Initial Publication Date: 2022/11/21 10:00AM EST
A security researcher recently disclosed a case-sensitivity parsing issue within AWS AppSync, which could potentially be used to bypass the service’s cross-account role usage validations and take action as the service across customer accounts.
No customers were affected by this issue, and no customer action is required.
AWS moved immediately to correct this issue when it was reported. Analysis of logs going back to the launch of the service have been conducted and we have conclusively determined that the only activity associated with this issue was between accounts owned by the researcher. No other customer accounts were impacted.
We would like to thank Datadog Security Labs for reporting this issue.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.