AWS amazonq documentation change
Summary
Updated documentation for organization-wide subscription visibility, clarifying console navigation steps and read-only access behavior for member accounts. Changed references from 'Amazon Q' to 'Amazon Q Developer Pro' and simplified interface instructions.
Security assessment
Added explicit documentation about read-only access controls for member account users/groups when organization-wide visibility is enabled. This describes a security feature (access restrictions) but does not indicate a specific security vulnerability being patched.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/subscribe-visibility.md b/amazonq/latest/qdeveloper-ug/subscribe-visibility.md index 5cd0f69ae..ffd269123 100644 --- a//amazonq/latest/qdeveloper-ug/subscribe-visibility.md +++ b//amazonq/latest/qdeveloper-ug/subscribe-visibility.md @@ -7 +7,3 @@ -If you are a management account administrator within an organization managed by [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html), you can configure Amazon Q to display Amazon Q Developer subscriptions from both _management_ and _member_ accounts in a single, unified list on the **Subscriptions** page of the Amazon Q console. This organization-wide visibility eliminates the need to sign in to multiple accounts to track your subscriptions. +If you are a management account administrator within an organization managed by [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html), you can configure Amazon Q to display Amazon Q Developer Pro subscriptions from both _management_ and _member_ accounts in a single, unified list on the **Subscriptions** page of the Amazon Q Developer console while signed in to your management account. This organization-wide visibility eliminates the need to sign in to multiple accounts to track your subscriptions. + +When oganization-wide visibility is enabled, users and groups subscribed in member accounts appear will appear as read-only with a greyed-out selector next to them, indicating that you cannot take action on them as a management account administrator. If you need to modify these users and groups, you must sign in to the member account that manages them. @@ -11 +13 @@ If you are a management account administrator within an organization managed by -Consolidated subscription information will also appear on the **Dashboard** page of the Amazon Q Developer console when you enable organization-wide visibility. +Unified subscription information will also appear on the **Dashboard** page of the Amazon Q Developer console when you enable organization-wide visibility. @@ -15 +17 @@ If you are a member account administrator, you will only ever be able to view th -To enable organization-wide visibility of Amazon Q Developer subscriptions, you must enable trusted access to Amazon Q in your organization. _Trusted access_ is an AWS Organizations feature that, when enabled, designates Amazon Q as a _trusted service_ that is allowed to query your organization's structure. This querying is required in order to show subscriptions in member accounts within the management account. +To enable organization-wide visibility of Amazon Q Developer subscriptions, you must enable trusted access to Amazon Q in your organization. _Trusted access_ is an AWS Organizations feature that lets you designate Amazon Q as a _trusted service_ that is allowed to query your organization's structure. This querying is required in order to show subscriptions in member accounts within the management account. @@ -33 +35 @@ Before you begin, make sure that: - * You have the minimum permissions required to manage Amazon Q Developer subscriptions. For more information, see [Allow administrators to use the Amazon Q subscription console](./id-based-policy-examples-admins.html#q-admin-setup-admin-users-sub). + * You have the minimum permissions required to perform actions in the Amazon Q console. For more information, see [Allow administrators to use the Amazon Q console](./id-based-policy-examples-admins.html#q-admin-setup-admin-users-sub). @@ -42,11 +44 @@ Before you begin, make sure that: - 2. Do one of the following: - - * Open the Amazon Q console (not the Amazon Q Developer console). - - * Open the AWS Organizations console, and choose **Services**. From the list of services, choose **Amazon Q**. Choose **Navigate to console** to go to the Amazon Q console. - -The Amazon Q console appears. - - - - 3. Make sure you're in the AWS Region where you want to subscribe users. You might have been switched to the US East (N. Virginia) Region if you came from the Amazon Q Developer console, so you might need to switch back. For supported Regions, see [Amazon Q Developer Pro Region support](./q-admin-setup-subscribe-regions.html). + 2. Switch to the Amazon Q Developer console. @@ -54 +46 @@ The Amazon Q console appears. - 4. Choose **Settings**. + 3. Choose **Settings**. @@ -56 +48 @@ The Amazon Q console appears. - 5. In **Subscription view settings** , choose **Edit**. + 4. In **Subscription view settings** , choose **Edit**. @@ -58 +50 @@ The Amazon Q console appears. - 6. Under **View subscriptions from member accounts** , choose **On**. + 5. Enable the toggle. @@ -60 +52 @@ The Amazon Q console appears. - 7. Choose **Save**. + 6. Choose **Save**. @@ -62 +54 @@ The Amazon Q console appears. -Trusted access to Amazon Q is now enabled. Users and groups who are subscribed in member accounts now appear in the Amazon Q and Amazon Q Developer consoles when you're signed in as a management account administrator. These users and groups appear as read-only with a greyed-out selector next to them, indicating that you cannot take action on them as a management account administrator. If you need to modify these users and groups, you must sign in to the member account that manages them. +Trusted access to Amazon Q is now enabled. Users and groups who are subscribed in member accounts now appear in the Amazon Q Developer console when you're signed in as a management account administrator.