AWS bedrock documentation change
Summary
Clarified data storage location and encryption details for model evaluation jobs, specifying use of AWS-owned S3 bucket and KMS keys
Security assessment
The update provides clearer documentation about security controls (encryption and temporary storage) but does not indicate any security vulnerability being addressed. It enhances transparency about existing security practices rather than fixing an issue.
Diff
diff --git a/bedrock/latest/userguide/evaluation-data-management.md b/bedrock/latest/userguide/evaluation-data-management.md index 4163dcdff..eba14d55b 100644 --- a//bedrock/latest/userguide/evaluation-data-management.md +++ b//bedrock/latest/userguide/evaluation-data-management.md @@ -7 +7 @@ -During the model evaluation job, Amazon Bedrock makes a copy of your data that exists temporarily. Amazon Bedrock deletes the data after the job finishes. It uses an AWS KMS key to encrypt it. It either uses an AWS KMS key that you specify or an Amazon Bedrock owned key to encrypt the data. +During the model evaluation job, Amazon Bedrock makes a temporary copy of your data and stores it in an AWS-owned Amazon S3 bucket. Amazon Bedrock deletes this data after the job finishes. Amazon Bedrock encrypts this data using a AWS KMS key. You can choose to specify your own AWS KMS key or to use an Amazon Bedrock-owned key to encrypt the data.