AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2025-04-01 · Documentation low

File: bedrock/latest/userguide/encryption-custom-job.md

Summary

Capitalized 'region' to 'Region' in KMS key policy instructions (2 instances)

Security assessment

Consistency update in regional references without security impact

Diff

diff --git a/bedrock/latest/userguide/encryption-custom-job.md b/bedrock/latest/userguide/encryption-custom-job.md
index 220e9bad8..8070baffd 100644
--- a/bedrock/latest/userguide/encryption-custom-job.md
+++ b/bedrock/latest/userguide/encryption-custom-job.md
@@ -117 +117 @@ The following statements are relevant to encrypting custom and copied models:
-To use your customer managed key to encrypt a custom or copied model, include the following statement in a key policy to allow encryption of a model. In the `Principal` field, add accounts that you want to allow to encrypt and decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each region, or use `*` in place of `${region}` to allow all regions that support Amazon Bedrock.
+To use your customer managed key to encrypt a custom or copied model, include the following statement in a key policy to allow encryption of a model. In the `Principal` field, add accounts that you want to allow to encrypt and decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each Region, or use `*` in place of `${region}` to allow all Regions that support Amazon Bedrock.
@@ -144 +144 @@ To use your customer managed key to encrypt a custom or copied model, include th
-To allow access to a model that has been encrypted with a KMS key, include the following statement in a key policy to allow decryption of the key. In the `Principal` field, add accounts that you want to allow to decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each region, or use `*` in place of `${region}` to allow all regions that support Amazon Bedrock.
+To allow access to a model that has been encrypted with a KMS key, include the following statement in a key policy to allow decryption of the key. In the `Principal` field, add accounts that you want to allow to decrypt the key to the list that the `AWS` subfield maps to. If you use the `kms:ViaService` condition key, you can add a line for each Region, or use `*` in place of `${region}` to allow all Regions that support Amazon Bedrock.