AWS bedrock documentation change
Summary
Removed two JSON policy examples: 1) Domain deny policy 2) Elasticsearch service role permissions
Security assessment
Policy example removal doesn't indicate security issue resolution. Likely documentation restructuring. No evidence of addressing vulnerabilities through these changes.
Diff
diff --git a/bedrock/latest/userguide/kb-osm-permissions-slr-rbp.md b/bedrock/latest/userguide/kb-osm-permissions-slr-rbp.md index 5456306d4..cd62afec7 100644 --- a//bedrock/latest/userguide/kb-osm-permissions-slr-rbp.md +++ b//bedrock/latest/userguide/kb-osm-permissions-slr-rbp.md @@ -13,22 +12,0 @@ If you are choosing to let Amazon Bedrock Knowledge Bases create the IAM role fo -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Deny", - "Principal": { - "AWS": "arn:aws:iam::123456789012:root" - }, - "Action": "*", - "Resource": "arn:aws:bedrock:us-east-1:123456789012:domain/DomainName" - } - ] - } - - @@ -131,49 +108,0 @@ Make sure that the service role has been created for it to be used in the resour -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:es:us-east-1:123456789012:role/service-role/KnowledgeBaseServiceRoleName" - }, - "Action": [ - "es:ESHttpGet", - "es:ESHttpPost", - "es:ESHttpHead", - "es:ESHttpDelete" - ], - "Resource": [ - "arn:aws:es:us-east-1:123456789012:domain/domainName/indexName/*" - ] - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:es:us-east-1:123456789012:(role|service-role)/KnowledgeBaseServiceRoleName" - }, - "Action": "es:ESHttpGet", - "Resource": [ - "arn:aws:es:us-east-1:123456789012:domain/domainName/indexName" - ] - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:es:us-east-1:123456789012:(role|service-role)/KnowledgeBaseServiceRoleName" - }, - "Action": "es:DescribeDomain", - "Resource": [ - "arn:aws:es:us-east-1:123456789012:domain/domainName" - ] - } - ] - } - -