AWS Security ChangesHomeSearch

AWS quicksight documentation change

Service: quicksight · 2025-08-28 · Documentation low

File: quicksight/latest/user/embedding-gen-bi.md

Summary

Removed multiple JSON policy examples related to embedding URL generation permissions

Security assessment

Removal of IAM policy examples reduces documentation clarity but doesn't directly address a security vulnerability. The policies enforced domain restrictions but their removal doesn't indicate a security fix.

Diff

diff --git a/quicksight/latest/user/embedding-gen-bi.md b/quicksight/latest/user/embedding-gen-bi.md
index c27a9c803..0f6616157 100644
--- a//quicksight/latest/user/embedding-gen-bi.md
+++ b//quicksight/latest/user/embedding-gen-bi.md
@@ -54,29 +53,0 @@ The following sample policy provides these permissions.
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "quicksight:GenerateEmbedUrlForRegisteredUser"
-                ],
-                "Resource": "arn:aws:quicksight:region:accountId:user/namespace/userName",
-                "Condition": {
-                    "ForAllValues:StringEquals": {
-                        "quicksight:AllowedEmbeddingDomains": [
-                            "https://my.static.domain1.com",
-                            "https://*.my.static.domain2.com"
-                        ]
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -87,36 +57,0 @@ The following sample policy provides permission to retrieve an embedding URL for
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Action": "quicksight:RegisterUser",
-                "Resource": "*",
-                "Effect": "Allow"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "quicksight:GenerateEmbedUrlForRegisteredUser"
-                ],
-                "Resource": [
-                    "arn:aws:quicksight:region:accountId:user/namespace/userName"
-                ],
-                "Condition": {
-                    "ForAllValues:StringEquals": {
-                        "quicksight:AllowedEmbeddingDomains": [
-                            "https://my.static.domain1.com",
-                            "https://*.my.static.domain2.com"
-                        ]
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -688,33 +622,0 @@ The following sample policy provides these permissions.
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "quicksight:GenerateEmbedUrlForAnonymousUser"
-                ],
-                "Resource": [
-                    "arn:aws:quicksight:{{region}}:{{accountId}}:namespace/{{namespace}}",
-                    "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-1}}",
-                    "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-2}}"
-                ],
-                "Condition": {
-                    "ForAllValues:StringEquals": {
-                        "quicksight:AllowedEmbeddingDomains": [
-                            "https://my.static.domain1.com",
-                            "https://*.my.static.domain2.com"
-                        ]
-                    }
-                }
-            }
-        ]
-    }
-    
-