AWS Security ChangesHomeSearch

AWS amazonq high security documentation change

Service: amazonq · 2025-10-22 · Security-related high

File: amazonq/latest/qbusiness-ug/infrastructure-security.md

Summary

Removed explicit requirements for API request signing using IAM credentials or AWS STS temporary security credentials

Security assessment

Deleting documentation about mandatory request signing removes critical security guidance for API access control. This could lead to insecure implementations if users are unaware of authentication requirements, directly impacting the integrity of authentication mechanisms.

Diff

diff --git a/amazonq/latest/qbusiness-ug/infrastructure-security.md b/amazonq/latest/qbusiness-ug/infrastructure-security.md
index 1ee9448e4..1df8292c5 100644
--- a//amazonq/latest/qbusiness-ug/infrastructure-security.md
+++ b//amazonq/latest/qbusiness-ug/infrastructure-security.md
@@ -18,2 +17,0 @@ You use AWS published API calls to access Amazon Q through the network. Clients
-Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) (AWS STS) to generate temporary security credentials to sign requests.
-