AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2026-05-07 · Security-related high

File: AWSCloudFormation/latest/TemplateReference/aws-resource-bedrockagentcore-evaluator.md

Summary

Added KmsKeyArn property for customer-managed encryption keys

Security assessment

Introduces customer-managed key encryption for sensitive data, enhancing data protection capabilities.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-bedrockagentcore-evaluator.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-bedrockagentcore-evaluator.md
index 49c997891..762bb31ce 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-bedrockagentcore-evaluator.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-bedrockagentcore-evaluator.md
@@ -29,0 +30 @@ To declare this entity in your CloudFormation template, use the following syntax
+          "KmsKeyArn" : String,
@@ -44,0 +46 @@ To declare this entity in your CloudFormation template, use the following syntax
+      KmsKeyArn: String
@@ -90,0 +93,17 @@ _Update requires_ : [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/
+`KmsKeyArn`
+    
+
+The Amazon Resource Name (ARN) of the customer managed AWS KMS key used to encrypt the evaluator's sensitive data. This field is only present for evaluators encrypted with a customer managed key. 
+
+_Required_ : No
+
+ _Type_ : String
+
+ _Pattern_ : `^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]+:[0-9]{12}:key/[a-zA-Z0-9-]{36}$`
+
+_Minimum_ : `1`
+
+ _Maximum_ : `2048`
+
+ _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+