AWS Security ChangesHomeSearch

AWS bedrock medium security documentation change

Service: bedrock · 2026-05-13 · Security-related medium

File: bedrock/latest/userguide/knowledge-base-prereq-structured.md

Summary

Added requirement for lakeformation:GetDataAccess permission in IAM policy to prevent authorization errors

Security assessment

Addresses an authorization failure scenario where missing permissions caused queries to fail. Explicitly prevents privilege escalation risks by documenting required IAM actions.

Diff

diff --git a/bedrock/latest/userguide/knowledge-base-prereq-structured.md b/bedrock/latest/userguide/knowledge-base-prereq-structured.md
index 673bffc85..d31c1ee0c 100644
--- a//bedrock/latest/userguide/knowledge-base-prereq-structured.md
+++ b//bedrock/latest/userguide/knowledge-base-prereq-structured.md
@@ -410,0 +411,10 @@ JSON
+###### Important
+
+You must also add the `lakeformation:GetDataAccess` action to your Amazon Bedrock Knowledge Bases service role's IAM policy. Without this permission, queries to the knowledge base will fail with an authorization error. Add the following statement to the service role policy:
+    
+        {
+        "Effect": "Allow",
+        "Action": "lakeformation:GetDataAccess",
+        "Resource": "*"
+    }
+