AWS Security ChangesHomeSearch

AWS connect documentation change

Service: connect · 2025-04-18 · Documentation medium

File: connect/latest/adminguide/security-profile-list.md

Summary

Updated security profile permissions documentation: Added functionality description for Bots.Test, removed redundant tag-based access control note in Users.Create section, added explicit guidance for using tag-based access control to mitigate admin lockout risks, fixed permission name typo for IVR recordings access.

Security assessment

The changes enhance documentation about security controls (tag-based access) but do not indicate a specific security vulnerability being patched. The added guidance helps users implement security best practices.

Diff

diff --git a/connect/latest/adminguide/security-profile-list.md b/connect/latest/adminguide/security-profile-list.md
index 5945cd656..6e80f1c86 100644
--- a//connect/latest/adminguide/security-profile-list.md
+++ b//connect/latest/adminguide/security-profile-list.md
@@ -83 +83 @@ Bots |  Bots.Delete | Delete a bot.
-Bots |  Bots.Test |   
+Bots |  Bots.Test | Enables the **Test using workbench** button on the **Flows** page, **Bots** tab.  
@@ -106 +106 @@ Users - Create |  Users.Create | [Add users to Amazon Connect](./user-management
-  * Reset passwords, including that of the administrator. (Except if tag-based access-control has been set up to prevent this user from editing an administrator user. For more information, see [Apply tag-based access control](./tag-based-access-control.html).)
+  * Reset passwords, including that of the administrator. 
@@ -109 +109 @@ Users - Create |  Users.Create | [Add users to Amazon Connect](./user-management
-Doing these things would enable someone to lock out those who need to access Amazon Connect, and allow in others who can steal customer data and damage your business.   
+Doing these things would enable someone to lock out those who need to access Amazon Connect, and allow in others who can steal customer data and damage your business.  You can limit this risk by adding [tag-based access control](./tag-based-access-control.html) on the security profile. For example, you can apply tag-based access control to deny access to administrators and the Admin security profile.   
@@ -195 +195 @@ To access unredacted conversations, remove permissions to **Recorded conversatio
-Automated interaction voice (IVR) recordings (unredacted) - Access |  AutomatedVoiceInteraction.Recordings.Unredacted.Accesss | Access voice recordings of automated interactions (with IVR, Amazon Lex or other bots).  
+Automated interaction voice (IVR) recordings (unredacted) - Access |  AutomatedVoiceInteraction.Recordings.Unredacted.Access | Access voice recordings of automated interactions (with IVR, Amazon Lex or other bots).  
@@ -229 +228,0 @@ Screen recording - Enable download button | ScreenRecording.Download | [Enables
-Automated interaction voice (IVR) recordings (unredacted) - Access  |  AutomatedVoiceInteraction.Recordings.Unredacted.Access  | View the Play icon so users can listen to call recordings by using the Amazon Connect admin website.