AWS connect medium security documentation change
Summary
Added policy update for Connect AI agents with explicit deny for delete actions
Security assessment
Explicitly denies wisdom:DeleteAssistant/DeleteKnowledgeBase actions, directly addressing potential destructive operations. Scopes permissions via resource tagging ('AmazonConnectEnabled':'True'), enhancing least-privilege controls.
Diff
diff --git a/connect/latest/adminguide/security_iam_awsmanpol.md b/connect/latest/adminguide/security_iam_awsmanpol.md index 345c1176c..6dc6ded69 100644 --- a//connect/latest/adminguide/security_iam_awsmanpol.md +++ b//connect/latest/adminguide/security_iam_awsmanpol.md @@ -171,0 +172,6 @@ Change | Description | Date +[AmazonConnectServiceLinkedRolePolicy](./connect-slr.html) – Updated actions for Connect AI agents | Updated the Connect AI agents permissions in the service-linked role policy to `wisdom:*` on all Connect Customer Connect AI agents resources with resource tag `'AmazonConnectEnabled':'True'`, with an explicit deny for the following actions: + + * `wisdom:DeleteAssistant` + * `wisdom:DeleteKnowledgeBase` + +| May 18, 2026