AWS Security ChangesHomeSearch

AWS amazonq medium security documentation change

Service: amazonq · 2025-07-18 · Security-related medium

File: amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md

Summary

Reduced IAM permissions by removing sso-oauth:IntrospectTokenWithIAM and sso-oauth:RevokeTokenWithIAM from policy example

Security assessment

Security hardening through principle of least privilege - removing unnecessary token introspection/revocation permissions reduces potential attack surface

Diff

diff --git a/amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md b/amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md
index f9698f0d7..2275fcbbf 100644
--- a//amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md
+++ b//amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md
@@ -105,3 +105 @@ The following section outlines the steps to set up the Amazon Q Business control
-                            "sso-oauth:CreateTokenWithIAM",
-                            "sso-oauth:IntrospectTokenWithIAM",
-                            "sso-oauth:RevokeTokenWithIAM"
+                            "sso-oauth:CreateTokenWithIAM"
@@ -160,0 +159,6 @@ JSON
+JSON
+    
+
+****
+    
+