AWS Security ChangesHomeSearch

AWS connect medium security documentation change

Service: connect · 2026-05-19 · Security-related medium

File: connect/latest/adminguide/security_iam_awsmanpol.md

Summary

Added policy update for Connect AI agents with explicit deny for delete actions

Security assessment

Explicitly denies wisdom:DeleteAssistant/DeleteKnowledgeBase actions, directly addressing potential destructive operations. Scopes permissions via resource tagging ('AmazonConnectEnabled':'True'), enhancing least-privilege controls.

Diff

diff --git a/connect/latest/adminguide/security_iam_awsmanpol.md b/connect/latest/adminguide/security_iam_awsmanpol.md
index 345c1176c..6dc6ded69 100644
--- a//connect/latest/adminguide/security_iam_awsmanpol.md
+++ b//connect/latest/adminguide/security_iam_awsmanpol.md
@@ -171,0 +172,6 @@ Change | Description | Date
+[AmazonConnectServiceLinkedRolePolicy](./connect-slr.html) – Updated actions for Connect AI agents |  Updated the Connect AI agents permissions in the service-linked role policy to `wisdom:*` on all Connect Customer Connect AI agents resources with resource tag `'AmazonConnectEnabled':'True'`, with an explicit deny for the following actions:
+
+  * `wisdom:DeleteAssistant`
+  * `wisdom:DeleteKnowledgeBase`
+
+| May 18, 2026