AWS lexv2 documentation change
Summary
Removed IAM policy example for QnA feature permissions including Bedrock model invocation and data source access
Security assessment
Deletion of permission examples for AI/ML service integrations doesn't demonstrate security remediation. No evidence of vulnerability being addressed, likely documentation maintenance rather than security update.
Diff
diff --git a/lexv2/latest/dg/qna-permissions.md b/lexv2/latest/dg/qna-permissions.md index 12dee3fc7..397129dc7 100644 --- a//lexv2/latest/dg/qna-permissions.md +++ b//lexv2/latest/dg/qna-permissions.md @@ -11,56 +10,0 @@ The IAM role associated with the bot should have the following permissions requi -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Permissions to invoke Amazon Bedrock foundation models", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/model-id" - ] - }, - { - "Sid": "Permissions to access Amazon Kendra index", - "Effect": "Allow", - "Action": [ - "kendra:Query", - "kendra:Retrieve" - ], - "Resource": [ - "arn:aws:kendra:region:account-id:index/kendra-index" - ] - }, - { - "Sid": "Permissions to access OpenSearch Service index", - "Effect": "Allow", - "Action": [ - "es:ESHttpGet", - "es:ESHttpPost" - ], - "Resource": [ - "arn:aws:es:region:account-id:domain/domain-name/index-name/_search" - ] - }, - { - "Sid": "Permissions to access knowledge base in Amazon Bedrock", - "Effect": "Allow", - "Action": [ - "bedrock:Retrieve" - ], - "Resource": [ - "arn:aws:bedrock:region:account-id:knowledge-base/knowledge-base" - ] - } - ] - } - -