AWS amazonq medium security documentation change
Summary
Reduced IAM permissions by removing sso-oauth:IntrospectTokenWithIAM and sso-oauth:RevokeTokenWithIAM from policy example
Security assessment
Security hardening through principle of least privilege - removing unnecessary token introspection/revocation permissions reduces potential attack surface
Diff
diff --git a/amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md b/amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md index f9698f0d7..2275fcbbf 100644 --- a//amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md +++ b//amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md @@ -105,3 +105 @@ The following section outlines the steps to set up the Amazon Q Business control - "sso-oauth:CreateTokenWithIAM", - "sso-oauth:IntrospectTokenWithIAM", - "sso-oauth:RevokeTokenWithIAM" + "sso-oauth:CreateTokenWithIAM" @@ -160,0 +159,6 @@ JSON +JSON + + +**** + +