AWS Security ChangesHomeSearch

AWS claude-platform documentation change

Service: claude-platform · 2026-05-25 · Documentation low

File: claude-platform/latest/userguide/iam-policies.md

Summary

Clarified documentation for API key authentication requirements with CallWithBearerToken action

Security assessment

The change provides clearer wording about authentication methods but doesn't address any specific vulnerability or weakness. It maintains existing security practices without introducing new security implications.

Diff

diff --git a/claude-platform/latest/userguide/iam-policies.md b/claude-platform/latest/userguide/iam-policies.md
index 24f607c95..b84799de7 100644
--- a//claude-platform/latest/userguide/iam-policies.md
+++ b//claude-platform/latest/userguide/iam-policies.md
@@ -216 +216 @@ Control which capability a principal can request with the `aws-external-anthropi
-`aws-external-anthropic:CallWithBearerToken` authorizes the SigV4-free request path used when an API key is presented as a bearer token. Any principal that will authenticate with an API key — whether through the Anthropic SDK’s `ANTHROPIC_AWS_API_KEY` environment variable or by setting the `Authorization: Bearer` header directly — needs this action on the target workspace.
+`aws-external-anthropic:CallWithBearerToken` authorizes the SigV4-free request path used when an API key is presented as a bearer token. Any principal that authenticates with an API key needs this action on the target workspace. This applies whether you use `ANTHROPIC_AWS_API_KEY` or set the `Authorization: Bearer` header directly.