AWS Security ChangesHomeSearch

AWS amazonq documentation change

Service: amazonq · 2025-11-22 · Documentation low

File: amazonq/latest/qbusiness-ug/data-encryption.md

Summary

Updated all AWS KMS documentation links by adding an extra forward slash in the URLs (e.g., changed 'https://docs.aws.amazon.com/kms/' to 'https://docs.aws.amazon.com//kms/').

Security assessment

The changes are purely cosmetic URL formatting updates with no impact on security content. The documentation still describes the same encryption mechanisms and KMS integration without altering security guidance or addressing vulnerabilities.

Diff

diff --git a/amazonq/latest/qbusiness-ug/data-encryption.md b/amazonq/latest/qbusiness-ug/data-encryption.md
index 195e38730..64775efba 100644
--- a//amazonq/latest/qbusiness-ug/data-encryption.md
+++ b//amazonq/latest/qbusiness-ug/data-encryption.md
@@ -30 +30 @@ The Amazon Q Business uses the questions and answers to know the conversation co
-  * **AWS owned keys** – Amazon Q Business uses these keys by default to automatically encrypt sensitive customer data. You can't view, manage, or use AWS owned keys, or audit their use. However, you don't have to take any action or change any programs to protect the keys that encrypt your data. For more information, see [AWS owned keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) in the _AWS Key Management Service Developer Guide_. 
+  * **AWS owned keys** – Amazon Q Business uses these keys by default to automatically encrypt sensitive customer data. You can't view, manage, or use AWS owned keys, or audit their use. However, you don't have to take any action or change any programs to protect the keys that encrypt your data. For more information, see [AWS owned keys](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#aws-owned-cmk) in the _AWS Key Management Service Developer Guide_. 
@@ -66 +66 @@ Because you have full control of this layer of encryption, you can perform such
-For more information, see [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) in the _AWS Key Management Service Developer Guide_.
+For more information, see [customer managed key](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#customer-cmk) in the _AWS Key Management Service Developer Guide_.
@@ -87 +87 @@ If you have created your Amazon Q Business application environment using AWS KMS
-Amazon Q Business requires a [grant](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) to use your customer managed key. When you create a Amazon Q Business application environment resource encrypted with a customer managed key, Amazon Q creates a grant on your behalf by sending a [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) request to AWS KMS. Grants in AWS KMS are used to give Amazon Q Business access to a KMS key in a customer account.
+Amazon Q Business requires a [grant](https://docs.aws.amazon.com//kms/latest/developerguide/grants.html) to use your customer managed key. When you create a Amazon Q Business application environment resource encrypted with a customer managed key, Amazon Q creates a grant on your behalf by sending a [CreateGrant](https://docs.aws.amazon.com//kms/latest/APIReference/API_CreateGrant.html) request to AWS KMS. Grants in AWS KMS are used to give Amazon Q Business access to a KMS key in a customer account.
@@ -91 +91 @@ Amazon Q Business requires the grant to use your customer managed key for the fo
-  * Send [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) requests to AWS KMS to verify that the symmetric customer managed key ID entered when creating application environment is valid.
+  * Send [DescribeKey](https://docs.aws.amazon.com//kms/latest/APIReference/API_DescribeKey.html) requests to AWS KMS to verify that the symmetric customer managed key ID entered when creating application environment is valid.
@@ -93 +93 @@ Amazon Q Business requires the grant to use your customer managed key for the fo
-  * Send [GenerateDataKeyWithoutPlainText](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext.html) requests to AWS KMS to generate data keys encrypted by your customer managed key.
+  * Send [GenerateDataKeyWithoutPlainText](https://docs.aws.amazon.com//kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext.html) requests to AWS KMS to generate data keys encrypted by your customer managed key.
@@ -95 +95 @@ Amazon Q Business requires the grant to use your customer managed key for the fo
-  * Send [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) requests to AWS KMS to decrypt the encrypted data keys so that they can be used to encrypt your data.
+  * Send [Decrypt](https://docs.aws.amazon.com//kms/latest/APIReference/API_Decrypt.html) requests to AWS KMS to decrypt the encrypted data keys so that they can be used to encrypt your data.
@@ -112 +112 @@ Amazon Q does not support asymmetric KMS keys. For more information, see [Using
