Amazon Q adds document-level ACLs for S3 knowledge base access control
New fine-grained permissions let you restrict sensitive docs to authorized users only.
Deep Dive
Amazon Quick offers document-level ACL support for S3 knowledge bases, enabling organizations to restrict access to specific documents or folders. With deny-by-default behavior, only explicitly authorized users see sensitive content. Two configuration methods are available: a global ACL file for stable folder structures, or document-level metadata for frequently changing permissions. This approach allows safe ingestion of full document libraries while meeting compliance and data governance requirements.
Key Points
- Document-level ACLs for S3 knowledge bases in Amazon Q enable fine-grained permissions at document or folder level.
- Two configuration methods: global ACL file (folder-level, stable structures) and document-level metadata files (frequent changes, minimal reindex).
- Deny-by-default ensures only explicitly granted access; reindex scope varies between full prefix (global) and single document (metadata).
Why It Matters
Enables secure AI search over sensitive documents without compromising compliance or data governance.