>myctrl.tools
Preferences
Under active development Content is continuously updated and improved

Amazon Bedrock

by Amazon Web Services, Inc.

Fully managed foundation model platform with a unified API, agents, knowledge bases, and guardrails

Official Docs

Under Construction: This guidance is being actively developed and verified. Content may change.

Overview

Vendor
What is Amazon Bedrock?

Amazon Bedrock is a fully managed service that provides foundation models from leading AI companies and Amazon through a unified API. It supports building generative AI applications with security, privacy, and responsible AI capabilities, including model evaluation, RAG with knowledge bases, agents, and guardrails. Bedrock offers a serverless experience for experimentation, customization, and deployment without managing infrastructure.

View source
Vendor
Does Amazon Bedrock share data with model providers or use it for training?

Amazon Bedrock does not store customer input or output data, share data with third-party model providers, or use it to train models. Model invocations stay within the AWS network using dedicated deployment accounts that model providers cannot access.

View source
Vendor
AWS CLI Command Reference: Bedrock

AWS CLI references for all Bedrock service namespaces: control-plane operations (models, guardrails, customization, logging), agent management (agents, action groups, prompts, knowledge bases), agent runtime (invoke agents, sessions, KB queries), and inference runtime (invoke models, apply guardrails, async invocations).

View sourcebedrock-agentbedrock-agent-runtimebedrock-runtime

Security Topics

Detailed guidance organized by security domain. Each topic includes authoritative sources, configuration responsibilities, and verification commands.

Identity & Access Management

IAM policies, least-privilege access, cross-service security, and privilege escalation prevention for Bedrock.

3 sources 9 responsibilities 8 commands

Data Encryption & KMS

KMS key management, encryption at rest and in transit, and S3 bucket security for Bedrock data.

1 source 11 responsibilities 6 commands

Network Security

VPC endpoints, PrivateLink configuration, and network architecture for private Bedrock access.

1 source 7 responsibilities 5 commands

Guardrails & Responsible AI

Content filtering, PII detection, prompt injection protection, and responsible AI practices.

2 sources 14 responsibilities 3 commands

Logging, Monitoring & Compliance

CloudWatch logging, Config Rules, threat detection, incident response, and compliance configuration.

1 source 11 responsibilities 7 commands

Agents & Knowledge Bases

Bedrock Agents, Knowledge Bases, runtime sessions, and model evaluation commands.

2 sources 14 commands

Related Controls

Security controls from various frameworks that relate to Amazon Bedrock.

NIST AI RMF 5 controls
GOVERN-1.2 MAP-2.1 MEASURE-2.1 MEASURE-2.4 MANAGE-2.2
NIST SP 800-53 17 controls
AC-3 AC-6 AU-2 AU-6 AU-9 AU-12 IA-2 IA-5 IR-4 IR-6 RA-5 SC-7 SC-12 SC-13 SC-28 SI-2 SI-4
CIS Controls 9 controls
4.1 4.2 6.1 8.2 8.5 12.1 13.1 13.2 16.7

Related Technologies

AWS