AWS amazonq documentation change
Summary
Updated OAuth configuration steps for Confluence Cloud integration, replacing granular scopes with classic scopes and specifying required read permissions.
Security assessment
Changes detail required OAuth scopes for proper access control, implementing principle of least privilege. While security-related documentation is added, there's no evidence of addressing a specific security vulnerability.
Diff
diff --git a/amazonq/latest/qbusiness-ug/confluence-cloud-credentials-oauth.md b/amazonq/latest/qbusiness-ug/confluence-cloud-credentials-oauth.md index df4001a1a..449b6f9d8 100644 --- a/amazonq/latest/qbusiness-ug/confluence-cloud-credentials-oauth.md +++ b/amazonq/latest/qbusiness-ug/confluence-cloud-credentials-oauth.md @@ -95 +95,23 @@ Then, select **Save**. - 12. Navigate to the **Granular scopes** page. + 12. On the **Confluence API** page, make sure you're in the **Classic scopes** section. + + + +Then, choose **Edit Scopes** , and the add the following `read` scopes: + + * **`read:confluence-space.summary`** – Read Confluence space summary + + * **`read:confluence-props`** – Read Confluence content properties + + * **`read:confluence-content.all`** – Read Confluence detailed content + + * **`read:confluence-content.summary`** – Read Confluence content summary + + * **`read:confluence-content.permission`** – Read content permission in Confluence + + * **`read:confluence-user`** – Read user + + * **`read:confluence-groups`** – Read user groups + +Then, select **Save**. + + 13. Navigate to the **Granular scopes** page. @@ -163,8 +184,0 @@ Then, choose **Edit Scopes** , and the add the following `read` scopes: - * **`read:database:confluence`** – Read database - - * **`read:embed:confluence`** – Read embeddings - - * **`read:folder:confluence`** – Read folders - - * **`read:email-address:confluence`** – Read email addresses -