AWS Security ChangesHomeSearch

AWS workspaces-web documentation change

Service: workspaces-web · 2025-11-16 · Documentation low

File: workspaces-web/latest/adminguide/browser-policies-baseline.md

Summary

Clarified that baseline URLAllowlist/URLBlocklist policies cannot be overwritten and are not visible in JSON files. Added note about viewing applied policies via chrome://policy.

Security assessment

Documents enforcement of immutable baseline security policies, which helps administrators understand security controls. However, this appears to be a clarification of existing functionality rather than a response to a security issue.

Diff

diff --git a/workspaces-web/latest/adminguide/browser-policies-baseline.md b/workspaces-web/latest/adminguide/browser-policies-baseline.md
index 52422bc0c..00256e297 100644
--- a//workspaces-web/latest/adminguide/browser-policies-baseline.md
+++ b//workspaces-web/latest/adminguide/browser-policies-baseline.md
@@ -46,0 +47,2 @@ Customers can't make changes to the following policies:
+The baseline `URLAllowlist` and `URLBlocklist` policies can't be overwritten. Note that the JSON browser policy file that is associated with your web portal will not contain these baseline policies. To see a full list of all applied policies and their values, navigate to "chrome://policy" from within a remote browsing session.
+
@@ -51,2 +52,0 @@ Customers can update the following policies for their web portal:
-  * The `URLAllowlist` and `URLBlocklist` policies can be extended by using the console view URL Filtering feature or JSON upload. However, the baseline URLs can't be overwritten. These policies aren't visible from a JSON file downloaded from your web portal. However, if you visit “chrome://policy” during a session, the remote browser displays the applied policies.
-