AWS AmazonECS documentation change
Summary
Added permissions documentation for Amazon Q recommendations feature requiring codewhisperer:GenerateRecommendations
Security assessment
Documents required permissions for a new feature (Amazon Q recommendations) but does not address any specific security vulnerability or weakness. The permission addition is routine feature documentation.
Diff
diff --git a/AmazonECS/latest/developerguide/console-permissions.md b/AmazonECS/latest/developerguide/console-permissions.md index 317a3a21f..aae465366 100644 --- a//AmazonECS/latest/developerguide/console-permissions.md +++ b//AmazonECS/latest/developerguide/console-permissions.md @@ -5 +5 @@ -Permissions for creating IAM rolesPermissions required for registering an external instance to a clusterPermissions required for registering a task definitionPermissions required for creating an EventBridge rule for scheduled tasksPermissions required for viewing service deploymentsPermissions required to view Amazon ECS lifecycle events in Container InsightsPermissions required for enabling Amazon ECS lifecycle events inContainer Insights +Permissions for creating IAM rolesPermissions required for registering an external instance to a clusterPermissions required for registering a task definitionPermissions required for using Amazon Q to provide recommendations in the consolePermissions required for creating an EventBridge rule for scheduled tasksPermissions required for viewing service deploymentsPermissions required to view Amazon ECS lifecycle events in Container InsightsPermissions required for enabling Amazon ECS lifecycle events inContainer Insights @@ -99,0 +100,17 @@ The following policy contains the required permissions, and limits the actions t +## Permissions required for using Amazon Q to provide recommendations in the console + +For Amazon Q to provide recommendations in the Amazon ECS; console, you must enable the correct IAM permissions for either your IAM user or role. You must add the `codewhisperer:GenerateRecommendations` permission, as outlined in the sample IAM policy below: + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AmazonQDeveloperPermissions", + "Effect": "Allow", + "Action": ["codewhisperer:GenerateRecommendations"], + "Resource": "*" + } + ] + } +