Identity & Access Management
IAM policies, least-privilege access, cross-service security, and privilege escalation prevention for Bedrock.
Authoritative Sources
Key guidance documents from authoritative organizations. Click to view the original source.
Amazon Bedrock follows the AWS shared responsibility model, outlining security of the cloud vs. security in the cloud. The security guidance covers data protection, IAM configuration, incident response, resilience, and monitoring topics for Bedrock workloads.
Configuration Examples(5)
Kwatra & Kaushik (Packt, 2024) present an IAM governance checklist for Bedrock: audit access patterns with CloudTrail and IAM Access Analyzer, implement ABAC using resource tags (e.g., Env:Dev), enforce permissions boundaries, restrict models via SCPs at the Organizations level, establish user lifecycle policies to prevent permissions creep, and build a job-role matrix mapping roles to Bedrock actions like InvokeModel and ListFoundationModels.
With iam:PassRole, bedrock-agentcore:CreateCodeInterpreter, and bedrock-agentcore:InvokeCodeInterpreter permissions, an adversary can create and invoke a Bedrock AgentCore code interpreter with a more privileged role, executing arbitrary code with that role's permissions to escalate to administrator privileges.
Customer Configuration Responsibilities
Configuration tasks the customer owns in the shared responsibility model. Use the verification commands below to validate settings.
1. Identity and Access Management (IAM)
Control who can access Bedrock resources and ensure privileged access is constrained.
IAM policies for Bedrock actions
Create and attach identity-based policies that restrict Bedrock actions to the minimum required.
Service roles for Bedrock access
Create roles that Bedrock can assume to access S3, KMS, or other resources on your behalf.
Least privilege access
Use IAM Identity Center or IAM to grant only necessary permissions per user or role.
Multi-factor authentication (MFA)
Enforce MFA for privileged and console access.
Temporary credentials
Prefer short-lived credentials via AWS STS over long-term access keys.
Condition keys and ABAC
Use tag-based conditions and attribute-based access control to scope access.
Restrict iam:PassRole for Bedrock AgentCore
Prevent privilege escalation by restricting iam:PassRole combined with bedrock-agentcore:CreateCodeInterpreter and bedrock-agentcore:InvokeCodeInterpreter. An adversary with these permissions can execute arbitrary code under a passed role.
8. Cross-Service Security
Protect against confused deputy issues and over-privileged roles.
Confused deputy prevention
Use aws:SourceAccount and aws:SourceArn in trust policies.
Service role permissions
Scope permissions for Bedrock-assumed roles to least privilege.
Verification Commands
Commands and queries for testing and verifying security configurations.
IAM & Access
8 commandsaws iam list-roles --query "Roles[?contains(RoleName, `Bedrock`)].RoleName" --output tableaws iam get-role --role-name ROLE_NAME --query "Role.AssumeRolePolicyDocument"aws iam list-attached-role-policies --role-name ROLE_NAMEaws iam list-role-policies --role-name ROLE_NAMEaws iam get-account-summary --query "SummaryMap.AccountMFAEnabled"aws iam generate-credential-report && sleep 3 && aws iam get-credential-report --query Content --output text | base64 -d | awk -F, "NR>1 && $4==\"true\" && $8==\"false\" {print $1}"aws iam list-role-tags --role-name ROLE_NAMEaws sts get-caller-identity