AWS wellarchitected medium security documentation change
Summary
Updated guidance on implementing least privilege for AI agents, emphasizing permission boundaries across models and policy documentation. Changed terminology from 'prevent' to 'stop/reduce' and updated section headers.
Security assessment
The changes reinforce security best practices for limiting AI agent permissions (OWASP Top 10 concern). Specific security additions include: 1) Explicit instruction to share permission boundaries across models 2) Requirement to document permissions in organizational AI policies 3) Strengthened separation of duties guidance. These directly address excessive agency risks in LLM implementations.
Diff
diff --git a/wellarchitected/latest/generative-ai-lens/gensec05-bp01.md b/wellarchitected/latest/generative-ai-lens/gensec05-bp01.md index ab89cd72f..65de89e17 100644 --- a//wellarchitected/latest/generative-ai-lens/gensec05-bp01.md +++ b//wellarchitected/latest/generative-ai-lens/gensec05-bp01.md @@ -9 +9 @@ Implementation guidanceResources -Implementing least privilege and permissions bounded agents limits the scope of agentic workflows and helps prevent them from taking actions beyond their intended purpose on behalf of the user. This best practice describes how to reduce the risk of excessive agency. +Implementing least privilege and permissions bounded agents limits the scope of agentic workflows and helps stop them from taking actions beyond their intended purpose on behalf of the user. This best practice describes how to reduce the risk of excessive agency. @@ -28 +28 @@ Agents are designed to automate processes or call external functions using the r -Consider developing permissions boundaries on foundation model requests and agentic workflows. For individual prompts to a foundation model, the permission boundary for the role making the model request should only provide access to the systems, guardrails, and data sources necessary to generate a response. This is also true for agentic workflows. In Amazon Bedrock, agents have execution roles. Amazon Bedrock Flows have service roles. The roles attached to agents and prompt flows should be developed with least privilege access principles in mind. This is especially true concerning roles that facilitate access to data sources like Amazon Kendra or compute resources like AWS Lambda functions. +Consider developing permissions boundaries on foundation model requests and agentic workflows. For individual prompts to a foundation model, the permission boundary for the role making the model request should only provide access to the systems, guardrails, and data sources necessary to generate a response. This is also true for agentic workflows. In Amazon Bedrock, agents have execution roles. Amazon Bedrock Flows have service roles. The roles attached to agents and prompt flows should be developed with least privilege access principles in mind. This is especially true concerning roles that facilitate access to data sources like Amazon Kendra or compute resources like AWS Lambda functions. Permission boundaries and least privilege access for an agent should be shared across models, particularly where multiple models or agents are servicing a prompt. @@ -30 +30 @@ Consider developing permissions boundaries on foundation model requests and agen -Additionally, consider creating developer roles specific to the tasks being conducted. For example, consider creating separate IAM roles for the prompt engineer creating an agentic workflow and the security engineer creating the agent workflows IAM service role. Create a logical separation of duties to help to prevent excessive agency for resources. Additionally, consider defining permission boundaries for roles. A permission boundary sets the maximum permissions which can be given to a role. These techniques can be implemented at the account level. A combination of these techniques may be the best approach, depending on your environment's specific implementation needs. +Additionally, consider creating developer roles specific to the tasks being conducted. For example, consider creating separate IAM roles for the prompt engineer creating an agentic workflow and the security engineer creating the agent workflows IAM service role. Create a logical separation of duties to help to reduce excessive agency for resources. Additionally, consider defining permission boundaries for roles. A permission boundary sets the maximum permissions which can be given to a role. These techniques can be implemented at the account level. A combination of these techniques may be the best approach, depending on your environment's specific implementation needs. Define permission boundaries and policy documents like this in your organization’s AI policy document, with clear instructions on how to modify these as workload requirements change. @@ -59 +59 @@ Additionally, consider creating developer roles specific to the tasks being cond -**Related practices:** +**Related best practices:** @@ -74 +74 @@ Additionally, consider creating developer roles specific to the tasks being cond -**Related guides, videos, and documentation:** +**Related documents:**