Controlling AWS API Calls from Amazon Q Developer: Enterprise Governance with Built-in User Agent Markers
DevOps & Developer Productivity Blog
This article discusses how Amazon Q Developer provides built-in user agent markers to help organizations govern and control AWS API calls made through AI-assisted development tools.
- Amazon Q Developer automatically includes unique identifiers in user agent strings for AWS CLI calls
- Two primary markers exist: one for CLI tool operations and another for IDE integration operations
- These markers allow organizations to distinguish between AI-assisted and manual AWS operations
- IAM policies can be configured to control permissions based on these user agent markers
- Examples include allowing read operations but blocking write operations from Q Developer
- CloudTrail can be used to verify and monitor Q Developer API usage
The key benefit is enabling secure Amazon Q Developer adoption by providing granular governance controls while maintaining developer productivity.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Oct 9
2025
2025
Establishing enterprise governance in Amazon Quick Suite using custom permissions
Jun 2
2025
2025
Introducing agentic capabilities for Amazon Q Developer Chat in the AWS Management Console and chat applications
Jul 31
2025
2025
Amazon Q Developer CLI announces custom agents
Jul 31
2025
2025
Overcome development disarray with Amazon Q Developer CLI custom agents
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.