AWS bedrock documentation change
Summary
Capitalized 'region' to 'Region' in KMS key policy instructions (2 instances)
Security assessment
Consistency update in regional references without security impact
Diff
diff --git a/bedrock/latest/userguide/encryption-custom-job.md b/bedrock/latest/userguide/encryption-custom-job.md index 220e9bad8..8070baffd 100644 --- a/bedrock/latest/userguide/encryption-custom-job.md +++ b/bedrock/latest/userguide/encryption-custom-job.md @@ -117 +117 @@ The following statements are relevant to encrypting custom and copied models: -To use your customer managed key to encrypt a custom or copied model, include the following statement in a key policy to allow encryption of a model. In the `Principal` field, add accounts that you want to allow to encrypt and decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each region, or use `*` in place of `${region}` to allow all regions that support Amazon Bedrock. +To use your customer managed key to encrypt a custom or copied model, include the following statement in a key policy to allow encryption of a model. In the `Principal` field, add accounts that you want to allow to encrypt and decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each Region, or use `*` in place of `${region}` to allow all Regions that support Amazon Bedrock. @@ -144 +144 @@ To use your customer managed key to encrypt a custom or copied model, include th -To allow access to a model that has been encrypted with a KMS key, include the following statement in a key policy to allow decryption of the key. In the `Principal` field, add accounts that you want to allow to decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each region, or use `*` in place of `${region}` to allow all regions that support Amazon Bedrock. +To allow access to a model that has been encrypted with a KMS key, include the following statement in a key policy to allow decryption of the key. In the `Principal` field, add accounts that you want to allow to decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each Region, or use `*` in place of `${region}` to allow all Regions that support Amazon Bedrock.