Installation Disclosures

Upon considering to install the Amazon Q in QuickSight FinOps Center Framework please be aware of the following:

1. Lambda code hosted in your S3 buckets are not ingested nor scanned by AWS Marketplace. This creates an external dependency. Applications that require external dependencies on deployment must follow product usage policies which includes proper disclosure. In the Release Notes of each FinOps Center Release include the results of the AWS CodeGuru Scan.

2. FinOpsCenterQGlueCrawlerRole295A8956 : add a warning in your deployment guide, product access instructions, or clusters and resources long descriptions that customers should consider deploying into new AWS accounts because the permissions allow your application access to read, edit, and/or delete existing AWS resources in the AWS account.

3. Other IAM roles: The purpose of each of these resources must be included in the product description or usage instructions. IAM Roles are listed with purpose at https://docs.finopscenter.com/amazon-q-in-quicksight-finops-center-framework/amazon-q-in-quicksight-finops-center-framework-roles-and-purpuse/version/3?kb_language=en_US

4. The Role AmazonQFramework-FinOpsCenterQGlueCrawlerRole* leverages the Glue Services Role that enables the solution to Access additional resources than the scope of Amazon Q in QuickSight FinOps Center. If this is an issue, consider deploying in stand alone AWS Account.

5. AWS Marketplace Scans the AMIs that Cloud Scal3 Provides but not the Code Artifacts that are used during the installation. Please view the results of our internal code scanning with AWS CodeGenius with the version Release Notes that you are installing.