AWS Security ChangesHomeSearch

AWS amazonq medium security documentation change

Service: amazonq · 2025-05-16 · Security-related medium

File: amazonq/latest/qdeveloper-ug/id-based-policy-examples-admins.md

Summary

Removed policy example for accepting connector requests from Q Developer transform web experience

Security assessment

The removal of permissions related to 'Q Developer transform web experience' (including S3/IAM actions) coincides with documentation stating the transformation website was taken down. This suggests potential security concerns with the deprecated feature's permissions model.

Diff

diff --git a/amazonq/latest/qdeveloper-ug/id-based-policy-examples-admins.md b/amazonq/latest/qdeveloper-ug/id-based-policy-examples-admins.md
index d941eea80..057d567dc 100644
--- a//amazonq/latest/qdeveloper-ug/id-based-policy-examples-admins.md
+++ b//amazonq/latest/qdeveloper-ug/id-based-policy-examples-admins.md
@@ -5 +5 @@
-Allow administrators to use the Amazon Q consoleAllow administrators to use the Amazon Q Developer consoleAllow administrators to create customizationsAllow administrators to accept a connector request from the account with the Q Developer transform web experienceAllow administrators to configure pluginsAllow administrators to configure plugins from one providerAllow migration of more than one network or more than one subnet
+Allow administrators to use the Amazon Q consoleAllow administrators to use the Amazon Q Developer consoleAllow administrators to create customizationsAllow administrators to configure pluginsAllow administrators to configure plugins from one providerAllow migration of more than one network or more than one subnet
@@ -553,51 +552,0 @@ In the following example, replace `account number` with your AWS account number.
-## Allow administrators to accept a connector request from the account with the Q Developer transform web experience
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "codewhisperer:ListProfiles",
-                    "q:GetConnector",
-                    "q:AssociateConnectorResource",
-                    "q:RejectConnector"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "sso:ListInstances"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "s3:GetBucketPublicAccessBlock",
-                    "s3:GetAccountPublicAccessBlock"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "iam:CreatePolicy"
-                ],
-                "Resource": "arn:aws:iam::account number:policy/service-role/QTransform-*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "iam:CreateRole",
-                    "iam:AttachRolePolicy",
-                    "iam:PassRole"
-                ],
-                "Resource": "arn:aws:iam::account number:role/service-role/QTransform-*"
-            }
-        ]
-    }
-    
-