AWS claude-platform documentation change
Summary
Clarified documentation for API key authentication requirements with CallWithBearerToken action
Security assessment
The change provides clearer wording about authentication methods but doesn't address any specific vulnerability or weakness. It maintains existing security practices without introducing new security implications.
Diff
diff --git a/claude-platform/latest/userguide/iam-policies.md b/claude-platform/latest/userguide/iam-policies.md index 24f607c95..b84799de7 100644 --- a//claude-platform/latest/userguide/iam-policies.md +++ b//claude-platform/latest/userguide/iam-policies.md @@ -216 +216 @@ Control which capability a principal can request with the `aws-external-anthropi -`aws-external-anthropic:CallWithBearerToken` authorizes the SigV4-free request path used when an API key is presented as a bearer token. Any principal that will authenticate with an API key — whether through the Anthropic SDK’s `ANTHROPIC_AWS_API_KEY` environment variable or by setting the `Authorization: Bearer` header directly — needs this action on the target workspace. +`aws-external-anthropic:CallWithBearerToken` authorizes the SigV4-free request path used when an API key is presented as a bearer token. Any principal that authenticates with an API key needs this action on the target workspace. This applies whether you use `ANTHROPIC_AWS_API_KEY` or set the `Authorization: Bearer` header directly.