Diff
diff --git a/IAM/latest/UserGuide/reference_sigv.md b/IAM/latest/UserGuide/reference_sigv.md index 78d9b66e1..c35173848 100644 --- a//IAM/latest/UserGuide/reference_sigv.md +++ b//IAM/latest/UserGuide/reference_sigv.md @@ -53 +53 @@ For more information, see [Elements of an AWS API request signature](./reference -SigV4a uses asymmetric signatures based on public-private key cryptography. SigV4a goes through a similar scoped credentials derivation process as SigV4, except Sigv4a uses the same key to sign all requests without needing to derive a distinct signing key based on the date, service, and region. An [Elliptic Curve Digital Signature Algorithm](https://csrc.nist.gov/glossary/term/ecdsa) (ECDSA) keypair can be derived from your existing AWS secret access key. +SigV4a uses asymmetric signatures based on public-private key cryptography. SigV4a goes through a similar scoped credentials derivation process as SigV4, except SigV4a uses the same key to sign all requests without needing to derive a distinct signing key based on the date, service, and region. An [Elliptic Curve Digital Signature Algorithm](https://csrc.nist.gov/glossary/term/ecdsa) (ECDSA) keypair can be derived from your existing AWS secret access key. @@ -63 +63 @@ The following steps describe the general process of computing a signature with S - 3. When an AWS service receives a request signed with Sigv4a, AWS verifies the signature using only the public half of the keypair. If the signature is valid, the request is authenticated and the service processes the request. Requests with invalid signatures is rejected. + 3. When an AWS service receives a request signed with SigV4a, AWS verifies the signature using only the public half of the keypair. If the signature is valid, the request is authenticated and the service processes the request. Requests with invalid signatures are rejected.