AWS prescriptive-guidance documentation change
Summary
Updated image path and removed detailed application/authorization flow steps
Security assessment
Structural changes to image paths and content simplification without security impact or vulnerability remediation
Diff
diff --git a/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md b/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md index dd88dfa41..aa05a5ad3 100644 --- a//prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md +++ b//prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md @@ -24,25 +24 @@ The centralized policy decision point (PDP) with policy enforcement points (PEPs - - -**Application flow** (illustrated with blue numbered callouts in the diagram): - - 1. An authenticated user with a JSON Web Token (JWT) generates an HTTP request to Amazon CloudFront. - - 2. CloudFront forwards the request to Amazon API Gateway, which is configured as a CloudFront origin. - - 3. An API Gateway custom authorizer is called to verify the JWT. - - 4. Microservices respond to the request. - - - - -**Authorization and API access control flow** (illustrated with red numbered callouts in the diagram): - - 1. The PEP calls the authorization service and passes request data, including any JWTs. - - 2. The authorization service (PDP), in this case Verified Permissions, uses the request data as query input and evaluates it based on the relevant policies specified by the query. - - 3. The authorization decision is returned to the PEP and evaluated. - - - + @@ -70 +46 @@ Design models for multi-tenant SaaS architectures -Using OPA +Design models for OPA