AWS amazonq high security documentation change
Summary
Removed security conditions (Referer and SecureTransport) from KMS key policy example
Security assessment
Removal of aws:Referer and aw:SecureTransport conditions weakens the example policy by eliminating transport security enforcement and origin validation. This could lead to potential MITM attacks or unauthorized access if replicated without additional safeguards.
Diff
diff --git a/amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md b/amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md index 8fd0d8ce6..72075815b 100644 --- a//amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md +++ b//amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md @@ -64,9 +64 @@ To allow Amazon Q Business to access web customization artifacts from your priva - "Resource": ["your-kms-key-arn"], - "Condition": { - "StringLike": { - "aws:Referer": ["your-webexperience-domain-without-https://"] - }, - "Bool": { - "aws:SecureTransport": "true" - } - } + "Resource": ["your-kms-key-arn"]