diff --git a/.github/workflows/python-tests.yml b/.github/workflows/python-tests.yml index b5288fc..3484076 100644 --- a/.github/workflows/python-tests.yml +++ b/.github/workflows/python-tests.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ["3.11", "3.12"] + python-version: ["3.12"] steps: - uses: actions/checkout@v4 diff --git a/README.md b/README.md index 302bab3..232fe8c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ *A serverless framework that scans your AWS accounts for AI/ML security misconfigurations and produces an interactive, shareable report.* -[![License: MIT-0](https://img.shields.io/badge/License-MIT--0-yellow.svg)](https://opensource.org/licenses/MIT-0) [![Python 3.11+](https://img.shields.io/badge/Python-3.11+-blue.svg)](https://www.python.org/downloads/) [![AWS SAM](https://img.shields.io/badge/AWS-SAM-orange.svg)](https://aws.amazon.com/serverless/sam/) +[![License: MIT-0](https://img.shields.io/badge/License-MIT--0-yellow.svg)](https://opensource.org/licenses/MIT-0) [![Python 3.12](https://img.shields.io/badge/Python-3.12-blue.svg)](https://www.python.org/downloads/) [![AWS SAM](https://img.shields.io/badge/AWS-SAM-orange.svg)](https://aws.amazon.com/serverless/sam/) **Open-source automated security scanner for generative AI and machine learning workloads on AWS.** Core checks for Amazon Bedrock, Amazon SageMaker AI, and Amazon Bedrock AgentCore are built on the [AWS Well-Architected Framework — Generative AI Lens](https://docs.aws.amazon.com/wellarchitected/latest/generative-ai-lens/generative-ai-lens.html). An optional Financial Services GenAI risk module adds 64 checks aligned to the [AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption within Financial Services Industries](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/whitepapers/compliance/AWS-User-Guide-Governance-Risk-Compliance-for-Responsible-AI-Adoption-Financial-Services.pdf). See the [AWS Security Blog announcement](https://aws.amazon.com/blogs/security/introducing-the-updated-aws-user-guide-to-governance-risk-and-compliance-for-responsible-ai-adoption/) for context on the updated guide. @@ -131,7 +131,7 @@ This tool operates within the [AWS Shared Responsibility Model](https://aws.amaz ## Prerequisites -- Python 3.12+ — [Install Python](https://www.python.org/downloads/) +- Python 3.12 — [Install Python](https://www.python.org/downloads/) - AWS SAM CLI — [Install the AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) - Docker (optional) — [Install Docker](https://hub.docker.com/search/?type=edition&offering=community) — Only required for local development @@ -405,7 +405,7 @@ GitHub Actions workflows run automatically on pull requests and selected pushes: | Workflow | Trigger | What It Checks | |----------|---------|----------------| | **Python Code Quality** | PR | `ruff check` and `ruff format --check` on changed Python files | -| **AI/ML Security Assessment Tests** | PR, push to `main`/`develop` | Runs the `pytest` suite (assessment functions and report pipeline) on Python 3.11 and 3.12 | +| **AI/ML Security Assessment Tests** | PR, push to `main`/`develop` | Runs the `pytest` suite (assessment functions and report pipeline) on Python 3.12 | | **CloudFormation Lint** | PR | Validates deployment and SAM templates with `cfn-lint` | | **SAM Validate & Build** | PR | `sam validate --lint` and `sam build` on SAM templates | | **ASH Security Scan** | PR | Scans for secrets, dependency vulnerabilities, and IaC misconfigurations | diff --git a/sample-reports/dashboard-overview-dark.png b/sample-reports/dashboard-overview-dark.png index f868852..a94cd0a 100644 Binary files a/sample-reports/dashboard-overview-dark.png and b/sample-reports/dashboard-overview-dark.png differ diff --git a/sample-reports/dashboard-overview-light.png b/sample-reports/dashboard-overview-light.png index f55f455..af805da 100644 Binary files a/sample-reports/dashboard-overview-light.png and b/sample-reports/dashboard-overview-light.png differ diff --git a/sample-reports/findings-table.png b/sample-reports/findings-table.png index 28abffe..948e9ee 100644 Binary files a/sample-reports/findings-table.png and b/sample-reports/findings-table.png differ diff --git a/sample-reports/multi-account-summary.png b/sample-reports/multi-account-summary.png index 639c175..78bbe13 100644 Binary files a/sample-reports/multi-account-summary.png and b/sample-reports/multi-account-summary.png differ diff --git a/sample-reports/scripts/capture_screenshots.py b/sample-reports/scripts/capture_screenshots.py index bb66cea..4bc566d 100755 --- a/sample-reports/scripts/capture_screenshots.py +++ b/sample-reports/scripts/capture_screenshots.py @@ -18,6 +18,7 @@ python sample-reports/scripts/capture_screenshots.py """ +import re import sys from pathlib import Path from playwright.sync_api import sync_playwright @@ -32,6 +33,19 @@ JPEG_QUALITY = 85 # Balance between quality and file size PNG_OPTIMIZE = True +# Well-known AWS documentation example account IDs (not real accounts). Real +# account IDs discovered in the sample reports are consistently remapped to +# these placeholders before screenshots are captured. +# See: https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html +ANONYMIZED_ACCOUNT_IDS = [ + "111122223333", + "444455556666", + "777788889999", + "123456789012", + "555555555555", + "666677778888", +] + # Screenshots to capture SCREENSHOTS = [ { @@ -80,6 +94,64 @@ ] +def anonymize_account_ids(html_files: list) -> None: + """ + Replace real 12-digit AWS account IDs in the given HTML files with + well-known example account IDs, in place. + + Each distinct real account ID is mapped to a stable placeholder so that + filtering and grouping in the reports keep working. The mapping is shared + across all provided files, so an account that appears in multiple reports + is anonymized to the same placeholder everywhere. + + Args: + html_files: List of Path objects pointing to HTML report files. + """ + print("\n Anonymizing account IDs...") + + # Collect every distinct 12-digit account ID across all files first so the + # placeholder assignment is deterministic regardless of processing order. + account_id_pattern = re.compile(r"\b\d{12}\b") + discovered = [] + file_contents = {} + for html_file in html_files: + if not html_file.exists(): + print(f" WARNING: {html_file} not found, skipping...") + continue + content = html_file.read_text(encoding="utf-8") + file_contents[html_file] = content + for account_id in account_id_pattern.findall(content): + if account_id not in discovered: + discovered.append(account_id) + + if not discovered: + print(" No account IDs found to anonymize.") + return + + if len(discovered) > len(ANONYMIZED_ACCOUNT_IDS): + print( + f" ERROR: Found {len(discovered)} distinct account IDs but only " + f"{len(ANONYMIZED_ACCOUNT_IDS)} placeholders are defined. " + "Add more entries to ANONYMIZED_ACCOUNT_IDS." + ) + sys.exit(1) + + mapping = dict(zip(discovered, ANONYMIZED_ACCOUNT_IDS)) + for real_id, placeholder in mapping.items(): + print(f" {real_id} -> {placeholder}") + + # Apply the mapping to each file. Replace via the same word-boundary regex + # to avoid touching digits that happen to embed a 12-digit run. + def _replace(match: "re.Match") -> str: + return mapping.get(match.group(0), match.group(0)) + + for html_file, content in file_contents.items(): + updated = account_id_pattern.sub(_replace, content) + if updated != content: + html_file.write_text(updated, encoding="utf-8") + print(f" Updated: {html_file.name}") + + def optimize_png(image_path: Path, max_size_kb: int = 300) -> None: """ Optimize PNG image to reduce file size while maintaining quality. @@ -190,6 +262,11 @@ def main(): print(f" Viewport size: {VIEWPORT_WIDTH}x{VIEWPORT_HEIGHT}") print(f" Target: {len(SCREENSHOTS)} screenshots") + # Anonymize account IDs in the source HTML reports before capturing so the + # screenshots (and the reports themselves) never expose real account IDs. + report_files = sorted({SAMPLE_REPORTS_DIR / cfg["file"] for cfg in SCREENSHOTS}) + anonymize_account_ids(report_files) + try: with sync_playwright() as p: # Launch browser diff --git a/sample-reports/security_assessment_multi_account.html b/sample-reports/security_assessment_multi_account.html index ab1ba76..de48422 100644 --- a/sample-reports/security_assessment_multi_account.html +++ b/sample-reports/security_assessment_multi_account.html @@ -66,6 +66,11 @@ .section-title .service-icon svg { border-radius: 8px; } .nav-item .count { margin-left: auto; font-size: 12px; font-weight: 600; background: var(--surface-2); padding: 2px 8px; border-radius: 10px; } .nav-item.active .count { background: var(--accent); color: #fff; } + .nav-section.lens-nav { border-top: 1px solid var(--border); padding-top: 16px; margin-top: -8px; } + .lens-nav .nav-item { background: var(--warning-soft); color: var(--text); box-shadow: inset 3px 0 0 var(--warning); } + .lens-nav .nav-item:hover { background: var(--warning-soft); color: var(--warning); } + .lens-nav .nav-item.active { background: var(--warning-soft); color: var(--warning); } + .lens-nav .nav-item .count { background: var(--warning); color: #fff; } .nav-section.industry-nav { border-top: 1px solid var(--border); padding-top: 16px; margin-top: -8px; } .industry-nav .nav-item { background: var(--accent-soft); color: var(--text); box-shadow: inset 3px 0 0 var(--accent); } .industry-nav .nav-item:hover { background: var(--accent-soft); color: var(--accent); } @@ -182,7 +187,7 @@

