Warning

• Removed the AWS > Bedrock > Agent > Allowed > Encryption at Rest control and its associated policy types. Encryption at rest is a mutable property of a Bedrock agent, so enforcing it through an Allowed control, whose only enforcement is stop/delete, was the wrong control type. The dedicated AWS > Bedrock > Agent > Encryption at Rest control already governs this property and remains in place.

Control Types

Removed

• AWS > Bedrock > Agent > Allowed > Encryption at Rest

Policy Types

Removed

• AWS > Bedrock > Agent > Allowed > Encryption at Rest
• AWS > Bedrock > Agent > Allowed > Encryption at Rest > Level
• AWS > Bedrock > Agent > Allowed > Encryption at Rest > Level > Customer Managed Key