AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-09-28 · Documentation low

File: cli/latest/reference/bedrock-agent-runtime/create-session.md

Summary

Updated CLI version reference, moved encryption-key-arn parameter documentation, modified regex patterns (removed ^/$ anchors), reordered sessionArn/sessionId fields, and adjusted timestamp placement

Security assessment

The change adds/retains documentation about KMS encryption for session data (security feature), but there's no evidence of addressing a specific vulnerability. Pattern changes appear to relax regex validation but maintain structural validity checks. No CVE or security advisory mentioned.

Diff

diff --git a/cli/latest/reference/bedrock-agent-runtime/create-session.md b/cli/latest/reference/bedrock-agent-runtime/create-session.md
index 898f5d578..235c89201 100644
--- a//cli/latest/reference/bedrock-agent-runtime/create-session.md
+++ b//cli/latest/reference/bedrock-agent-runtime/create-session.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.1 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.3 Command Reference](../../index.html) »
@@ -82 +81,0 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-    [--encryption-key-arn <value>]
@@ -83,0 +83 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
+    [--encryption-key-arn <value>]
@@ -109,12 +108,0 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-`--encryption-key-arn` (string)
-
-> The Amazon Resource Name (ARN) of the KMS key to use to encrypt the session data. The user or role creating the session must have permission to use the key. For more information, see [Amazon Bedrock session encryption](https://docs.aws.amazon.com/bedrock/latest/userguide/session-encryption.html) .
-> 
-> Constraints:
-> 
->   * min: `1`
->   * max: `2048`
->   * pattern: `^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$`
-> 
-
-
@@ -162,0 +151,12 @@ JSON Syntax:
+`--encryption-key-arn` (string)
+
+> The Amazon Resource Name (ARN) of the KMS key to use to encrypt the session data. The user or role creating the session must have permission to use the key. For more information, see [Amazon Bedrock session encryption](https://docs.aws.amazon.com/bedrock/latest/userguide/session-encryption.html) .
+> 
+> Constraints:
+> 
+>   * min: `1`
+>   * max: `2048`
+>   * pattern: `arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}`
+> 
+
+
@@ -182 +182 @@ JSON Syntax:
->>   * pattern: `^[a-zA-Z0-9\s._:/=+@-]*$`
+>>   * pattern: `[a-zA-Z0-9\s._:/=+@-]*`
@@ -194 +194 @@ JSON Syntax:
->>   * pattern: `^[a-zA-Z0-9\s._:/=+@-]*$`
+>>   * pattern: `[a-zA-Z0-9\s._:/=+@-]*`
@@ -310,5 +310 @@ Disable automatically prompt for CLI input parameters.
-createdAt -> (timestamp)
-
-> The timestamp for when the session was created.
-
-sessionArn -> (string)
+sessionId -> (string)
@@ -316 +312 @@ sessionArn -> (string)
-> The Amazon Resource Name (ARN) of the created session.
+> The unique identifier for the session.
@@ -320 +316 @@ sessionArn -> (string)
->   * pattern: `^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]+:[0-9]{12}:session/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$`
+>   * pattern: `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`
@@ -324 +320 @@ sessionArn -> (string)
-sessionId -> (string)
+sessionArn -> (string)
@@ -326 +322 @@ sessionId -> (string)
-> The unique identifier for the session.
+> The Amazon Resource Name (ARN) of the created session.
@@ -330 +326 @@ sessionId -> (string)
->   * pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$`
+>   * pattern: `arn:aws(-[^:]+)?:bedrock:[a-z0-9-]+:[0-9]{12}:session/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`
@@ -345,0 +342,4 @@ sessionStatus -> (string)
+createdAt -> (timestamp)
+
+> The timestamp for when the session was created.
+
@@ -356 +356 @@ sessionStatus -> (string)
-  * [AWS CLI 2.31.1 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.3 Command Reference](../../index.html) »