AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2025-03-19 · Documentation low

File: bedrock/latest/userguide/guardrails-permissions.md

Summary

Updated permissions documentation for guardrails: clarified invocation permissions, added KMS key management details, removed section about enforcing guardrails in inference requests

Security assessment

Added documentation about KMS key permissions for guardrail encryption, which is a security feature. Removed section about guardrail enforcement policies without explicit security context - could be documentation restructuring rather than addressing a vulnerability.

Diff

diff --git a/bedrock/latest/userguide/guardrails-permissions.md b/bedrock/latest/userguide/guardrails-permissions.md
index a979e5b21..ccb0d727e 100644
--- a/bedrock/latest/userguide/guardrails-permissions.md
+++ b/bedrock/latest/userguide/guardrails-permissions.md
@@ -5 +5 @@
-Permissions to create and manage guardrails for the policy rolePermissions for invoking guardrails to filter content(Optional) Create a customer managed key for your guardrail for additional securityEnforce the use of specific guardrails in model inference requests
+Permissions to create and manage guardrails for the policy rolePermissions you need to invoke guardrails to filter content(Optional) Create a customer managed key for your guardrail for additional security
@@ -11 +11,10 @@ To set up a role with permissions for guardrails, create an IAM role and attach
-If you're using guardrails with an agent, attach the permissions to a service role with permissions to create and manage agents. You can set up this role in the console or create a custom role by following the steps at [Create a service role for Amazon Bedrock Agents](./agents-permissions.html).
+If you are using guardrails with an agent, attach the permissions to a service role with permissions to create and manage agents. You can set up this role in the console or create a custom role by following the steps at [Create a service role for Amazon Bedrock Agents](./agents-permissions.html).
+
+  * Permissions to invoke guardrails with foundation models
+
+  * Permissions to create and manage guardrails
+
+  * (Optional) Permissions to decrypt your customer-managed AWS KMS key for the guardrail
+
+
+
@@ -37 +46 @@ Append the following statement to the `Statement` field in the policy for your r
-## Permissions for invoking guardrails to filter content
+## Permissions you need to invoke guardrails to filter content
@@ -73 +82 @@ Any user with `CreateKey` permissions can create customer managed keys using eit
-  1. Follow the steps at [Creating a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) to create a resource-based policy for your KMS key. Add the following policy statements to grant permissions to guardrails users and guardrails creators. Replace each ``role`` with the role that you want to allow to carry out the specified actions.
+  1. Follow the steps at [Creating a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) to create a resource-based policy for your KMS key. Add the following policy statements to grant permissions to guardrails users and guardrails creators. Replace each `role` with the role that you want to allow to carry out the specified actions.
@@ -104 +113 @@ Any user with `CreateKey` permissions can create customer managed keys using eit
-  2. Attach the following identity-based policy to a role to allow it to create and manage guardrails. Replace the ``key-id`` with the ID of the KMS key that you created.
+  2. Attach the following identity-based policy to a role to allow it to create and manage guardrails. Replace the `key-id` with the ID of the KMS key that you created.
@@ -123 +132 @@ Any user with `CreateKey` permissions can create customer managed keys using eit
-  3. Attach the following identity-based policy to a role to allow it to use the guardrail you encrypted during model inference or while invoking an agent. Replace the ``key-id`` with the ID of the KMS key that you created.
+  3. Attach the following identity-based policy to a role to allow it to use the guardrail you encrypted during model inference or while invoking an agent. Replace the `key-id` with the ID of the KMS key that you created.
@@ -142,310 +150,0 @@ Any user with `CreateKey` permissions can create customer managed keys using eit
-## Enforce the use of specific guardrails in model inference requests
-
-You can enforce the use of a specific guardrail for model inference by including the `bedrock:GuardrailIdentifier` condition key in your IAM policy. This allows you to deny any inference API request that doesn't include the guardrail configured in your IAM policy.
-
-You can apply this enforcement for the following inference APIs:
-
-  * [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html)
-
-  * [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html)
-
-  * [InvokeModel](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html)
-
-  * [InvokeModelWithResponseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModelWithResponseStream.html)
-
-
-
-
-The following examples are some ways in which you can using the `bedrock:GuardrailIdentifier` condition key.
-
-**Example 1: Enforce the use of a specific guardrail and its numeric version**
-    
-
-Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and its numeric version 1 during model inference.
-
-The explicit deny keeps the user request from calling the listed actions with any other `GuardrailIdentifier` and guardrail version no matter what other permissions the user might have.
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [{
-                "Sid": "InvokeFoundationModelStatement1",
-                "Effect": "Allow",
-                "Action": [
-                    "bedrock:InvokeModel",
-                    "bedrock:InvokeModelWithResponseStream"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region::foundation-model/*"
-                ],
-                "Condition": {
-                    "StringEquals": {
-                        "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:1"
-                    }
-                }
-            },
-            {
-                "Sid": "InvokeFoundationModelStatement2",
-                "Effect": "Deny",
-                "Action": [
-                    "bedrock:InvokeModel",
-                    "bedrock:InvokeModelWithResponseStream"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region::foundation-model/*"
-                ],
-                "Condition": {
-                    "StringNotEquals": {
-                        "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:1"
-                    }
-                }
-            },
-            {
-                "Sid": "ApplyGuardrail",
-                "Effect": "Allow",
-                "Action": [
-                    "bedrock:ApplyGuardrail"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region:account-id:guardrail/guardrail-id"
-                ]
-            }
-        ]
-    }
-
-**Example 2: Enforce the use of a specific guardrail and its DRAFT version**
-    
-
-Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and its DRAFT version during model inference.
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [{
-                "Sid": "InvokeFoundationModelStatement1",
-                "Effect": "Allow",
-                "Action": [
-                    "bedrock:InvokeModel",
-                    "bedrock:InvokeModelWithResponseStream"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region::foundation-model/*"
-                ],
-                "Condition": {
-                    "StringEquals": {
-                        "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id"
-                    }
-                }
-            },
-            {
-                "Sid": "InvokeFoundationModelStatement2",
-                "Effect": "Deny",
-                "Action": [
-                    "bedrock:InvokeModel",
-                    "bedrock:InvokeModelWithResponseStream"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region::foundation-model/*"
-                ],
-                "Condition": {
-                    "StringNotEquals": {
-                        "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id"
-                    }
-                }
-            },
-            {
-                "Sid": "ApplyGuardrail",
-                "Effect": "Allow",
-                "Action": [
-                    "bedrock:ApplyGuardrail"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region:account-id:guardrail/guardrail-id"
-                ]
-            }
-        ]
-    }
-
-**Example 3: Enforce the use of a specific guardrail and any of its numeric versions**
-    
-
-Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and any of its numeric versions during model inference.
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [{
-                "Sid": "InvokeFoundationModelStatement1",
-                "Effect": "Allow",
-                "Action": [
-                    "bedrock:InvokeModel",
-                    "bedrock:InvokeModelWithResponseStream"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region::foundation-model/*"
-                ],
-                "Condition": {
-                    "StringLike": {
-                        "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:*"
-                    }
-                }
-            },
-            {
-                "Sid": "InvokeFoundationModelStatement2",
-                "Effect": "Deny",
-                "Action": [
-                    "bedrock:InvokeModel",
-                    "bedrock:InvokeModelWithResponseStream"
-                ],
-                "Resource": [
-                    "arn:aws:bedrock:region::foundation-model/*"
-                ],
-                "Condition": {
-                    "StringNotLike": {
-                        "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:*"
-                    }
-                }
-            },
-            {