Security and Governance Best Practices for Self-Hosted AI/ML

This conformance pack is intended to provide a baseline of security configurations for self-hosted AI/ML workloads (inclusive of AI, ML, generative AI, agentic AI, and physical AI) running on AWS compute, storage, and networking infrastructure. Expected to be deployed in conjunction with the Security and Governance Best Practices for AI/ML Supporting Infrastructure conformance pack. For a list of all managed rules supported by AWS Config, see List of AWS Config Managed Rules.

See the Parameters section in the following template for the names and descriptions of the required parameters.

The template is available on GitHub: Security and Governance Best Practices for Self-Hosted AI/ML.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Security and Governance Best Practices for Amazon SageMaker AI

Example Templates with Remediation Action