AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2026-05-22 · Documentation low

File: bedrock/latest/userguide/guardrails-resource-based-policies.md

Summary

Changed 'In order to use' to 'To use' in cross-account permission explanation

Security assessment

Grammatical simplification without changing security requirements for cross-account guardrail usage.

Diff

diff --git a/bedrock/latest/userguide/guardrails-resource-based-policies.md b/bedrock/latest/userguide/guardrails-resource-based-policies.md
index 9a4b2b855..1a966e88d 100644
--- a//bedrock/latest/userguide/guardrails-resource-based-policies.md
+++ b//bedrock/latest/userguide/guardrails-resource-based-policies.md
@@ -15 +15 @@ You can attach a resource-based policy (RBP) to Guardrails resources (guardrail
-Resource-based policies are recommended for use with account-level enforced guardrails, and are required for use of organization-level enforced guardrails, because for organizational enforced guardrails the member accounts are required to apply a guardrail that exists in the organization administrator account. In order to use a guardrail in a different account, the caller identity must have permission to call the `bedrock:ApplyGuardrail` API on the guardrail, and the guardrail must have a resource based policy attached which gives that caller permission. For more information, see [Cross-account policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic-cross-account.html) and [Identity-based policies and resource-based policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html).
+Resource-based policies are recommended for use with account-level enforced guardrails, and are required for use of organization-level enforced guardrails, because for organizational enforced guardrails the member accounts are required to apply a guardrail that exists in the organization administrator account. To use a guardrail in a different account, the caller identity must have permission to call the `bedrock:ApplyGuardrail` API on the guardrail, and the guardrail must have a resource based policy attached which gives that caller permission. For more information, see [Cross-account policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic-cross-account.html) and [Identity-based policies and resource-based policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html).