AWS Security ChangesHomeSearch

AWS chatbot documentation change

Service: chatbot · 2025-05-31 · Documentation low

File: chatbot/latest/adminguide/scp.md

Summary

Updated documentation to clarify that service control policies (SCPs) specifically apply to Amazon Q Developer in chat channels rather than general usage. Added 'in chat channels' qualifiers throughout the text.

Security assessment

The changes refine documentation about SCPs (security controls) but do not indicate any vulnerability fix or incident response. The modifications improve clarity about policy scope but don't address new security risks.

Diff

diff --git a/chatbot/latest/adminguide/scp.md b/chatbot/latest/adminguide/scp.md
index b04b55b18..ef64ae627 100644
--- a//chatbot/latest/adminguide/scp.md
+++ b//chatbot/latest/adminguide/scp.md
@@ -9 +9 @@ AWS Chatbot is now Amazon Q Developer. [Learn more](./service-rename.html)
-# Service control policies (SCPs) for Amazon Q Developer
+# Service control policies (SCPs) for Amazon Q Developer in chat channels
@@ -13 +13 @@ Service control policies (SCPs) are a type of organization policy that you can u
-SCPs for Amazon Q Developer function similarly to channel guardrail policies, but are implemented on the organization level. You can use SCPs to secure your organizations by restricting what APIs can be used to configure Amazon Q Developer and which services and operations can be run using Amazon Q Developer. This doesn’t impact resources that are already created or the ability to respond to commands in chat channels.
+SCPs for Amazon Q Developer in chat channels function similarly to channel guardrail policies, but are implemented on the organization level. You can use SCPs to secure your organizations by restricting what APIs can be used to configure Amazon Q Developer in chat channels and which services and operations can be run using Amazon Q Developer. This doesn’t impact resources that are already created or the ability to respond to commands in chat channels.
@@ -15 +15 @@ SCPs for Amazon Q Developer function similarly to channel guardrail policies, bu
-The global condition key, `aws:ChatbotSourceArn`, is attached to all sessions created through Amazon Q Developer. You can use this condition key to restrict which Amazon Q Developer API operations can be run using Amazon Q Developer as opposed to other platforms such as the CLI or console. 
+The global condition key, `aws:ChatbotSourceArn`, is attached to all sessions created through Amazon Q Developer in chat channels. You can use this condition key to restrict which Amazon Q Developer in chat channels API operations can be run using Amazon Q Developer in chat channels as opposed to other platforms such as the CLI or console. 
@@ -19 +19 @@ The global condition key, `aws:ChatbotSourceArn`, is attached to all sessions cr
-SCPs for Amazon Q Developer are limited to Amazon Q Developer access in chat applications and don't apply to Amazon Q Business access from chat applications.
+SCPs for Amazon Q Developer in chat channels are limited to Amazon Q Developer access in chat applications and don't apply to Amazon Q Business access from chat applications.
@@ -32 +32 @@ SCPs for Amazon Q Developer are limited to Amazon Q Developer access in chat app
-The following SCP denies all IAM operations invoked through all Amazon Q Developer configurations.
+The following SCP denies all IAM operations invoked through all Amazon Q Developer in chat channels configurations.