AWS prescriptive-guidance documentation change
Summary
Updated image path, reformatted numbered list with indentation, restructured note section with heading, and added blank lines for readability. Content remains unchanged.
Security assessment
Changes involve formatting, image path updates, and note restructuring without altering security controls or introducing new security content. No evidence of addressing vulnerabilities.
Diff
diff --git a/prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/network-perimeter.md b/prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/network-perimeter.md index 0b40031a4..277ebfd9f 100644 --- a//prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/network-perimeter.md +++ b//prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/network-perimeter.md @@ -13 +13 @@ This diagram is a high level illustration of a network perimeter. - + @@ -17 +17 @@ Figure 3.3 High level illustration of a network perimeter -1\. SCP denies Amazon Bedrock, Amazon S3, OpenSearch and other operations not originating from VPC endpoint + 1. SCP denies Amazon Bedrock, Amazon S3, OpenSearch and other operations not originating from VPC endpoint @@ -19 +19,7 @@ Figure 3.3 High level illustration of a network perimeter -2\. Using Amazon VPC endpoints denies access to external untrusted resources + 2. Using Amazon VPC endpoints denies access to external untrusted resources + + 3. SCP denies Amazon Bedrock operations outside approved regions + + 4. Resource policies allow access only from known Amazon VPC endpoints + + 5. AWS security groups isolate AI workloads in dedicated subnets with HTTPS-only access to Amazon VPC endpoints @@ -21 +26,0 @@ Figure 3.3 High level illustration of a network perimeter -3\. SCP denies Amazon Bedrock operations outside approved regions @@ -23 +27,0 @@ Figure 3.3 High level illustration of a network perimeter -4\. Resource policies allow access only from known Amazon VPC endpoints @@ -25 +28,0 @@ Figure 3.3 High level illustration of a network perimeter -5\. AWS security groups isolate AI workloads in dedicated subnets with HTTPS-only access to Amazon VPC endpoints @@ -50 +53,3 @@ Each subsection provides practical implementation guidance for securing AI workl -**Note –** These network security configurations provide baseline patterns but may not suit all infrastructure architectures or compliance requirements. Adapt the examples to your specific network topology, traffic patterns, and data residency obligations. Validate that network controls don't disrupt legitimate AI operations and consult Amazon VPC and networking documentation for the latest features and best practices. +###### Note + +These network security configurations provide baseline patterns but may not suit all infrastructure architectures or compliance requirements. Adapt the examples to your specific network topology, traffic patterns, and data residency obligations. Validate that network controls don't disrupt legitimate AI operations and consult Amazon VPC and networking documentation for the latest features and best practices.