AWS amazonq documentation change
Summary
Added architecture overview and clarified authentication workflows for custom applications
Security assessment
Significantly expands documentation about secure authentication flows using SigV4, IAM Identity Center, and external IdPs. While security-focused, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md b/amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md index cefbeb6d1..92cfa928f 100644 --- a//amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md +++ b//amazonq/latest/qbusiness-ug/making-sigv4-authenticated-api-calls.md @@ -5 +5 @@ -PrerequisitesOne-time setupWorkflow for each API call session for an authenticated user +Using APIs to create an applicationPrerequisitesOne-time setupWorkflow for custom application backend API calls for an authenticated user @@ -8,0 +9,4 @@ PrerequisitesOne-time setupWorkflow for each API call session for an authenticat +###### Important + +**This documentation is for developers building custom applications that integrate with Amazon Q Business APIs.** These instructions help you create a trusted backend component in your custom application that can make authenticated API calls on behalf of your users. This is NOT for the built-in Amazon Q Business web experience — that handles authentication automatically through the AWS console. + @@ -16,0 +21,25 @@ This page provides an overview of the workflows needed to obtain AWS Sig V4 cred +## Architecture overview + +The following diagram shows how your custom application components interact with AWS services to make authenticated API calls: + + + +**Key components:** + + * **Custom app frontend** : Your user-facing application (web, mobile, etc.) + + * **Custom app trusted backend** : Your server-side component that handles AWS API calls + + * **External IdP** : Your identity provider (Okta, Azure AD, etc.) + + * **IAM Identity Center** : AWS service that manages identity federation + + * **Amazon Q Business APIs** : The APIs your application calls (`Chat`, `SearchRelevantContent`, etc.) + + + + +###### Note + +Your custom application's backend component must implement this authentication flow. End users interact with your frontend, which communicates with your trusted backend to make Amazon Q Business API calls. + @@ -23 +52 @@ This page provides an overview of the workflows needed to obtain AWS Sig V4 cred - * Workflow for each API call session for an authenticated user + * Workflow for custom application backend API calls for an authenticated user @@ -236 +265 @@ JSON -## Workflow for each API call session for an authenticated user +## Workflow for custom application backend API calls for an authenticated user