-Follow the steps for [Creating symmetric customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the _AWS Key Management Service Developer Guide_.
+Follow the steps for [Creating symmetric customer managed key](https://docs.aws.amazon.com//kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the _AWS Key Management Service Developer Guide_.
@@ -116 +116 @@ Follow the steps for [Creating symmetric customer managed key](https://docs.aws.
-Key policies control access to your customer managed key. Every customer managed key must have exactly one key policy, which contains statements that determine who can use the key and how they can use it. When you create your customer managed key, you can specify a key policy. For more information, see [Managing access to customer managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/control-access-overview.html#managing-access) in the _AWS Key Management Service Developer Guide_.
+Key policies control access to your customer managed key. Every customer managed key must have exactly one key policy, which contains statements that determine who can use the key and how they can use it. When you create your customer managed key, you can specify a key policy. For more information, see [Managing access to customer managed keys](https://docs.aws.amazon.com//kms/latest/developerguide/control-access-overview.html#managing-access) in the _AWS Key Management Service Developer Guide_.
@@ -120 +120 @@ To use your customer managed key with your Amazon Q Business resources, the foll
-  * [kms:CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) – Adds a grant to a customer managed key. Grants control access to a specified KMS key,which allows access to [grant operation](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) Amazon Q Business requires. For more information about [Using Grants](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html), see the _AWS Key Management Service Developer Guide_.
+  * [kms:CreateGrant](https://docs.aws.amazon.com//kms/latest/APIReference/API_CreateGrant.html) – Adds a grant to a customer managed key. Grants control access to a specified KMS key,which allows access to [grant operation](https://docs.aws.amazon.com//kms/latest/developerguide/grants.html#terms-grant-operations) Amazon Q Business requires. For more information about [Using Grants](https://docs.aws.amazon.com//kms/latest/developerguide/grants.html), see the _AWS Key Management Service Developer Guide_.
@@ -130 +130 @@ This allows Amazon Q Business to do the following:
-  * [kms:DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) – Provides the customer managed key details to allow Amazon Q to validate the key.
+  * [kms:DescribeKey](https://docs.aws.amazon.com//kms/latest/APIReference/API_DescribeKey.html) – Provides the customer managed key details to allow Amazon Q to validate the key.
@@ -185 +185 @@ Show moreShow less
-For more information about [specifying permissions in a policy](https://docs.aws.amazon.com/kms/latest/developerguide/control-access-overview.html#overview-policy-elements) and [troubleshooting key access](https://docs.aws.amazon.com/kms/latest/developerguide/policy-evaluation.html#example-no-iam), see the _AWS Key Management Service Developer Guide_
+For more information about [specifying permissions in a policy](https://docs.aws.amazon.com//kms/latest/developerguide/control-access-overview.html#overview-policy-elements) and [troubleshooting key access](https://docs.aws.amazon.com//kms/latest/developerguide/policy-evaluation.html#example-no-iam), see the _AWS Key Management Service Developer Guide_
@@ -193 +193 @@ When you create your application environment, you can specify the data key by en
-**KMS ID** – A [key identifier](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) for an AWS KMS customer managed key. Enter a key ID, key ARN, alias name, or alias ARN.
+**KMS ID** – A [key identifier](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#key-id) for an AWS KMS customer managed key. Enter a key ID, key ARN, alias name, or alias ARN.
@@ -199 +199 @@ Any resources you create under your Amazon Q Business application environment wi
-When you use an AWS KMS customer managed key with your Amazon Q Business resources, you can use [AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html) or [Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) to track requests that Amazon Q Business sends to AWS KMS.
+When you use an AWS KMS customer managed key with your Amazon Q Business resources, you can use [AWS CloudTrail](https://docs.aws.amazon.com//awscloudtrail/latest/userguide/cloudtrail-user-guide.html) or [Amazon CloudWatch Logs](https://docs.aws.amazon.com//AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html) to track requests that Amazon Q Business sends to AWS KMS.