AWS Security ChangesHomeSearch

AWS amazonq high security documentation change

Service: amazonq · 2025-08-01 · Security-related high

File: amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md

Summary

Removed security conditions (Referer and SecureTransport) from KMS key policy example

Security assessment

Removal of aws:Referer and aw:SecureTransport conditions weakens the example policy by eliminating transport security enforcement and origin validation. This could lead to potential MITM attacks or unauthorized access if replicated without additional safeguards.

Diff

diff --git a/amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md b/amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md
index 8fd0d8ce6..72075815b 100644
--- a//amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md
+++ b//amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md
@@ -64,9 +64 @@ To allow Amazon Q Business to access web customization artifacts from your priva
-                    "Resource": ["your-kms-key-arn"],
-                    "Condition": {
-                        "StringLike": {
-                            "aws:Referer": ["your-webexperience-domain-without-https://"]
-                        },
-                        "Bool": {
-                            "aws:SecureTransport": "true"
-                        }
-                    }
+                    "Resource": ["your-kms-key-arn"]