AWS bedrock documentation change
Summary
Updated permissions documentation for guardrails: clarified invocation permissions, added KMS key management details, removed section about enforcing guardrails in inference requests
Security assessment
Added documentation about KMS key permissions for guardrail encryption, which is a security feature. Removed section about guardrail enforcement policies without explicit security context - could be documentation restructuring rather than addressing a vulnerability.
Diff
diff --git a/bedrock/latest/userguide/guardrails-permissions.md b/bedrock/latest/userguide/guardrails-permissions.md index a979e5b21..ccb0d727e 100644 --- a/bedrock/latest/userguide/guardrails-permissions.md +++ b/bedrock/latest/userguide/guardrails-permissions.md @@ -5 +5 @@ -Permissions to create and manage guardrails for the policy rolePermissions for invoking guardrails to filter content(Optional) Create a customer managed key for your guardrail for additional securityEnforce the use of specific guardrails in model inference requests +Permissions to create and manage guardrails for the policy rolePermissions you need to invoke guardrails to filter content(Optional) Create a customer managed key for your guardrail for additional security @@ -11 +11,10 @@ To set up a role with permissions for guardrails, create an IAM role and attach -If you're using guardrails with an agent, attach the permissions to a service role with permissions to create and manage agents. You can set up this role in the console or create a custom role by following the steps at [Create a service role for Amazon Bedrock Agents](./agents-permissions.html). +If you are using guardrails with an agent, attach the permissions to a service role with permissions to create and manage agents. You can set up this role in the console or create a custom role by following the steps at [Create a service role for Amazon Bedrock Agents](./agents-permissions.html). + + * Permissions to invoke guardrails with foundation models + + * Permissions to create and manage guardrails + + * (Optional) Permissions to decrypt your customer-managed AWS KMS key for the guardrail + + + @@ -37 +46 @@ Append the following statement to the `Statement` field in the policy for your r -## Permissions for invoking guardrails to filter content +## Permissions you need to invoke guardrails to filter content @@ -73 +82 @@ Any user with `CreateKey` permissions can create customer managed keys using eit - 1. Follow the steps at [Creating a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) to create a resource-based policy for your KMS key. Add the following policy statements to grant permissions to guardrails users and guardrails creators. Replace each ``role`` with the role that you want to allow to carry out the specified actions. + 1. Follow the steps at [Creating a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) to create a resource-based policy for your KMS key. Add the following policy statements to grant permissions to guardrails users and guardrails creators. Replace each `role` with the role that you want to allow to carry out the specified actions. @@ -104 +113 @@ Any user with `CreateKey` permissions can create customer managed keys using eit - 2. Attach the following identity-based policy to a role to allow it to create and manage guardrails. Replace the ``key-id`` with the ID of the KMS key that you created. + 2. Attach the following identity-based policy to a role to allow it to create and manage guardrails. Replace the `key-id` with the ID of the KMS key that you created. @@ -123 +132 @@ Any user with `CreateKey` permissions can create customer managed keys using eit - 3. Attach the following identity-based policy to a role to allow it to use the guardrail you encrypted during model inference or while invoking an agent. Replace the ``key-id`` with the ID of the KMS key that you created. + 3. Attach the following identity-based policy to a role to allow it to use the guardrail you encrypted during model inference or while invoking an agent. Replace the `key-id` with the ID of the KMS key that you created. @@ -142,310 +150,0 @@ Any user with `CreateKey` permissions can create customer managed keys using eit -## Enforce the use of specific guardrails in model inference requests - -You can enforce the use of a specific guardrail for model inference by including the `bedrock:GuardrailIdentifier` condition key in your IAM policy. This allows you to deny any inference API request that doesn't include the guardrail configured in your IAM policy. - -You can apply this enforcement for the following inference APIs: - - * [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) - - * [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html) - - * [InvokeModel](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html) - - * [InvokeModelWithResponseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModelWithResponseStream.html) - - - - -The following examples are some ways in which you can using the `bedrock:GuardrailIdentifier` condition key. - -**Example 1: Enforce the use of a specific guardrail and its numeric version** - - -Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and its numeric version 1 during model inference. - -The explicit deny keeps the user request from calling the listed actions with any other `GuardrailIdentifier` and guardrail version no matter what other permissions the user might have. - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "InvokeFoundationModelStatement1", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:1" - } - } - }, - { - "Sid": "InvokeFoundationModelStatement2", - "Effect": "Deny", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringNotEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:1" - } - } - }, - { - "Sid": "ApplyGuardrail", - "Effect": "Allow", - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Resource": [ - "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - ] - } - ] - } - -**Example 2: Enforce the use of a specific guardrail and its DRAFT version** - - -Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and its DRAFT version during model inference. - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "InvokeFoundationModelStatement1", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - } - } - }, - { - "Sid": "InvokeFoundationModelStatement2", - "Effect": "Deny", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringNotEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - } - } - }, - { - "Sid": "ApplyGuardrail", - "Effect": "Allow", - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Resource": [ - "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - ] - } - ] - } - -**Example 3: Enforce the use of a specific guardrail and any of its numeric versions** - - -Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and any of its numeric versions during model inference. - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "InvokeFoundationModelStatement1", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringLike": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:*" - } - } - }, - { - "Sid": "InvokeFoundationModelStatement2", - "Effect": "Deny", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringNotLike": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:*" - } - } - }, - {