AWS amazonq documentation change
Summary
Removed detailed JSON policy examples for KMS decryption and S3 access
Security assessment
Removal of policy examples reduces guidance on secure configuration but doesn't indicate a resolved security issue. Could impact users' ability to implement proper security controls.
Diff
diff --git a/amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md b/amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md index c45f75084..b148ee4e0 100644 --- a//amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md +++ b//amazonq/latest/qbusiness-ug/customizing-web-experience-themes.md @@ -55,21 +54,0 @@ To allow Amazon Q Business to access web customization artifacts from your priva -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "PolicyForAmazonQWebAccessForWebExperienceArtifacts", - "Effect": "Allow", - "Principal": { - "Service": "application.qbusiness.amazonaws.com" - }, - "Action": ["kms:Decrypt"], - "Resource": ["your-kms-key-arn"] - }] - } - - - @@ -84,37 +62,0 @@ The value of "`aws:Referer"` cannot contain `"https://"` or end with `"/"`. -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PolicyForAmazonQWebAccessForWebExperienceArtifacts", - "Effect": "Allow", - "Principal": { - "Service": "application.qbusiness.amazonaws.com" - }, - "Action": [ - "s3:GetObject" - ], - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-bucket/web-experience-object-key", - "arn:aws:s3:::amzn-s3-demo-bucket/web-experience-object-key-2" - ], - "Condition":{ - "StringLike":{ - "aws:Referer":[ - "web-experience-domain-without-https" - ] - }, - "Bool": { - "aws:SecureTransport": "true" - } - } - } - ] - } - -