AWS bedrock documentation change
Summary
Added note about additional required permissions for OpenSearch Service knowledge bases
Security assessment
The change highlights necessary IAM permissions for secure OpenSearch integration. This improves security documentation but does not indicate a resolved vulnerability. Missing these permissions could lead to access issues but isn't evidence of an exploit.
Diff
diff --git a/bedrock/latest/userguide/knowledge-base-prereq.md b/bedrock/latest/userguide/knowledge-base-prereq.md index c4e018287..a20eb4f01 100644 --- a//bedrock/latest/userguide/knowledge-base-prereq.md +++ b//bedrock/latest/userguide/knowledge-base-prereq.md @@ -16,0 +17,4 @@ Before you can create a knowledge base, you must fulfill the following prerequis +###### Note + +If you're creating a knowledge base with Amazon OpenSearch Service (including Amazon OpenSearch Serverless), the service role requires additional permissions beyond those covered by the AWS-managed BedrockFullAccess policy. These include `aoss:CreateAccessPolicy`, `iam:CreateServiceLinkedRole`, and `iam:CreateRole` permissions. +