• Contents:

AWS Security Services for Bedrock

• IAM with Bedrock
  • Implement identity verification and resource-level access control
  • Define (segregated) roles and permissions to access Bedrock resources (e.g. data scientists)
• GuardRails for Bedrock
  • Restrict specific topics in a GenAI application
  • Filter harmful content
  • Ensure compliance with safety policies by analyzing user inputs
• CloudTrail with Bedrock: Analyze API calls made to Bedrock
• Config with Bedrock: look at configuration changes within Bedrock over time
• PrivateLink with Bedrock: keep all API calls to Bedrock within a private VPC

Security scenarios for Bedrock

Bedrock must access an encrypted S3 bucket

• Bedrock must have an IAM role that gives it access to:
  • The S3 bucket
  • The KMS key with the decrypt permission
• Diagram

Access Bedrock Model using an App inside private VPC

Analyze Bedrock access with CloudTrail

• ❗Both successful and unsuccessful API calls are traced!