AWS prescriptive-guidance documentation change
Summary
Updated image path, reformatted numbered list with indentation, fixed typo ('orincipals' to 'principals'), and restructured note section. Security content unchanged.
Security assessment
Formatting, typo correction, and image path updates with no impact on security controls. No vulnerability fixes or new security documentation.
Diff
diff --git a/prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/resource-perimeter.md b/prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/resource-perimeter.md index 787ca6c68..782d79f36 100644 --- a//prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/resource-perimeter.md +++ b//prescriptive-guidance/latest/data-perimeter-for-amazon-bedrock/resource-perimeter.md @@ -13 +13 @@ This diagram is a high level illustration of a resource perimeter. - + @@ -17 +17,7 @@ Figure 3.2 High level illustration of resource perimeter -1\. Service control policies (SCPs) allow only approved Amazon Bedrock models in approved regions. + 1. Service control policies (SCPs) allow only approved Amazon Bedrock models in approved regions. + + 2. SCP denies all access to untrusted external Resources + + 3. Amazon VPC endpoint policies deny access to external resources outside organizational boundaries + + 4. Amazon VPC endpoint policy allows access only to approved resources with with required tags @@ -19 +24,0 @@ Figure 3.2 High level illustration of resource perimeter -2\. SCP denies all access to untrusted external Resources @@ -21 +25,0 @@ Figure 3.2 High level illustration of resource perimeter -3\. Amazon VPC endpoint policies deny access to external resources outside organizational boundaries @@ -23 +26,0 @@ Figure 3.2 High level illustration of resource perimeter -4\. Amazon VPC endpoint policy allows access only to approved resources with with required tags @@ -27 +30 @@ This section covers the comprehensive resource protection strategies for Amazon - * **Model access controls** \- Implementing fine-grained AWS IAM policies for different Amazon Bedrock models + * **Model access controls** \- Implementing fine-grained IAM policies for different Amazon Bedrock models @@ -29 +32 @@ This section covers the comprehensive resource protection strategies for Amazon - * **Service orincipals** \- Managing automated access patterns and service-to-service authentication + * **Service principals** \- Managing automated access patterns and service-to-service authentication @@ -48 +51,3 @@ Each subsection provides detailed implementation guidance and security controls -**Note –** These resource protection examples demonstrate common patterns but may not address all data types, integration scenarios, or regulatory requirements in your environment. Conduct a thorough data classification and risk assessment for your specific AI workloads. Consult AWS service documentation for the latest encryption options, policy syntax, and integration patterns with your existing security controls. +###### Note + +These resource protection examples demonstrate common patterns but may not address all data types, integration scenarios, or regulatory requirements in your environment. Conduct a thorough data classification and risk assessment for your specific AI workloads. Consult AWS service documentation for the latest encryption options, policy syntax, and integration patterns with your existing security controls.