AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-06-19 · Documentation medium

File: cli/latest/reference/bedrock-agent/ingest-knowledge-base-documents.md

Summary

Updated navigation links, AWS CLI version reference, and added documentation for the 'accessControlList' field which allows specifying access control entries (user, type, and access level) for documents when metadata type is IN_LINE_ATTRIBUTE.

Security assessment

The change adds documentation for a new 'accessControlList' parameter that enables granular access control (ALLOW/DENY) at the document level. This is a security feature implementation that allows controlling user access to knowledge base documents, but there's no evidence it addresses a specific existing vulnerability.

Diff

diff --git a/cli/latest/reference/bedrock-agent/ingest-knowledge-base-documents.md b/cli/latest/reference/bedrock-agent/ingest-knowledge-base-documents.md
index 519c2bcb4..5f10ee2dd 100644
--- a//cli/latest/reference/bedrock-agent/ingest-knowledge-base-documents.md
+++ b//cli/latest/reference/bedrock-agent/ingest-knowledge-base-documents.md
@@ -14,2 +14,2 @@
-  * [previous](get-prompt.html "get-prompt") |
-  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
+  * [previous](get-resource-policy.html "get-resource-policy") |
+  * [AWS CLI 2.35.8 Command Reference](../../index.html) »
@@ -22 +22 @@
-  * [← get-prompt](get-prompt.html "previous chapter \(use the left arrow\)") /
+  * [← get-resource-policy](get-resource-policy.html "previous chapter \(use the left arrow\)") /
@@ -266,0 +267,46 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
+>>> 
+>>> accessControlList -> (list)
+>>>
+>>>> Access control list for the document. Used when metadata type is IN_LINE_ATTRIBUTE.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>> 
+
+>>>> 
+>>>> (structure)
+>>>>
+>>>>> An access control entry specifying a principal and their access level.
+>>>>> 
+>>>>> name -> (string) [required]
+>>>>>
+>>>>>> The user identifier.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * min: `1`
+>>>>>>   * max: `256`
+>>>>>> 
+
+>>>>> 
+>>>>> type -> (string) [required]
+>>>>>
+>>>>>> The type of principal.
+>>>>>> 
+>>>>>> Possible values:
+>>>>>> 
+>>>>>>   * `USER`
+>>>>>> 
+
+>>>>> 
+>>>>> access -> (string) [required]
+>>>>>
+>>>>>> Whether to allow or deny access.
+>>>>>> 
+>>>>>> Possible values:
+>>>>>> 
+>>>>>>   * `ALLOW`
+>>>>>>   * `DENY`
+>>>>>> 
+
@@ -461,0 +508,6 @@ JSON Syntax:
+          },
+          "accessControlList": [
+            {
+              "name": "string",
+              "type": "USER",
+              "access": "ALLOW"|"DENY"
@@ -462,0 +515,2 @@ JSON Syntax:
+            ...
+          ]
@@ -728 +782 @@ documentDetails -> (list)
-  * [← get-prompt](get-prompt.html "previous chapter \(use the left arrow\)") /
+  * [← get-resource-policy](get-resource-policy.html "previous chapter \(use the left arrow\)") /
@@ -737,2 +791,2 @@ documentDetails -> (list)
-  * [previous](get-prompt.html "get-prompt") |
-  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
+  * [previous](get-resource-policy.html "get-resource-policy") |
+  * [AWS CLI 2.35.8 Command Reference](../../index.html) »