AWS Security ChangesHomeSearch

AWS cli medium security documentation change

Service: cli · 2026-06-16 · Security-related medium

File: cli/latest/reference/bedrock-agentcore/list-batch-evaluations.md

Summary

Updated CLI version reference; fixed CLI input parameters ordering; added 'insights' field with security analysis capabilities; introduced 'kmsKeyArn' field for encryption

Security assessment

The 'kmsKeyArn' field explicitly documents encryption of evaluation data using KMS keys. The 'insights' field enables security analysis through Builtin.Insight.* evaluations, indicating security monitoring capabilities. No specific vulnerability is addressed.

Diff

diff --git a/cli/latest/reference/bedrock-agentcore/list-batch-evaluations.md b/cli/latest/reference/bedrock-agentcore/list-batch-evaluations.md
index ac9b860fa..aaad446da 100644
--- a//cli/latest/reference/bedrock-agentcore/list-batch-evaluations.md
+++ b//cli/latest/reference/bedrock-agentcore/list-batch-evaluations.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.3 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
@@ -69 +68,0 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-    [--cli-input-json | --cli-input-yaml]
@@ -72,0 +72 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
+    [--cli-input-json | --cli-input-yaml]
@@ -97,2 +96,0 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-`--cli-input-json` | `--cli-input-yaml` (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by `--generate-cli-skeleton`. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with `--cli-input-yaml`.
-
@@ -116,0 +115,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
+`--cli-input-json` | `--cli-input-yaml` (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by `--generate-cli-skeleton`. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with `--cli-input-yaml`.
+
@@ -298 +298 @@ batchEvaluations -> (list)
->>>> An evaluator to run against sessions.
+>>>> An evaluator to run against sessions
@@ -308,0 +309,25 @@ batchEvaluations -> (list)
+>> 
+>> insights -> (list)
+>>
+>>> The list of insight analyses applied during the batch evaluation.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `0`
+>>>   * max: `10`
+>>> 
+
+>>> 
+>>> (structure)
+>>>
+>>>> A reference to an insight analysis to run against sessions.
+>>>> 
+>>>> insightId -> (string) [required]
+>>>>
+>>>>> Canonical insight identifiers using the Builtin.Insight.* naming convention. Used by BatchEvaluate, InternalEvaluate, and ServiceEngineEvaluate flows.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * pattern: `(Builtin\.[a-zA-Z0-9._-]+|[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10})`
+>>>>> 
+
@@ -380,0 +406,12 @@ batchEvaluations -> (list)
+>> 
+>> kmsKeyArn -> (string)
+>>
+>>> The ARN of the KMS key used to encrypt evaluation data.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `2048`
+>>>   * pattern: `arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}`
+>>> 
+
@@ -400 +437 @@ nextToken -> (string)
-  * [AWS CLI 2.35.3 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.5 Command Reference](../../index.html) »