AWS amazonq high security documentation change
Summary
Updated command references from 'trustall' to 'trust-all' and adjusted related security warnings
Security assessment
The changes emphasize security risks of using '/tools trust-all' (previously 'trustall') which bypasses confirmation prompts. The documentation explicitly warns against using this in production/sensitive environments and provides mitigation steps, indicating a security-critical command.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/command-line-chat-security.md b/amazonq/latest/qdeveloper-ug/command-line-chat-security.md index d04c69432..a62ff798e 100644 --- a//amazonq/latest/qdeveloper-ug/command-line-chat-security.md +++ b//amazonq/latest/qdeveloper-ug/command-line-chat-security.md @@ -5 +5 @@ -Understanding security risksGeneral security best practicesUsing /tools trustall safely +Understanding security risksGeneral security best practicesUsing /tools trust-all safely @@ -26 +26 @@ When using Amazon Q, be aware of the following potential security risks: -These risks are significantly increased when using `/tools trustall` or `/acceptall`, which bypass confirmation prompts. +These risks are significantly increased when using `/tools trust-all` or `/acceptall`, which bypass confirmation prompts. @@ -41 +41 @@ Specific examples of risks include: -AWS recommends against using `/tools trustall` or `/acceptall` mode in production environments or when working with sensitive data or resources. You are responsible for all actions performed by Amazon Q when these modes are enabled. +AWS recommends against using `/tools trust-all` or `/acceptall` mode in production environments or when working with sensitive data or resources. You are responsible for all actions performed by Amazon Q when these modes are enabled. @@ -80 +80 @@ For environments with highly sensitive information, consider these additional me -## Using /tools trustall safely +## Using /tools trust-all safely @@ -86 +86 @@ If you must use `/tools trustall` or `/acceptall` for specific workflows, follow - * Enable `/tools trustall` only for specific tasks, then immediately disable it using `/tools reset` to return to default permissions + * Enable `/tools trust-all` only for specific tasks, then immediately disable it using `/tools reset` to return to default permissions @@ -88 +88 @@ If you must use `/tools trustall` or `/acceptall` for specific workflows, follow - * Back up important data before enabling `/tools trustall` + * Back up important data before enabling `/tools trust-all` @@ -90 +90 @@ If you must use `/tools trustall` or `/acceptall` for specific workflows, follow - * Use AWS credentials with minimal permissions when `/tools trustall` is enabled + * Use AWS credentials with minimal permissions when `/tools trust-all` is enabled @@ -92 +92 @@ If you must use `/tools trustall` or `/acceptall` for specific workflows, follow - * Carefully monitor all actions Amazon Q takes while `/tools trustall` is enabled + * Carefully monitor all actions Amazon Q takes while `/tools trust-all` is enabled @@ -97 +97 @@ If you must use `/tools trustall` or `/acceptall` for specific workflows, follow -To return to the default permission settings after using `/tools trustall`, use the reset command: +To return to the default permission settings after using `/tools trust-all`, use the reset command: