AWS workspaces-web documentation change
Summary
Clarified that baseline URLAllowlist/URLBlocklist policies cannot be overwritten and are not visible in JSON files. Added note about viewing applied policies via chrome://policy.
Security assessment
Documents enforcement of immutable baseline security policies, which helps administrators understand security controls. However, this appears to be a clarification of existing functionality rather than a response to a security issue.
Diff
diff --git a/workspaces-web/latest/adminguide/browser-policies-baseline.md b/workspaces-web/latest/adminguide/browser-policies-baseline.md index 52422bc0c..00256e297 100644 --- a//workspaces-web/latest/adminguide/browser-policies-baseline.md +++ b//workspaces-web/latest/adminguide/browser-policies-baseline.md @@ -46,0 +47,2 @@ Customers can't make changes to the following policies: +The baseline `URLAllowlist` and `URLBlocklist` policies can't be overwritten. Note that the JSON browser policy file that is associated with your web portal will not contain these baseline policies. To see a full list of all applied policies and their values, navigate to "chrome://policy" from within a remote browsing session. + @@ -51,2 +52,0 @@ Customers can update the following policies for their web portal: - * The `URLAllowlist` and `URLBlocklist` policies can be extended by using the console view URL Filtering feature or JSON upload. However, the baseline URLs can't be overwritten. These policies aren't visible from a JSON file downloaded from your web portal. However, if you visit “chrome://policy” during a session, the remote browser displays the applied policies. -