- Newest
- Most votes
- Most comments
In the context of AWS Bedrock and other AWS services, "free-form text fields" refer to any input areas where users can enter arbitrary text without strict formatting requirements. This typically includes fields like "Name" or "Description" that allow users to provide custom labels or information about resources.
The warning about not putting sensitive information in these fields is a general security best practice across AWS services. It's important to understand that the content entered in these fields may be used in various ways by AWS systems, including for billing purposes or in diagnostic logs. This means that sensitive data entered in these fields could potentially be exposed in unexpected places.
Some examples of free-form text fields where you should avoid entering sensitive information include:
- Resource name fields (e.g., when naming an Amazon Bedrock model or other AWS resources)
- Description fields for resources or configurations
- Custom tags applied to AWS resources
- Any field that allows for unrestricted text input
This guidance applies not only when using the AWS Management Console, but also when interacting with AWS services through APIs, the AWS Command Line Interface (CLI), or AWS Software Development Kits (SDKs).
To protect sensitive information, it's best to use dedicated secure storage solutions and access control mechanisms rather than including such data in general-purpose text fields or tags. This helps ensure that confidential information is properly managed and not inadvertently exposed through logs or billing information.
Sources
Data protection - Amazon Bedrock
Data protection in Tag Editor - Tagging AWS Resources and Tag Editor
Data Protection in AWS Toolkit for Visual Studio - AWS Toolkit with Amazon Q
Data Protection in the AWS Serverless Application Repository - AWS Serverless Application Repository
Data protection in AWS Glue DataBrew - AWS Glue DataBrew
