AWS audit-manager documentation change
Summary
Updated IAM policy documentation for generative AI framework support including bedrock:ListGuardrails and s3:GetBucketPolicy actions
Security assessment
Documents expanded IAM permissions for security-related evidence collection about AI model guardrails and bucket policies, but doesn't indicate remediation of a specific vulnerability
Diff
diff --git a/audit-manager/latest/userguide/security-iam-awsmanpol.md b/audit-manager/latest/userguide/security-iam-awsmanpol.md index c63c26291..1c164fb48 100644 --- a//audit-manager/latest/userguide/security-iam-awsmanpol.md +++ b//audit-manager/latest/userguide/security-iam-awsmanpol.md @@ -1083 +1083 @@ Change | Description | Date -[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy | The service-linked role now allows AWS Audit Manager to perform the `bedrock:ListGuardrails` action. This API action is required to support the [AWS generative AI best practices framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the guardrails that are in place for your generative AI model data training data sets. | 09/24/2024 +[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy | The service-linked role now allows AWS Audit Manager to perform the `bedrock:ListGuardrails` action. This API action is required to support the [AWS Generative AI Best Practices Framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the guardrails that are in place for your generative AI model data training data sets. | 09/24/2024 @@ -1189 +1189 @@ This update allows you to view the control domains, control objectives, and comm -[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy | The service-linked role now allows AWS Audit Manager to perform the `s3:GetBucketPolicy` action. This API action is required to support the [AWS generative AI best practices framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the policy restrictions that are in place for your generative AI model data training data sets. The `GetBucketPolicy` action operates within the scope of the AWS account where the service-linked-role is available. It can't access cross-account bucket policies. | 12/06/2023 +[AWSAuditManagerServiceRolePolicy](https://docs.aws.amazon.com/audit-manager/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSAuditManagerServiceRolePolicy) – Update to an existing policy | The service-linked role now allows AWS Audit Manager to perform the `s3:GetBucketPolicy` action. This API action is required to support the [AWS Generative AI Best Practices Framework v2](./aws-generative-ai-best-practices.html). It allows Audit Manager to collect automated evidence about the policy restrictions that are in place for your generative AI model data training data sets. The `GetBucketPolicy` action operates within the scope of the AWS account where the service-linked-role is available. It can't access cross-account bucket policies. | 12/06/2023