AWS Security ChangesHomeSearch

AWS bedrock documentation change

Service: bedrock · 2025-08-19 · Documentation low

File: bedrock/latest/userguide/model-access-permissions.md

Summary

Restructured documentation about IAM permissions for Amazon Bedrock model access, added detailed policy examples for granting/restricting access, and introduced new sections about regional controls and post-access restrictions

Security assessment

The changes enhance documentation about security controls (IAM policies) for model access management but do not indicate a specific security vulnerability being addressed. Added examples show how to restrict access using product IDs, regions, and model ARNs which are security features.

Diff

diff --git a/bedrock/latest/userguide/model-access-permissions.md b/bedrock/latest/userguide/model-access-permissions.md
index 6304ebee0..0549e439f 100644
--- a//bedrock/latest/userguide/model-access-permissions.md
+++ b//bedrock/latest/userguide/model-access-permissions.md
@@ -5 +5 @@
-# Grant IAM permissions to request access to Amazon Bedrock foundation models
+Allow an identity to request access to a specific modelPrevent an identity from requesting access to a model with a product IDPrevent an identity from requesting access to models in specific RegionsPrevent an identity from using a model after access has already been granted
@@ -7 +7 @@
-Before you can request access, or modify access, to Amazon Bedrock foundation models, you need to attach an identity-based IAM policy with the following [AWS Marketplace actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmarketplace.html#awsmarketplace-actions-as-permissions) to the IAM role that allows access to Amazon Bedrock:
+# Grant IAM permissions to request access to Amazon Bedrock foundation models
@@ -9 +9 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
-  * `aws-marketplace:Subscribe`
+Access to Amazon Bedrock serverless foundation models is controlled by the following IAM actions:
@@ -11 +11,6 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
-  * `aws-marketplace:Unsubscribe`
+IAM action | Description | Applies to which models  
+---|---|---  
+bedrock:PutFoundationModelEntitlement | Allows an IAM identity to request access to Amazon Bedrock serverless foundation models. | All Amazon Bedrock serverless models  
+aws-marketplace:Subscribe |  Allows an IAM entity to subscribe to AWS Marketplace products, including Amazon Bedrock foundation models. | Only Amazon Bedrock serverless models that have a product ID in AWS Marketplace.  
+aws-marketplace:Unsubscribe | Allows an IAM identity to unsubscribe from AWS Marketplace products, including Amazon Bedrock foundation models. | Only Amazon Bedrock serverless models that have a product ID in AWS Marketplace.  
+aws-marketplace:ViewSubscriptions | Allows an IAM identity to return a list of AWS Marketplace products, including Amazon Bedrock foundation models. | Only Amazon Bedrock serverless models that have a product ID in AWS Marketplace.  
@@ -13 +18 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
-  * `aws-marketplace:ViewSubscriptions`
+###### Note
@@ -14,0 +20 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
+For the `aws-marketplace:Subscribe` action only, you can use the `aws-marketplace:ProductId` [condition key](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmarketplace.html#awsmarketplace-policy-keys) to restrict subscription to specific models.
@@ -15,0 +22 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
+###### For an IAM identity to request access to models
@@ -16,0 +24 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
+The identity must have a policy attached that allows the following actions:
@@ -18 +26 @@ Before you can request access, or modify access, to Amazon Bedrock foundation mo
-For information creating the policy, see [I already have an AWS account](./getting-started.html#getting-started-bedrock-role).
+  * `bedrock:PutFoundationModelEntitlement`
@@ -20 +28 @@ For information creating the policy, see [I already have an AWS account](./getti
