Security in Amazon Bedrock
Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.
Security is a shared responsibility between AWS and you. The shared responsibility model
-
Security of the cloud – AWS is responsible for protecting the infrastructure that runs AWS services in the AWS Cloud. AWS also provides you with services that you can use securely. Third-party auditors regularly test and verify the effectiveness of our security as part of the AWS Compliance Programs
. To learn about the compliance programs that apply to Amazon Bedrock, see AWS Services in Scope by Compliance Program . -
Security in the cloud – Your responsibility is determined by the AWS service that you use. You are also responsible for other factors including the sensitivity of your data, your company’s requirements, and applicable laws and regulations.
This documentation helps you understand how to apply the shared responsibility model when using Amazon Bedrock. The following topics show you how to configure Amazon Bedrock to meet your security and compliance objectives. You also learn how to use other AWS services that help you to monitor and secure your Amazon Bedrock resources.
Topics
- Data protection
- Identity and access management for Amazon Bedrock
- Compliance validation for Amazon Bedrock
- Incident response in Amazon Bedrock
- Resilience in Amazon Bedrock
- Infrastructure security in Amazon Bedrock
- Cross-service confused deputy prevention
- Configuration and vulnerability analysis in Amazon Bedrock
- Use interface VPC endpoints (AWS PrivateLink)
- Prompt injection security
Use interface VPC endpoints (AWS PrivateLink)
You can use AWS PrivateLink to create a private connection between your VPC and Amazon Bedrock. You can access Amazon Bedrock as if it were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC don't need public IP addresses to access Amazon Bedrock.
You establish this private connection by creating an interface endpoint, powered by AWS PrivateLink. We create an endpoint network interface in each subnet that you enable for the interface endpoint. These are requester-managed network interfaces that serve as the entry point for traffic destined for Amazon Bedrock.
For more information, see Access AWS services through AWS PrivateLink in the AWS PrivateLink Guide.
Considerations for Amazon Bedrock VPC endpoints
Before you set up an interface endpoint for Amazon Bedrock, review Considerations in the AWS PrivateLink Guide.
Amazon Bedrock supports making the following API calls through VPC endpoints.
| Category | Endpoint prefix |
|---|---|
| Amazon Bedrock Control Plane API actions | bedrock |
| Amazon Bedrock Runtime API actions | bedrock-runtime |
| Agents for Amazon Bedrock Build-time API actions | bedrock-agent |
| Agents for Amazon Bedrock Runtime API actions | bedrock-agent-runtime |
Availability Zones
Amazon Bedrock and Agents for Amazon Bedrock endpoints are available in multiple Availability Zones.
Create an interface endpoint for Amazon Bedrock
You can create an interface endpoint for Amazon Bedrock using either the Amazon VPC console or the AWS Command Line Interface (AWS CLI). For more information, see Create an interface endpoint in the AWS PrivateLink Guide.
Create an interface endpoint for Amazon Bedrock using any of the following service names:
-
com.amazonaws.region.bedrock -
com.amazonaws.region.bedrock-runtime -
com.amazonaws.region.bedrock-agent -
com.amazonaws.region.bedrock-agent-runtime
After you create the endpoint, you have the option to enable a private DNS hostname. Enable this setting by selecting Enable Private DNS Name in the VPC console when you create the VPC endpoint.
If you enable private DNS for the interface endpoint, you can make API requests to Amazon Bedrock using its default Regional DNS name. The following examples show the format of the default Regional DNS names.
-
bedrock.region.amazonaws.com -
bedrock-runtime.region.amazonaws.com -
bedrock-agent.region.amazonaws.com -
bedrock-agent-runtime.region.amazonaws.com
Create an endpoint policy for your interface endpoint
An endpoint policy is an IAM resource that you can attach to an interface endpoint. The default endpoint policy allows full access to Amazon Bedrock through the interface endpoint. To control the access allowed to Amazon Bedrock from your VPC, attach a custom endpoint policy to the interface endpoint.
An endpoint policy specifies the following information:
-
The principals that can perform actions (AWS accounts, IAM users, and IAM roles).
-
The actions that can be performed.
-
The resources on which the actions can be performed.
For more information, see Control access to services using endpoint policies in the AWS PrivateLink Guide.
Example: VPC endpoint policy for Amazon Bedrock actions
The following is an example of a custom endpoint policy. When you attach this resource-based policy to your interface endpoint, it grants access to the listed Amazon Bedrock actions for all principals on all resources.
{ "Version": "2012-10-17", "Statement": [ { "Principal": "*", "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Resource":"*" } ] }
