AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2025-10-16 · Documentation low

File: bedrock/latest/userguide/security_iam_id-based-policy-examples.md

Summary

Added clarification that model invocation denial policies can be used as Service Control Policies (SCPs)

Security assessment

Enhances documentation about organizational security controls but does not address a specific vulnerability. The addition helps users implement better security practices through SCPs but isn't tied to a disclosed security issue.

Diff

diff --git a/bedrock/latest/userguide/security_iam_id-based-policy-examples.md b/bedrock/latest/userguide/security_iam_id-based-policy-examples.md
index cfdf65459..9419003f4 100644
--- a//bedrock/latest/userguide/security_iam_id-based-policy-examples.md
+++ b//bedrock/latest/userguide/security_iam_id-based-policy-examples.md
@@ -99 +99 @@ This example shows how you might create a policy that allows IAM users to view t
-To prevent a user from invoking foundation models, you need to deny access to API actions that invoke models directly. The following example shows a identity-based policy that denies access to running inference on a specific model.
+To prevent a user from invoking foundation models, you need to deny access to API actions that invoke models directly. The following example shows a identity-based policy that denies access to running inference on a specific model. This policy can be used as a service control policy (SCP) to control model access across an organization.