AWS Security ChangesHomeSearch

AWS audit-manager documentation change

Service: audit-manager · 2025-04-11 · Documentation low

File: audit-manager/latest/userguide/security-iam-awsmanpol.md

Summary

Updated IAM policy documentation for generative AI framework support including bedrock:ListGuardrails and s3:GetBucketPolicy actions

Security assessment

Documents expanded IAM permissions for security-related evidence collection about AI model guardrails and bucket policies, but doesn't indicate remediation of a specific vulnerability

Diff

diff --git a/audit-manager/latest/userguide/security-iam-awsmanpol.md b/audit-manager/latest/userguide/security-iam-awsmanpol.md
index c63c26291..1c164fb48 100644
--- a//audit-manager/latest/userguide/security-iam-awsmanpol.md
+++ b//audit-manager/latest/userguide/security-iam-awsmanpol.md
@@ -1083 +1083 @@ Change | Description | Date
-[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy |  The service-linked role now allows AWS Audit Manager to perform the `bedrock:ListGuardrails` action.  This API action is required to support the [AWS generative AI best practices framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the guardrails that are in place for your generative AI model data training data sets. | 09/24/2024  
+[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy |  The service-linked role now allows AWS Audit Manager to perform the `bedrock:ListGuardrails` action.  This API action is required to support the [AWS Generative AI Best Practices Framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the guardrails that are in place for your generative AI model data training data sets. | 09/24/2024  
@@ -1189 +1189 @@ This update allows you to view the control domains, control objectives, and comm
-[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy |  The service-linked role now allows AWS Audit Manager to perform the `s3:GetBucketPolicy` action.  This API action is required to support the [AWS generative AI best practices framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the policy restrictions that are in place for your generative AI model data training data sets. The `GetBucketPolicy` action operates within the scope of the AWS account where the service-linked-role is available. It can't access cross-account bucket policies.  | 12/06/2023  
+[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy |  The service-linked role now allows AWS Audit Manager to perform the `s3:GetBucketPolicy` action.  This API action is required to support the [AWS Generative AI Best Practices Framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the policy restrictions that are in place for your generative AI model data training data sets. The `GetBucketPolicy` action operates within the scope of the AWS account where the service-linked-role is available. It can't access cross-account bucket policies.  | 12/06/2023