Direkt zum Inhalt
Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post
Über re:Post

Amazon Quick: How to disable per-action Allow/Deny prompts for connector Write actions (M365)?

0

We're using Amazon Quick chat agents with M365 connectors (Outlook, OneDrive, SharePoint, Teams). Read actions work cleanly after re-connecting and granting Entra admin consent for the Amazon Quick enterprise application (appId 4cf12f46-d83a-4f8f-b112-d6125cb15891). However, Write actions (e.g., Outlook CreateDraft, SharePoint upload) still surface an Allow/Deny confirmation card on every single invocation, which breaks autonomous agent workflows.

What we've already tried:

  1. Re-connected all four M365 connectors with a tenant admin account.
  2. Granted admin consent in Microsoft Entra for the Amazon Quick enterprise app.
  3. Reviewed Quick chat agent settings - no per-action confirmation toggle is exposed.
  4. Reviewed AWS docs and existing re:Post threads - confirmation appears to be an intentional guardrail with no documented bypass.

Questions:

  • Is there a supported way (account setting, agent config, IAM/Identity Center policy, or API parameter) to enable a 'trusted' or 'auto-approve' mode for Write actions on specific connectors or specific agents?
  • If not, is this on the roadmap? A per-agent or per-connector trust toggle would be extremely valuable for production automations where a human-in-the-loop confirmation on every write defeats the purpose of agentic execution.
  • Are there any workarounds (e.g., custom action/Lambda-backed connector) that would let an agent perform writes without the prompt while still respecting org policy?

Thanks for any guidance.

Themen
GeschäftsanwendungenMaschinelles Lernen & KI
Tags
Amazon Q Business
Sprache
English
gefragt vor einem Monat54 Aufrufe
2 Antworten
2

As far as I know, there is currently no native setting or toggle within Amazon Q Business to disable the Allow/Deny confirmation prompts for standard M365 connector Write actions. This behavior is an intentional security guardrail designed by AWS to ensure a "human-in-the-loop" for any data modification.

  • Standard Connectors: These currently enforce prompts for all Write invocations (CreateDraft, Upload, etc.) to prevent unintended actions caused by potential hallucinations or prompt injections.

  • Potential Workaround: The only way to achieve fully autonomous execution today is by using Custom Actions via AWS Lambda. By routing the Write request through a Lambda function (calling the MS Graph API directly), you bypass the built-in confirmation card. However, this requires managing your own security validation within the code.

  • Roadmap: While highly requested for agentic workflows, there is no official public date for a "trusted mode" for standard connectors yet.

@community, if I’m mistaken or if there's a hidden configuration I’ve missed, please correct me - I’m always happy to learn more about this !

EXPERTE
beantwortet vor einem Monat
0

Seems there is no way to support yet for disabling the per‑action Allow/Deny prompts for Microsoft 365 connector Write actions in Amazon Quick.

https://docs.aws.amazon.com/quick/latest/userguide/microsoft-teams-integration.html

No option to bypass yet above

EXPERTE
beantwortet vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Relevanter Inhalt