AWS bedrock documentation change
Summary
Fixed typos and improved grammar in encryption documentation for BDA resources
Security assessment
The changes correct documentation about existing security features (KMS encryption context usage) but do not introduce new security information or address vulnerabilities. The content maintains existing security documentation quality through clarification.
Diff
diff --git a/bedrock/latest/userguide/encryption-bda.md b/bedrock/latest/userguide/encryption-bda.md index 1767b6685..ca1ace51d 100644 --- a//bedrock/latest/userguide/encryption-bda.md +++ b//bedrock/latest/userguide/encryption-bda.md @@ -71 +71 @@ After you create a AWS KMS key, you attach a key policy to it. The following AWS -To use your customer managed key to encrypt BDA resources, include the following statements in your key policy and replace `${account-id}`, `${region}`, and `${key-id}` with your specific values.: +To use your customer managed key to encrypt BDA resources, include the following statements in your key policy and replace `${account-id}`, `${region}`, and `${key-id}` with your specific values: @@ -132 +132 @@ The IAM role used to interact with BDA and AWS KMS should have the following per -BDA uses the same encryption context in all AWS KMS cryptographic operations, where the key is `aws:bedrock:data-automation-customer-account-id` and teh value is your AWS account ID an example of the encryption context is below. +BDA uses the same encryption context in all AWS KMS cryptographic operations, where the key is `aws:bedrock:data-automation-customer-account-id` and the value is your AWS account ID. An example of the encryption context is below. @@ -147 +147 @@ When you use a symmetric customer managed key to encrypt your data, you can also -ou can use the encryption context in key policies and IAM policies as conditions to control access to your symmetric customer managed key. You can also use encryption context constraints in a grant. BDA uses an encryption context constraint in grants to control access to the customer managed key in your account or Region. The grant constraint requires that the operations that the grant allows use the specified encryption context. +You can use the encryption context in key policies and IAM policies as conditions to control access to your symmetric customer managed key. You can also use encryption context constraints in a grant. BDA uses an encryption context constraint in grants to control access to the customer managed key in your account or Region. The grant constraint requires that the operations that the grant allows use the specified encryption context.