AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2026-05-13 · Documentation low

File: bedrock/latest/userguide/knowledge-base-prereq.md

Summary

Updated permissions requirements for creating knowledge bases with OpenSearch Service

Security assessment

Clarifies IAM permissions needed for service operations but doesn't address any specific security vulnerability.

Diff

diff --git a/bedrock/latest/userguide/knowledge-base-prereq.md b/bedrock/latest/userguide/knowledge-base-prereq.md
index e0306e73d..4e0f8d1d5 100644
--- a//bedrock/latest/userguide/knowledge-base-prereq.md
+++ b//bedrock/latest/userguide/knowledge-base-prereq.md
@@ -21 +21 @@ Before you can create a knowledge base, you must fulfill the following prerequis
-If you're creating a knowledge base with Amazon OpenSearch Service (including Amazon OpenSearch Serverless), the service role requires additional permissions beyond those covered by the AWS-managed BedrockFullAccess policy. These include `aoss:CreateAccessPolicy`, `iam:CreateServiceLinkedRole`, and `iam:CreateRole` permissions.
+If you choose to have Amazon Bedrock create a new service role for you, the user or role creating the knowledge base requires `iam:CreateRole` and `iam:CreatePolicy` permissions. If you're creating a knowledge base with Amazon OpenSearch Service (including Amazon OpenSearch Serverless), additional permissions are required, including `aoss:CreateAccessPolicy` and `iam:CreateServiceLinkedRole`.