AWS Security ChangesHomeSearch

AWS amazonq documentation change

Service: amazonq · 2025-04-03 · Documentation low

File: amazonq/latest/qbusiness-ug/data-accessors-granting-permissions.md

Summary

Reworded content about adding data accessors, removed KMS policy example, and added important note about sharing configuration details

Security assessment

Restructuring of content flow without security-specific changes (KMS policy moved to prerequisites)

Diff

diff --git a/amazonq/latest/qbusiness-ug/data-accessors-granting-permissions.md b/amazonq/latest/qbusiness-ug/data-accessors-granting-permissions.md
index 79dddb530..539fd7678 100644
--- a//amazonq/latest/qbusiness-ug/data-accessors-granting-permissions.md
+++ b//amazonq/latest/qbusiness-ug/data-accessors-granting-permissions.md
@@ -5 +5 @@
-# Granting a data accessor (ISV) permission to connect to your Amazon Q index
+# Add a data accessor (ISV) to connect to your Amazon Q index
@@ -7 +7 @@
-After setting up your application environment and connecting your data source(s), Amazon Q Business begins indexing your enterprise data. You still need to grant the software providers (ISVs) permissions as a data accessor to retrieve content from the Amazon Q index. By granting a data accessor permissions, you are permitting the data accessor's AWS account to access the Amazon Q index via the `SearchRelevantContent` API operation.
+After setting up your application environment and connecting your data source(s), Amazon Q Business begins indexing your enterprise data. You still need to add the software providers (ISVs) as a data accessor and provide configuration details to the ISV to retrieve content from your Amazon Q index. By adding a data accessor, you grant their AWS account to access the Amazon Q index via the `SearchRelevantContent` API operation.
@@ -9,9 +9 @@ After setting up your application environment and connecting your data source(s)
-To grant a data accessor permissions to your Amazon Q index, use either the Amazon Q Business console or the Amazon Q Business API.
-
-The following procedures show how you can do this using the Amazon Q Business console or the AWS CLI.
-
-###### Topics
-
-  * [Using the Amazon Q Business console](./data-accessors-granting-permissions-console.html)
-
-  * [Using the AWS CLI;](./data-accessors-granting-permissions-cli.html)
+You can grant data accessor permissions to your Amazon Q index using either the Amazon Q Business console or the Amazon Q Business API. The following procedures show how to do this using the Amazon Q Business console or the AWS CLI.
@@ -18,0 +11 @@ The following procedures show how you can do this using the Amazon Q Business co
+###### Important
@@ -19,0 +13 @@ The following procedures show how you can do this using the Amazon Q Business co
+You must provide the setup details generated when adding your ISV as a data accessor to your ISV so they can access your Amazon Q index. You can find this information at any time in the **Information for data accessor** tab in the **data accessor details** page which is accessed by choosing the accessor **Name** from the **Data accessors** table on the **Data accessors** page.
@@ -20,0 +15 @@ The following procedures show how you can do this using the Amazon Q Business co
+###### Topics
@@ -22 +17 @@ The following procedures show how you can do this using the Amazon Q Business co
-###### Note
+  * [Add a data accessor using the console](./data-accessors-granting-permissions-console.html)
@@ -24 +19 @@ The following procedures show how you can do this using the Amazon Q Business co
-If you are using a customer managed key in your Amazon Q Business Application, you must set your key policy to allow the ISV principal access to the KMS key with the following policy:
+  * [Adding a data accessor using the AWS CLI;](./data-accessors-granting-permissions-cli.html)
@@ -27,22 +21,0 @@ If you are using a customer managed key in your Amazon Q Business Application, y
-    {
-        "Version": "2012-10-17",
-        "Id": "isv-key-consolepolicy",
-        "Statement": [
-            {
-                "Sid": "Enable IAM User Permissions",
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": ${isv_principal}
-                },
-                "Action": "kms:Decrypt",
-                "Resource": ${your_kms_key_arn}
-            },
-            "Condition": {
-                    "StringLike": {
-                        "kms:ViaService": [
-                            "qbusiness.${region}.amazonaws.com"
-                        ]
-                    }
-            }
-        ]
-    }