Summary
AWS Bedrock Agent Registry is a new service (currently in preview) that provides a centralized registry for Bedrock Agents. As the service becomes generally available, this framework should include a dedicated security assessment module for it.
Proposed Checks (non-exhaustive)
- Registry access controls and IAM policies
- Agent versioning and aliasing security configuration
- Cross-account agent sharing permissions
- Audit logging enablement for registry operations
- Encryption configuration for registry metadata
Files Likely Touched
- New directory:
aiml-security-assessment/functions/security/agent_registry_assessments/ (following the pattern of existing assessors like agentcore_assessments/)
aiml-security-assessment/template.yaml — add new Lambda function resource and IAM permissions
aiml-security-assessment/statemachine/ — add parallel execution step for agent registry assessor
docs/SECURITY_CHECKS.md — add new Agent Registry section
Acceptance Criteria
Notes
This is a preview-phase service — implementation should track API stability. A draft PR to discuss the check design is welcome before the API is finalized. Follow DEVELOPER_GUIDE.md for the module pattern.
Summary
AWS Bedrock Agent Registry is a new service (currently in preview) that provides a centralized registry for Bedrock Agents. As the service becomes generally available, this framework should include a dedicated security assessment module for it.
Proposed Checks (non-exhaustive)
Files Likely Touched
aiml-security-assessment/functions/security/agent_registry_assessments/(following the pattern of existing assessors likeagentcore_assessments/)aiml-security-assessment/template.yaml— add new Lambda function resource and IAM permissionsaiml-security-assessment/statemachine/— add parallel execution step for agent registry assessordocs/SECURITY_CHECKS.md— add new Agent Registry sectionAcceptance Criteria
agent_registry_assessmentsLambda following the existing module structure inDEVELOPER_GUIDE.mddocs/SECURITY_CHECKS.mdNotes
This is a preview-phase service — implementation should track API stability. A draft PR to discuss the check design is welcome before the API is finalized. Follow DEVELOPER_GUIDE.md for the module pattern.