-For the `aws-marketplace:Subscribe` action only, you can use the `aws-marketplace:ProductId` [condition key](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmarketplace.html#awsmarketplace-policy-keys) to restrict subscription to specific models.
+  * `aws-marketplace:Subscribe` (only if the model has a product ID)
@@ -24 +32,12 @@ For the `aws-marketplace:Subscribe` action only, you can use the `aws-marketplac
-Models from the following providers don't have product keys, so you can't remove request access from them:
+If an identity has already subscribed to a model in one AWS Region, the model becomes available for the identity to request access in all AWS Regions in which the model is available, even if `aws-marketplace:Subscribe` is denied for other Regions.
+
+To prevent subscription to all models in specific Regions, use the `bedrock:PutFoundationModelEntitlement` action. For an example, see Prevent an identity from requesting access to models in specific Regions.
+
+
+
+
+Select a section to see IAM policy examples for a specific use case:
+
+###### Topics
+
+  * Allow an identity to request access to a specific model
@@ -26 +45 @@ Models from the following providers don't have product keys, so you can't remove
-  * Amazon
+  * Prevent an identity from requesting access to a model with a product ID
@@ -28 +47 @@ Models from the following providers don't have product keys, so you can't remove
-  * DeepSeek
+  * Prevent an identity from requesting access to models in specific Regions
@@ -30 +49 @@ Models from the following providers don't have product keys, so you can't remove
-  * Mistral AI
+  * Prevent an identity from using a model after access has already been granted
@@ -32 +50,0 @@ Models from the following providers don't have product keys, so you can't remove
-  * Meta
@@ -35,0 +54 @@ Models from the following providers don't have product keys, so you can't remove
+## Allow an identity to request access to a specific model
@@ -37 +56 @@ Models from the following providers don't have product keys, so you can't remove
-You can prevent users from making inference calls to these models by using an IAM policy and specifying the model ID. For more information, see [Deny access for inference of foundation models](./security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-deny-inference).
+For an IAM entity to request access to a model, it must minimally have the following permissions:
@@ -39 +58 @@ You can prevent users from making inference calls to these models by using an IA
-The following table lists product IDs for Amazon Bedrock foundation models:
+  * `bedrock:PutFoundationModelEntitlement` – The `Resource` field must be `*`.
@@ -41,30 +60 @@ The following table lists product IDs for Amazon Bedrock foundation models:
-Model | Product ID  
----|---  
-AI21 Labs Jurassic-2 Mid | 1d288c71-65f9-489a-a3e2-9c7f4f6e6a85  
-AI21 Labs Jurassic-2 Ultra | cc0bdd50-279a-40d8-829c-4009b77a1fcc  
-AI21 Jamba-Instruct | prod-dr2vpvd4k73aq  
-AI21 Labs Jamba 1.5 Large | prod-evcp4w4lurj26  
-AI21 Labs Jamba 1.5 Mini | prod-ggrzjm65qmjhm  
-Anthropic Claude | c468b48a-84df-43a4-8c46-8870630108a7  
-Anthropic Claude Instant | b0eb9475-3a2c-43d1-94d3-56756fd43737  
-Anthropic Claude 3 Sonnet | prod-6dw3qvchef7zy  
-Anthropic Claude 3.5 Sonnet | prod-m5ilt4siql27k  
-Anthropic Claude 3.5 Sonnet v2 | prod-cx7ovbu5wex7g  
-Anthropic Claude 3.7 Sonnet | prod-4dlfvry4v5hbi  
-Anthropic Claude Sonnet 4 | prod-4pmewlybdftbs  
-Anthropic Claude 3 Haiku | prod-ozonys2hmmpeu  
-Anthropic Claude 3.5 Haiku | prod-5oba7y7jpji56  
-Anthropic Claude 3 Opus | prod-fm3feywmwerog  
-Anthropic Claude Opus 4 | prod-azycxvnd5mhqi  
-Anthropic Claude Opus 4.1 | prod-w3q2d6rfge4tw  
-Cohere Command | a61c46fe-1747-41aa-9af0-2e0ae8a9ce05  
-Cohere Command Light | 216b69fd-07d5-4c7b-866b-936456d68311  
-Cohere Command R | prod-tukx4z3hrewle  
-Cohere Command R+ | prod-nb4wqmplze2pm  
-Cohere Embed (English) | b7568428-a1ab-46d8-bab3-37def50f6f6a  
-Cohere Embed (Multilingual) | 38e55671-c3fe-4a44-9783-3584906e7cad  
-Cohere Rerank 3.5 | prod-2o5bej62oxkbi  
-Stable Image Core 1.0 | prod-eacdrmv7zfc5e  
-Stable Diffusion 3 Large 1.0 | prod-cqfmszl26sxu4  
-Stable Image Ultra 1.0 | prod-7boen2z2wnxrg  
-Stability 3.5 Large 1.0 | prodview-ajc3gw4mjy7my  