Navigation

Security Findings - 723 + 1664 @@ -198,22 +203,23 @@

By Service

Bedrock - 209 + 461 SageMaker - 252 + 423 AgentCore - 123 + 182 - + + @@ -223,41 +229,41 @@

By Service

-
Security Checks
117
Evaluated across 3 regions
-
Total Findings
723
Across 3 accounts · 3 regions
-
Actionable Findings
268
High, Medium, and Low severity
-
High Severity
9/61
14.8% passed · Immediate action required
-
Medium Severity
39/190
20.5% passed · Should be addressed
-
Low Severity
9/17
52.9% passed · Best practices
+
Security Checks
161
Evaluated across 5 regions
+
Total Findings
1664
Across 3 accounts · 5 regions
+
Actionable Findings
598
High, Medium, and Low severity
+
High Severity
28/219
12.8% passed · Immediate action required
+
Medium Severity
82/280
29.3% passed · Should be addressed
+
Low Severity
30/99
30.3% passed · Best practices

Priority Recommendations

1
-
AgentCore IAM Full Access Policy
+
AgentCore Resource-Based Policies Missing
AgentCore
1
-
AgentCore IAM Wildcard Permissions
-
AgentCore
+
Agentic AI Gateway Tool Policy Enforcement Missing
+
Agentic AI
-
2
+
1
-
AgentCore Runtime VPC Configuration
-
AgentCore
+
Agentic AI Resource Policy Boundary
+
Agentic AI
1
-
AgentCore Stale Access
-
AgentCore
+
Amazon Bedrock private connectivity not used
+
Bedrock
@@ -279,16 +285,16 @@

Security Assessment Overview

All Security Findings
-
-
-
+
+
+
-
- - +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2
+ + @@ -297,9 +303,9 @@

Security Assessment Overview

- - - + + + @@ -308,9 +314,9 @@

Security Assessment Overview

- - - + + + @@ -319,9 +325,9 @@

Security Assessment Overview

- - - + + + @@ -330,9 +336,9 @@

Security Assessment Overview

- - - + + + @@ -341,9 +347,9 @@

Security Assessment Overview

- - - + + + @@ -352,9 +358,9 @@

Security Assessment Overview

- - - + + + @@ -363,9 +369,9 @@

Security Assessment Overview

- - - + + + @@ -374,9 +380,9 @@

Security Assessment Overview

- - - + + + @@ -385,9 +391,9 @@

Security Assessment Overview

- - - + + + @@ -396,1644 +402,2212 @@

Security Assessment Overview

- - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - - - - - - - - - - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + + + + + + + + + + + + - - - + + + - - - - - - + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - - + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + @@ -2042,9 +2616,9 @@

