AWS bedrock documentation change
Summary
Added clarification that model invocation denial policies can be used as Service Control Policies (SCPs)
Security assessment
Enhances documentation about organizational security controls but does not address a specific vulnerability. The addition helps users implement better security practices through SCPs but isn't tied to a disclosed security issue.
Diff
diff --git a/bedrock/latest/userguide/security_iam_id-based-policy-examples.md b/bedrock/latest/userguide/security_iam_id-based-policy-examples.md index cfdf65459..9419003f4 100644 --- a//bedrock/latest/userguide/security_iam_id-based-policy-examples.md +++ b//bedrock/latest/userguide/security_iam_id-based-policy-examples.md @@ -99 +99 @@ This example shows how you might create a policy that allows IAM users to view t -To prevent a user from invoking foundation models, you need to deny access to API actions that invoke models directly. The following example shows a identity-based policy that denies access to running inference on a specific model. +To prevent a user from invoking foundation models, you need to deny access to API actions that invoke models directly. The following example shows a identity-based policy that denies access to running inference on a specific model. This policy can be used as a service control policy (SCP) to control model access across an organization.