AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2025-09-28 · Documentation low

File: bedrock/latest/userguide/kb-permissions.md

Summary

Added detailed IAM policy JSON example with S3 access permissions and resource account conditions

Security assessment

The change provides explicit security policy examples for encrypted data access. While security-related, this is routine documentation improvement rather than addressing a specific vulnerability. The added conditions help enforce proper resource access controls.

Diff

diff --git a/bedrock/latest/userguide/kb-permissions.md b/bedrock/latest/userguide/kb-permissions.md
index 11bec2d36..4a3850b3d 100644
--- a//bedrock/latest/userguide/kb-permissions.md
+++ b//bedrock/latest/userguide/kb-permissions.md
@@ -170,7 +169,0 @@ If you encrypted the data source with a AWS KMS key, attach permissions to decry
-JSON
-    
-
-****
-    
-    
-    
@@ -177,0 +171,35 @@ JSON
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "S3ListBucketStatement",
+                "Effect": "Allow",
+                "Action": [
+                    "s3:ListBucket"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::amzn-s3-demo-bucket"
+                ],
+                "Condition": {
+                    "StringEquals": {
+                        "aws:ResourceAccount": "123456789012"
+                    }
+                }
+            },
+            {
+                "Sid": "S3GetObjectStatement",
+                "Effect": "Allow",
+                "Action": [
+                    "s3:GetObject"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::amzn-s3-demo-bucket/*"
+                ],
+                "Condition": {
+                    "StringEquals": {
+                        "aws:ResourceAccount": "123456789012"
+                    }
+                }
+            }
+        ]
+    }