Security Assessment Overview

- - - + + + @@ -2053,9 +2627,9 @@

Security Assessment Overview

- - - + + + @@ -2064,9 +2638,9 @@

Security Assessment Overview

- - - + + + @@ -2075,9 +2649,9 @@

Security Assessment Overview

- - - + + + @@ -2090,9 +2664,9 @@

Security Assessment Overview

- - - + + + @@ -2101,20 +2675,20 @@

Security Assessment Overview

- - - + + + - - + + - - - + + + @@ -2123,9 +2697,9 @@

Security Assessment Overview

- - - + + + @@ -2134,9 +2708,9 @@

Security Assessment Overview

- - - + + + @@ -2145,9 +2719,9 @@

Security Assessment Overview

- - - + + + @@ -2156,427 +2730,19513 @@

Security Assessment Overview

- - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - - - - - - - - - - - - + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111122223333ap-south-1 AC-01 AgentCore VPC Configuration Check No AgentCore resources found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-04 AgentCore Observability Check No AgentCore resources found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-05 AgentCore Encryption Check No AgentCore resources found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-06 AgentCore Browser Tool Recording Check No AgentCore Runtimes found to check browser tool configuration Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-07 AgentCore Memory Configuration Check No Memory resources found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-13 AgentCore Gateway Configuration Check No Gateway resources found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-08 AgentCore VPC Endpoints Check No AgentCore resources found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-10 AgentCore Resource-Based Policies Check No AgentCore resources found to check for resource-based policies Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-11 AgentCore Policy Engine Encryption Check No Policy Engines found Informational N/A
111111111111ap-southeast-2
111122223333ap-south-1 AC-12 AgentCore Gateway Encryption Check No Gateways found Informational N/A
111111111111ap-southeast-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check
111122223333ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configured
111122223333ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action requiredMediumPassedInformationalN/A
111111111111ap-southeast-2SM-03Data Protection CheckNo SageMaker resources found to check for data protection
111122223333ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
111122223333ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action requiredMediumPassed
111111111111ap-southeast-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
111111111111ap-southeast-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
111122223333ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
111111111111ap-southeast-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
111122223333ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
111111111111ap-southeast-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
111122223333ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
111111111111ap-southeast-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
111122223333ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
111111111111ap-southeast-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
111122223333ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
111111111111ap-southeast-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
111122223333ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
111111111111ap-southeast-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
111122223333ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
111111111111ap-southeast-2SM-11SageMaker Model Network Isolation CheckNo models found
111122223333us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
111122223333us-west-2AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found
111122223333us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access
111122223333us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
111111111111ap-southeast-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores found
111122223333us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
111111111111ap-southeast-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found
111122223333us-west-2AC-13AgentCore Gateway Configuration CheckFound 1 Gateway resources No action requiredInformationalN/AMediumPassed
111111111111ap-southeast-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs found
111122223333us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs found
111122223333us-west-2AC-10AgentCore Resource-Based Policies MissingThe following AgentCore resources do not have resource-based policies: Gateway 'aws-news-mcp'. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to: +1. Implement defense-in-depth access control +2. Enable cross-account access control +3. Restrict access based on source VPC or IP +4. Implement hierarchical authorization for Agent RuntimesHighFailed
111122223333us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
111111111111ap-southeast-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found
111122223333us-west-2AC-12AgentCore Gateway Encryption MissingThe following Gateways do not use customer-managed KMS encryption: 'aws-news-mcp'. Gateway configuration data uses AWS-managed keys.1. Create gateways with customer-managed KMS keys for additional control +2. AWS-managed keys are single-tenant and region-specific +3. Consider CMK for enhanced audit capabilities and key rotation controlLowFailed
111122223333us-west-2AG-24Agentic AI Gateway Inbound AuthorizationGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) uses authorizerType CUSTOM_JWT. No action requiredInformationalN/AHighPassed
111111111111ap-southeast-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found
111122223333us-west-2AG-25Agentic AI Gateway Tool Policy Enforcement MissingGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) does not have a policy engine configuration. Tool calls are not evaluated by AgentCore policy enforcement.Attach an AgentCore policy engine to the gateway and use ENFORCE mode for production tool authorization.HighFailed
