AWS bedrock medium security documentation change
Summary
Removed section about creating customer managed keys (CMK) for guardrail encryption and deleted all examples/policies for enforcing specific guardrails in model inference requests. Added new section headers about supported regions and encrypting guardrails.
Security assessment
The removed CMK section provided security guidance for encrypting guardrails with customer-managed keys, a security best practice. The deleted enforcement policies demonstrated critical access controls to restrict model inference to approved guardrails. Removing these security controls documentation could lead to misconfigurations. However, there's no explicit evidence of addressing a specific vulnerability.
Diff
diff --git a/bedrock/latest/userguide/guardrails-permissions.md b/bedrock/latest/userguide/guardrails-permissions.md index a979e5b21..2ff520641 100644 --- a//bedrock/latest/userguide/guardrails-permissions.md +++ b//bedrock/latest/userguide/guardrails-permissions.md @@ -5 +5 @@ -Permissions to create and manage guardrails for the policy rolePermissions for invoking guardrails to filter content(Optional) Create a customer managed key for your guardrail for additional securityEnforce the use of specific guardrails in model inference requests +Permissions to create and manage guardrails for the policy rolePermissions for invoking guardrails to filter content @@ -69,383 +68,0 @@ Append the following statement to the `Statement` field in the policy for the ro -## (Optional) Create a customer managed key for your guardrail for additional security - -Any user with `CreateKey` permissions can create customer managed keys using either the AWS Key Management Service (AWS KMS) console or the [CreateKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html) operation. Make sure to create a symmetric encryption key. After you create your key, set up the following permissions. - - 1. Follow the steps at [Creating a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) to create a resource-based policy for your KMS key. Add the following policy statements to grant permissions to guardrails users and guardrails creators. Replace each ``role`` with the role that you want to allow to carry out the specified actions. - - { - "Version": "2012-10-17", - "Id": "KMS Key Policy", - "Statement": [ - { - "Sid": "PermissionsForGuardrailsCreators", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::account-id:user/role" - }, - "Action": [ - "kms:Decrypt", - "kms:GenerateDataKey", - "kms:DescribeKey", - "kms:CreateGrant" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForGuardrailsUusers", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::account-id:user/role" - }, - "Action": "kms:Decrypt", - "Resource": "*" - } - } - - 2. Attach the following identity-based policy to a role to allow it to create and manage guardrails. Replace the ``key-id`` with the ID of the KMS key that you created. - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Allow role to create and manage guardrails", - "Effect": "Allow", - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey" - "kms:CreateGrant" - ], - "Resource": "arn:aws:kms:region:account-id:key/key-id" - } - ] - } - - 3. Attach the following identity-based policy to a role to allow it to use the guardrail you encrypted during model inference or while invoking an agent. Replace the ``key-id`` with the ID of the KMS key that you created. - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Allow role to use an encrypted guardrail during model inference", - "Effect": "Allow", - "Action": [ - "kms:Decrypt", - ], - "Resource": "arn:aws:kms:region:account-id:key/key-id" - } - ] - } - - - - -## Enforce the use of specific guardrails in model inference requests - -You can enforce the use of a specific guardrail for model inference by including the `bedrock:GuardrailIdentifier` condition key in your IAM policy. This allows you to deny any inference API request that doesn't include the guardrail configured in your IAM policy. - -You can apply this enforcement for the following inference APIs: - - * [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) - - * [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html) - - * [InvokeModel](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html) - - * [InvokeModelWithResponseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModelWithResponseStream.html) - - - - -The following examples are some ways in which you can using the `bedrock:GuardrailIdentifier` condition key. - -**Example 1: Enforce the use of a specific guardrail and its numeric version** - - -Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and its numeric version 1 during model inference. - -The explicit deny keeps the user request from calling the listed actions with any other `GuardrailIdentifier` and guardrail version no matter what other permissions the user might have. - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "InvokeFoundationModelStatement1", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:1" - } - } - }, - { - "Sid": "InvokeFoundationModelStatement2", - "Effect": "Deny", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringNotEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id:1" - } - } - }, - { - "Sid": "ApplyGuardrail", - "Effect": "Allow", - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Resource": [ - "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - ] - } - ] - } - -**Example 2: Enforce the use of a specific guardrail and its DRAFT version** - - -Use the following policy to enforce the use of a specific guardrail (``guardrail-id``) and its DRAFT version during model inference. - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "InvokeFoundationModelStatement1", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - } - } - }, - { - "Sid": "InvokeFoundationModelStatement2", - "Effect": "Deny", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:region::foundation-model/*" - ], - "Condition": { - "StringNotEquals": { - "bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account-id:guardrail/guardrail-id" - } - } - }, - { - "Sid": "ApplyGuardrail", - "Effect": "Allow", - "Action": [ - "bedrock:ApplyGuardrail"