Amazon Bedrock encrypts your agent's session information. By default, Amazon Bedrock encrypts this data using an AWS managed key. Optionally, you can encrypt the agent artifacts using a customer managed key.
For more information about AWS KMS keys, see Customer managed keys in the AWS Key Management Service Developer Guide.
If you encrypt sessions with your agent with a custom KMS key, you must set up the following identity-based policy and resource-based policy to allow Amazon Bedrock to encrypt and decrypt agent resources on your behalf.
-
Attach the following identity-based policy to an IAM role or user with permissions to make
InvokeAgent
calls. This policy validates the user making anInvokeAgent
call has KMS permissions. Replace the${region}
,${account-id}
,${agent-id}
, and${key-id}
with the appropriate values.{ "Version": "2012-10-17", "Statement": [ { "Sid": "Allow Amazon Bedrock to encrypt and decrypt Agent resources on behalf of authorized users", "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:
${region}
:${account-id}
:key/${key-id}
", "Condition": { "StringEquals": { "kms:EncryptionContext:aws:bedrock:arn": "arn:aws:bedrock:${region}
:${account-id}
:agent/${agent-id}
" } } } ] } -
Attach the following resource-based policy to your KMS key. Change the scope of the permissions as necessary. Replace the
${region}
,${account-id}
,${agent-id}
, and${key-id}
with the appropriate values.{ "Version": "2012-10-17", "Statement": [ { "Sid": "Allow account root to modify the KMS key, not used by Amazon Bedrock.", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::
${account-id}
:root" }, "Action": "kms:*", "Resource": "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
" }, { "Sid": "Allow Amazon Bedrock to encrypt and decrypt Agent resources on behalf of authorized users", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
", "Condition": { "StringEquals": { "kms:EncryptionContext:aws:bedrock:arn": "arn:aws:bedrock:${region}
:${account-id}
:agent/${agent-id}
" } } }, { "Sid": "Allow the service role to use the key to encrypt and decrypt Agent resources", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::${account-id}
:role/${role}
" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", ], "Resource": "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
" }, { "Sid": "Allow the attachment of persistent resources", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } } ] }