111122223333us-west-2AG-26Agentic AI Gateway Error Detail ExposureGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) does not expose DEBUG-level exception detail. No action requiredMediumPassed
111122223333us-west-2AG-27Agentic AI Gateway WAF Protection MissingGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) is not associated with an AWS WAF web ACL.Associate an AWS WAF web ACL with internet-facing AgentCore gateways to add request filtering and abuse protection.LowFailed
111122223333us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
111111111111ap-southeast-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
111122223333us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
111111111111ap-southeast-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
111122223333us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
111111111111ap-southeast-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
111111111111ap-southeast-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: The following AgentCore resources do not have resource-based policies: Gateway 'aws-news-mcp'. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.HighFailed
111111111111ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
111122223333us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
111111111111GlobalAC-02AgentCore IAM Full Access PolicyThe following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161Replace with least-privilege policies scoped to specific AgentCore resources and actionsHigh
111122223333us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: The following Gateways do not use customer-managed KMS encryption: 'aws-news-mcp'. Gateway configuration data uses AWS-managed keys.Configure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.Low Failed
111111111111
111122223333 GlobalAC-02AgentCore IAM Wildcard PermissionsThe following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-roleScope permissions to specific AgentCore resources using resource ARNsBR-01AmazonBedrockFullAccess role checkRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required access High Failed
111111111111
111122223333 GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (179 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (179 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (179 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (62 days)Review and remove unused AgentCore permissions following least privilege principleMediumBR-01AmazonBedrockFullAccess role checkRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHigh Failed
111111111111
111122223333 GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMediumBR-01AmazonBedrockFullAccess role checkRole 'myAskMeAnything-role-kmsizqwf' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHigh Failed
111111111111
111122223333 GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-cdk_agent_core'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-neoCyan_Agent'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check. High Failed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_knnc9'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check. High Failed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_qxqw2'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check. High Failed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check. High Failed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check. High Failed
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMedium
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMedium
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'myAskMeAnything-role-kmsizqwf' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMedium
111122223333GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-20pp' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMedium
111122223333GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-yhc3' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMedium
111122223333GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockClientUser' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111
111122223333 us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisBR-02Amazon Bedrock private connectivity not usedNo Bedrock service VPC endpoints found in VPCs: vpc-03472be90d65c2f68, vpc-39319f44, vpc-064f3e808e378cbc8, vpc-02d020a365a06c7feCreate a VPC endpoint in your VPC with any of the following Bedrock service endpoints that your application may be using: +- com.amazonaws.region.bedrock +- com.amazonaws.region.bedrock-runtime +- com.amazonaws.region.bedrock-agent +- com.amazonaws.region.bedrock-agent-runtime Medium Failed
111111111111
111122223333 us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingBR-04Bedrock Model Invocation Logging CheckModel invocation logging is properly configured with delivery to: Amazon S3, CloudWatch LogsNo action required MediumFailedPassed
111111111111
111122223333 us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailedBR-05Bedrock Guardrails CheckAmazon Bedrock Guardrails are properly configured with 1 guardrailsNo action required. Continue monitoring and updating guardrails as needed.HighPassed
111111111111
111122223333 us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingBR-06Bedrock CloudTrail Logging CheckCloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETENo action required. Continue monitoring CloudTrail logs for Bedrock activity. MediumFailedPassed
111111111111
111122223333 us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailedBR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111111111111
111122223333 us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-customer_support_agent' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailedBR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111111111111
111122223333 us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-origami_expeditions' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailedBR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-semiconductors' (RQYFDSE1LT) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111111111111
