AWS Security ChangesHomeSearch

AWS lexv2 documentation change

Service: lexv2 · 2025-11-16 · Documentation low

File: lexv2/latest/dg/context-mgmt-session-attribs.md

Summary

Clarified that Amazon Lex V2 handles session attribute encryption and persistence, with explicit service name references

Security assessment

While the documentation mentions encrypted storage of session attributes, this was already present in the original text. The changes primarily improve clarity by specifying 'Amazon Lex V2' as the actor, rather than introducing new security features or addressing vulnerabilities.

Diff

diff --git a/lexv2/latest/dg/context-mgmt-session-attribs.md b/lexv2/latest/dg/context-mgmt-session-attribs.md
index 951a97f7f..dd26a026d 100644
--- a//lexv2/latest/dg/context-mgmt-session-attribs.md
+++ b//lexv2/latest/dg/context-mgmt-session-attribs.md
@@ -7 +7 @@
- _Session attributes_ contain application-specific information that is passed between a bot and a client application during a session. passes session attributes to all Lambda functions configured for a bot. If a Lambda function adds or updates session attributes, passes the new information back to the client application. 
+ _Session attributes_ contain application-specific information that is passed between a bot and a client application during a session. Amazon Lex V2 passes session attributes to all Lambda functions configured for a bot. If a Lambda function adds or updates session attributes, Amazon Lex V2 passes the new information back to the client application. 
@@ -18 +18 @@ Use session attributes in your Lambda functions to initialize a bot and to custo
-Session attributes persist for the duration of the session. stores them in an encrypted data store until the session ends. The client can create session attributes in a request by calling either the [RecognizeText](https://docs.aws.amazon.com/lexv2/latest/APIReference/API_runtime_RecognizeText.html) or [RecognizeUtterance](https://docs.aws.amazon.com/lexv2/latest/APIReference/API_runtime_RecognizeUtterance.html) operation with the `sessionAttributes` field set to a value. A Lambda function can create a session attribute in a response. After the client or a Lambda function creates a session attribute, the stored attribute value is used any time that the client application doesn't include `sessionAttribute` field in a request to .
+Session attributes persist for the duration of the session. Amazon Lex V2 stores them in an encrypted data store until the session ends. The client can create session attributes in a request by calling either the [RecognizeText](https://docs.aws.amazon.com/lexv2/latest/APIReference/API_runtime_RecognizeText.html) or [RecognizeUtterance](https://docs.aws.amazon.com/lexv2/latest/APIReference/API_runtime_RecognizeUtterance.html) operation with the `sessionAttributes` field set to a value. A Lambda function can create a session attribute in a response. After the client or a Lambda function creates a session attribute, the stored attribute value is used any time that the client application doesn't include `sessionAttribute` field in a request to Amazon Lex V2.
@@ -20 +20 @@ Session attributes persist for the duration of the session. stores them in an en
-For example, suppose you have two session attributes, `{"x": "1", "y": "2"}`. If the client calls the `RecognizeText` or `RecognizeUtterance` operation without specifying the `sessionAttributes` field, calls the Lambda function with the stored session attributes (`{"x": 1, "y": 2}`). If the Lambda function doesn't return session attributes, returns the stored session attributes to the client application.
+For example, suppose you have two session attributes, `{"x": "1", "y": "2"}`. If the client calls the `RecognizeText` or `RecognizeUtterance` operation without specifying the `sessionAttributes` field, Amazon Lex V2 calls the Lambda function with the stored session attributes (`{"x": 1, "y": 2}`). If the Lambda function doesn't return session attributes, Amazon Lex V2 returns the stored session attributes to the client application.
@@ -22 +22 @@ For example, suppose you have two session attributes, `{"x": "1", "y": "2"}`. If
-If either the client application or a Lambda function passes session attributes, updates the stored session attributes. Passing an existing value, such as ` {"x": 2}`, updates the stored value. If you pass a new set of session attributes, such as `{"z": 3}`, the existing values are removed and only the new value is kept. When an empty map, `{}`, is passed, stored values are erased.
+If either the client application or a Lambda function passes session attributes, Amazon Lex V2 updates the stored session attributes. Passing an existing value, such as ` {"x": 2}`, updates the stored value. If you pass a new set of session attributes, such as `{"z": 3}`, the existing values are removed and only the new value is kept. When an empty map, `{}`, is passed, stored values are erased.
@@ -24 +24 @@ If either the client application or a Lambda function passes session attributes,
-To send session attributes to , you create a string-to-string map of the attributes. The following shows how to map session attributes: 
+To send session attributes to Amazon Lex V2, you create a string-to-string map of the attributes. The following shows how to map session attributes: