AWS Security ChangesHomeSearch

AWS amazonq medium security documentation change

Service: amazonq · 2025-07-18 · Security-related medium

File: amazonq/latest/qbusiness-ug/embed-web-experience.md

Summary

Added authentication requirements, third-party cookie guidance, and clipboard permission note for iframes

Security assessment

Explicitly documents security controls for embedded chat (authentication flow) and highlights security-sensitive browser configuration requirements (third-party cookies/clipboard access). The clipboard permission requirement could expose users to injection risks if misconfigured.

Diff

diff --git a/amazonq/latest/qbusiness-ug/embed-web-experience.md b/amazonq/latest/qbusiness-ug/embed-web-experience.md
index bc2eba7b4..88592a840 100644
--- a//amazonq/latest/qbusiness-ug/embed-web-experience.md
+++ b//amazonq/latest/qbusiness-ug/embed-web-experience.md
@@ -14,0 +15,2 @@ Once this <iframe> is added to the website, the Amazon Q Business chat assistant
+Amazon Q Business users must provide user authentication credentials before they can use the embedded Amazon Q chat experience on your website. These credentials are the same as the credentials required for the Amazon Q web experience. To authenticate, Amazon Q opens a new browser tab or window where users can enter their credentials. Once successfully authenticated, users can close this tab or window and begin using the embedded Amazon Q chat experience within the website.
+
@@ -19 +21,3 @@ Once this <iframe> is added to the website, the Amazon Q Business chat assistant
-  * Amazon Q Business users must provide user authentication credentials before they can use the embedded Amazon Q chat experience on your website. These credentials are the same as the credentials required for the Amazon Q web experience. To authenticate, Amazon Q opens a new browser tab or window where users can enter their credentials. Once successfully authenticated, users can close this tab or window and begin using the embedded Amazon Q chat experience within the website.
+  * If your browser has a limited cookie mode (ex. Incognito mode in Chrome), you may have to enable third-party cookies for Amazon Q embedded to work. 
+
+  * The button for copying may not work without `allow="clipboard-read; clipboard-write"` attribute added to iframe