+  * (If the model has a product ID) `aws-marketplace:Subscribe` – The `Resource` field must be `*`. You can use the `aws-marketplace:ProductId` condition key to scope subscription to specific models.
@@ -72 +61,0 @@ Stability 3.5 Large 1.0 | prodview-ajc3gw4mjy7my
-The following identity-based IAM policy shows an example:
@@ -74 +62,0 @@ The following identity-based IAM policy shows an example:
-JSON
@@ -77 +65,3 @@ JSON
-****
+###### Note
+
+After an IAM identity has already requested access to a model in one AWS Region, they only need permissions for the `bedrock:PutFoundationModelEntitlement` action to request access to the model in other Regions. The `aws-marketplace:Subscribe` action is no longer necessary.
@@ -78,0 +69 @@ JSON
+For example, you can attach the following policy to an identity to allow it to subscribe to the Anthropic Claude 3.5 Sonnet model for the first time:
@@ -91,4 +82 @@ JSON
-                    "Null": {
-                        "aws-marketplace:ProductId": "false"
-                    },
-                    "ForAllValues:StringEquals": {
+                    "ForAnyValue:StringEquals": {
@@ -96,2 +84 @@ JSON
-                            "model-product-id-1",
-                            "model-product-id-2"
+                            "prod-m5ilt4siql27k"
@@ -101,0 +89,40 @@ JSON
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "bedrock:PutFoundationModelEntitlement"
+                ],
+                "Resource": "*"
+            }
+        ]
+    }
+
+###### Note
+
+This policy is scalable, because you can incrementally add access to models with the product ID condition key as necessary.
+
+For models that don't have a product ID, such as Amazon Nova Micro, or if the model has already been subscribed to in one Region, a policy with only the following statement suffices:
+    
+    
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "bedrock:PutFoundationModelEntitlement"
+                ],
+                "Resource": "*"
+            }
+        ]
+    }
+
+## Prevent an identity from requesting access to a model with a product ID
+
+To prevent an IAM entity from requesting access to a specific model that has a product ID, attach an IAM policy to the user that denies the `aws-marketplace:Subscribe` action and scope the `Condition` field to the product ID of the model.
+
+For example, you can attach the following policy to an identity to prevent it from subscribing to the Anthropic Claude 3.5 Sonnet model:
+    
+    
+    {
+        "Version": "2012-10-17",
+        "Statement": [
@@ -105,2 +132,41 @@ JSON
-                    "aws-marketplace:Unsubscribe",
-                    "aws-marketplace:ViewSubscriptions"
+                    "aws-marketplace:Subscribe"
+                ],
+                "Resource": "*",
+                "Condition": {
+                    "ForAnyValue:StringEquals": {
+                        "aws-marketplace:ProductId": [
+                            "prod-m5ilt4siql27k"
+                        ]
+                    }
+                }
+            }
+        ]
+    }
+
+###### Note
+
+With this policy, the IAM entity will have access to any newly added models by default.
+
+If the identity has already subscribed to the model in at least one Region, this policy doesn't prevent access in other Regions. Instead, you can try one of the following examples:
+
+  * To completely prevent subscription to models in other Regions, see the example in **Prevent an identity from requesting access to models in specific Regions**.
+
+  * To prevent usage of a model, see the example in **Prevent an identity from using a model after access has already been granted**.
+
+
+
+
+## Prevent an identity from requesting access to models in specific Regions
+
+If an IAM identity has already requested access to a model in one Region, you can control access to model subscription in other Regions by including the `bedrock:PutFoundationModelEntitlement` action in a statement and using the global `aws:RequestedRegion` condition key.
+
+For example, you could attach the following policy to an IAM identity to only allow it to request access to models in US Regions:
+    
+