AWS bedrock documentation change
Summary
Updated KMS ARNs and ViaService endpoints to us-east-1 in encryption policies
Security assessment
Regional specification in encryption configuration examples. Does not introduce new security features or address vulnerabilities.
Diff
diff --git a/bedrock/latest/userguide/sessions-encryption.md b/bedrock/latest/userguide/sessions-encryption.md index b71b58f30..e45affe05 100644 --- a//bedrock/latest/userguide/sessions-encryption.md +++ b//bedrock/latest/userguide/sessions-encryption.md @@ -20 +20,2 @@ JSON - "Statement": [{ + "Statement": [ + { @@ -27 +28 @@ JSON - "Resource": "arn:aws:kms:${region}:${account-id}:key/${key-id}", + "Resource": "arn:aws:kms:us-east-1:${account-id}:key/${key-id}", @@ -33 +34 @@ JSON - "kms:ViaService": "bedrock.${region}.amazonaws.com" + "kms:ViaService": "bedrock.us-east-1.amazonaws.com" @@ -42 +43 @@ JSON - "Resource": "arn:aws:kms:${region}:${account-id}:key/${key-id}", + "Resource": "arn:aws:kms:us-east-1:${account-id}:key/${key-id}", @@ -45 +46 @@ JSON - "kms:ViaService": "bedrock.${region}.amazonaws.com" + "kms:ViaService": "bedrock.us-east-1.amazonaws.com"