AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md

Summary

Updated image path and removed detailed application/authorization flow steps

Security assessment

Structural changes to image paths and content simplification without security impact or vulnerability remediation

Diff

diff --git a/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md b/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md
index dd88dfa41..aa05a5ad3 100644
--- a//prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md
+++ b//prescriptive-guidance/latest/saas-multitenant-api-access-authorization/using-avp.md
@@ -24,25 +24 @@ The centralized policy decision point (PDP) with policy enforcement points (PEPs
-![Using a centralized PDP with PEPs on APIs](/images/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/images/avp-design-model.png)
-
-**Application flow** (illustrated with blue numbered callouts in the diagram):
-
-  1. An authenticated user with a JSON Web Token (JWT) generates an HTTP request to Amazon CloudFront.
-
-  2. CloudFront forwards the request to Amazon API Gateway, which is configured as a CloudFront origin.
-
-  3. An API Gateway custom authorizer is called to verify the JWT.
-
-  4. Microservices respond to the request.
-
-
-
-
-**Authorization and API access control flow** (illustrated with red numbered callouts in the diagram):
-
-  1. The PEP calls the authorization service and passes request data, including any JWTs.
-
-  2. The authorization service (PDP), in this case Verified Permissions, uses the request data as query input and evaluates it based on the relevant policies specified by the query.
-
-  3. The authorization decision is returned to the PEP and evaluated.
-
-
-
+![Using a centralized PDP with PEPs on APIs](/images/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/images/guide-img/1bc1ddcc-09fb-41af-88b1-99d94e62fa1f/images/82996376-fd1f-4369-92bf-820a383ef7d7.png)
@@ -70 +46 @@ Design models for multi-tenant SaaS architectures
-Using OPA
+Design models for OPA