AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-05-31 · Documentation medium

File: solutions/latest/generative-ai-application-builder-on-aws/anonymized-data-collection.md

Summary

Updated data collection documentation with expanded metrics list and explicit opt-out instructions. Added new fields including security-related configurations (VPC settings, guardrails, client-owned user pools) and clarified data exclusion policies.

Security assessment

The change adds documentation about security-related configurations including VPC settings, guardrails enablement, and client-owned Cognito user pools. While these are security-adjacent features, there is no evidence this change addresses a specific vulnerability. The documentation now better informs users about security controls available in the solution.

Diff

diff --git a/solutions/latest/generative-ai-application-builder-on-aws/anonymized-data-collection.md b/solutions/latest/generative-ai-application-builder-on-aws/anonymized-data-collection.md
index e3589b2a6..c43c9e798 100644
--- a//solutions/latest/generative-ai-application-builder-on-aws/anonymized-data-collection.md
+++ b//solutions/latest/generative-ai-application-builder-on-aws/anonymized-data-collection.md
@@ -9 +9 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **Solution ID** \- The AWS solution identifier
+  * **Solution ID** \- The AWS solution identifier.
@@ -11 +11 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **UUID** \- Randomly generated, unique identifier for each Generative AI Application Builder on AWS deployment
+  * **UUID** \- A randomly generated unique identifier for each Generative AI Application Builder on AWS deployment.
@@ -13 +13 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **Timestamp** \- Data-collection timestamp
+  * **Timestamp** \- The timestamp when the data was collected.
@@ -15 +15 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **New Amazon Kendra Index Created** \- Whether or not a new Amazon Kendra index has been created
+  * **New Amazon Kendra Index Created** \- Indicates whether a new Amazon Kendra index was created.
@@ -17 +17 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **Amazon Kendra Edition** \- The Amazon Kendra edition selected for creation
+  * **Amazon Kendra Edition** \- Specifies the Amazon Kendra edition selected.
@@ -19 +19 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **RAG Enabled** \- Whether or not the RAG functionality is being used
+  * **Usecase Type** \- Indicates the selected use case type: Text or Agent.
@@ -21 +21 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **Use Case Configuration Parameters** \- the complete set of LLM parameters supplied during the use case wizard creation step. This includes details such as the model and knowledge base provers used. Please note, any customer prompts are explicitly excluded and not included in metric collections.
+  * **Model Provider** \- The selected model provider, either Bedrock or SageMaker AI.
@@ -23 +23,33 @@ This solution includes an option to send anonymized operational metrics to AWS.
-  * **Usage Counts** \- Various metric counts collected from the solution’s custom CloudWatch dashboard which provides the application’s usage analytics. Example stats include WebSocket error counts, Kendra latency, and so on.
+  * **RAG Enabled** \- Indicates whether Retrieval-Augmented Generation (RAG) functionality is enabled.
+
+  * **Type of Knowledge Base** \- If RAG is enabled, specifies the type of knowledge base selected (Bedrock or Kendra).
+
+  * **Streaming** \- If the use case is Text, indicates whether the output is streamed.
+
+  * **Verbose** \- Indicates whether verbose logging is enabled.
+
+  * **VPC Enabled** \- Indicates whether a VPC is enabled.
+
+  * **Create VPC** \- Specifies whether a VPC was created by the solution or provided by the business user.
+
+  * **Use Case Deployment Source** \- Indicates whether the use case was created from the deployment dashboard or as a standalone use case.
+
+  * **Model ID** \- If Bedrock is the selected model provider, specifies the LLM model ID.
+
+  * **Inference Profile ID** \- If Bedrock is the selected model provider, specifies the Bedrock inference profile ID used when the model is deployed in a different region.
+
+  * **Guardrails Enabled** \- If Bedrock is the selected model provider, indicates whether Bedrock guardrails are enabled.
+
+  * **Provisioned Model Enabled** \- Whether a provisioned model is used.
+
+  * **Prompt Parameters** \- Configuration options related to prompt behavior, such as rephrasing, user editing, disambiguation, and input/prompt length limits.
+
+  * **Tracing Enabled** \- If the Agent use case is selected, indicates whether tracing is enabled for the Bedrock Agent.
+
+  * **Client-Owned User Pool** \- Indicates whether the Cognito user pool is client-owned.
+
+  * **Feedback Enabled** \- Indicates whether the user has opted to provide feedback (positive or negative) on LLM responses.
+
+  * **Usage Counts** \- Various metric counts collected from the solution’s custom CloudWatch dashboard, which provides application usage analytics. Examples include LLM input and output token counts.
+    
+        Note: Customer prompts and Model Arn are explicitly excluded and not collected.
@@ -36,3 +68,4 @@ AWS owns the data gathered through this survey. Data collection is subject to th
-        AnonymousData:
-     SendAnonymousData:
-     Data: Yes
+        Mappings:
+      Solution:
+        Data:
+          SendAnonymousUsageData: 'Yes'
@@ -42,3 +75,4 @@ to:
-        AnonymousData:
-     SendAnonymousData:
-     Data: No
+        Mappings:
+      Solution:
+        Data:
+          SendAnonymousUsageData: 'No'
@@ -58,0 +93,15 @@ to:
+###### Note
+
+By default, users can opt out of sending anonymous usage data for **deployment dashboards** only. However, **use cases** within the solution will continue to send anonymous metrics unless explicitly disabled.
+
+To disable anonymous usage data for all use cases:
+
+  1. Visit the [GitHub repository](https://github.com/aws-solutions/generative-ai-application-builder-on-aws) and download the source code for this solution.
+
+  2. In the file [`use-case-stack.ts`](https://github.com/aws-solutions/generative-ai-application-builder-on-aws/blob/main/source/infrastructure/lib/framework/use-case-stack.ts), set the value of `SendAnonymousUsageData` to `No`.
+
+  3. Follow the instructions in the [README.md](https://github.com/aws-solutions/generative-ai-application-builder-on-aws/blob/main/README.md) to deploy your customized solution.
+
+
+
+