AWS Security ChangesHomeSearch

AWS quick documentation change

Service: quick · 2026-06-19 · Documentation low

File: quick/latest/userguide/security-sandbox-apps.md

Summary

Added documentation for public app security including isolation restrictions, anonymous access limitations, storage constraints, integration blocks, and rate limiting for AI inference.

Security assessment

The changes explicitly document security controls for public/anonymous app access (e.g., no identity exposure, storage restrictions, integration blocks, and rate limiting) but do not reference any specific vulnerability fix or incident response. This is preventive security documentation for a new feature.

Diff

diff --git a/quick/latest/userguide/security-sandbox-apps.md b/quick/latest/userguide/security-sandbox-apps.md
index 3f73d4f36..a3c83f101 100644
--- a//quick/latest/userguide/security-sandbox-apps.md
+++ b//quick/latest/userguide/security-sandbox-apps.md
@@ -7 +7 @@
-AuthenticationAuthorization layersIntegration consent modelSandbox restrictions
+AuthenticationAuthorization layersIntegration consent modelSandbox restrictionsPublic app security
@@ -29,0 +30 @@ Connector auth | How the connector authenticates with the external API (configur
+Public access | Whether anonymous viewers can access the app without signing in (set by the app owner when sharing; Free and Plus accounts only)  
@@ -61,0 +63,19 @@ Every apps in Quick app runs inside a sandboxed iframe with strict security poli
+  * **Public app isolation** — Public apps run in the same sandbox as private apps but cannot access action connectors, embedded visuals, embedded chat experiences, or Amazon Quick spaces. Only shared storage and AI inference are available to anonymous viewers.
+
+
+
+
+## Public app security
+
+Public apps allow anonymous access without authentication. The following security measures apply:
+
+  * **No identity** — Anonymous viewers have no user identity. The user identity API returns null values for public viewers.
+
+  * **No private storage** — Anonymous viewers cannot access private storage. Only shared storage is available.
+
+  * **No integrations** — Public apps cannot use action connectors, embedded visuals, embedded chat experiences, or Amazon Quick spaces.
+
+  * **Rate limiting** — AI inference requests from public apps are rate-limited to prevent abuse. Usage counts against the app owner's subscription quota.
+
+  * **Same sandbox** — Public apps run in the same sandboxed iframe with the same Content Security Policy as private apps.
+