111122223333 us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailedBR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base '111122223333-us-east-1-kb' (PAJOKBSIMQ) uses 'S3_VECTORS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111111111111
111122223333 us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailedBR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'e2e-rag-knowledgebase' (ESIYAYSYTJ) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111111111111
111122223333 us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumBR-10Bedrock Guardrail IAM Enforcement MissingThe following roles can invoke Bedrock models without enforced guardrails: 111122223333-us-east-1-kb-bedrock-service-role, agentcore-wildrydes_gateway_role_ab3991f6-role, AgentCoreEvalsSDK-us-east-1-d04ba7b68b, AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76, AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b, AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D, AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ, AmazonBedrockExecutionRoleForKnowledgeBase_072pr, AmazonBedrockExecutionRoleForKnowledgeBase_byjin, AmazonBedrockExecutionRoleForKnowledgeBase_h9718...Add IAM policy conditions to enforce guardrail usage: +1. Use 'bedrock:GuardrailIdentifier' condition key +2. Specify required guardrail ARN or ID +3. Example: "Condition": {"StringEquals": {"bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account:guardrail/guardrail-id"}}High Failed
111111111111
111122223333 us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailedBR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111111111111
111122223333 us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsBR-12Bedrock Invocation Log EncryptionS3 bucket 'nistairmfguardrail-invocationlogsbucket8fe5371b-wmlsng7pkyhm' for invocation logs uses SSE-S3 encryption instead of customer-managed KMS. Invocation logs may contain sensitive prompts and responses.1. Enable SSE-KMS with a customer-managed key on the S3 bucket +2. Update bucket policy to require encrypted uploads +3. Consider enabling S3 bucket versioning and MFA delete for log integrity Medium Failed
111111111111
111122223333 us-east-1AC-07AgentCore Memory EncryptionMemory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysBR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333GlobalBR-15Cross-Account Guardrails Enforcement CheckCheck must run in AWS Organizations management account to evaluate organizational policiesRun assessment in management account to check cross-account guardrails enforcement MediumFailedN/A
111111111111
111122223333 us-east-1AC-07AgentCore Memory EncryptionMemory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysBR-16Guardrail Tier Validation CheckGuardrail 'nist-ai-rmf-guardrail' (ID: do7xkmhadx7k) is using the 'CLASSIC' content-filter tier instead of 'STANDARD'. The STANDARD tier provides more robust content filtering and broader language support than the CLASSIC tier.Update the guardrail to use the STANDARD content-filter tier for improved contextual understanding, better prompt attack filtering (distinguishing jailbreaks from prompt injection), and broader language support. The STANDARD tier requires cross-Region inference. Review pricing implications before upgrading. Medium Failed
111111111111
111122223333 us-east-1AC-07AgentCore Memory EncryptionMemory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysBR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-east-1BR-18Model Evaluation Implementation CheckNo Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Create model evaluation jobs using Amazon Bedrock Evaluations to assess foundation model performance against safety and quality metrics. Use built-in datasets or custom test sets. Enable LLM-as-a-judge evaluation for comprehensive assessment. Medium Failed
111111111111
111122223333 us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredBR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-semiconductors' (ID: RQYFDSE1LT) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestion Informational N/A
111111111111
111122223333 us-east-1AC-08AgentCore VPC Endpoints MissingNo AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.Create VPC interface endpoints for AgentCore services: -1. com.amazonaws.region.bedrock-agentcore -2. com.amazonaws.region.bedrock-agentcore-control -3. com.amazonaws.region.bedrock-agentcore-runtime -This enables private connectivity via AWS PrivateLinkBR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base '111122223333-us-east-1-kb' (ID: PAJOKBSIMQ) uses 'S3_VECTORS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'e2e-rag-knowledgebase' (ID: ESIYAYSYTJ) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principles HighN/A
111122223333us-east-1BR-22Model Invocation Throttling Limits Check11 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Continue monitoring quota utilization. Review and adjust quotas as application requirements change.LowPassed
111122223333us-east-1BR-23Guardrail Content Filter Coverage Check1 guardrails have complete content filter coverage (hate, insults, sexual, violence)No action required. Continue monitoring filter effectiveness and adjust thresholds as needed.LowPassed
111122223333us-east-1BR-24Automated Reasoning Policy Implementation CheckGuardrail 'nist-ai-rmf-guardrail' (ID: do7xkmhadx7k) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure Automated Reasoning policies on guardrails to mathematically verify model responses. Define policies that specify allowed and disallowed behaviors. Use for high-assurance use cases where formal verification is required.Medium Failed
111111111111
111122223333 us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalBR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-semiconductors' (ID: RQYFDSE1LT) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-east-1BR-25RAG Evaluation Jobs CheckKnowledge base '111122223333-us-east-1-kb' (ID: PAJOKBSIMQ) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-east-1BR-25RAG Evaluation Jobs CheckKnowledge base 'e2e-rag-knowledgebase' (ID: ESIYAYSYTJ) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-east-1BR-26Guardrail Sensitive Information Filter Check1 guardrails have sensitive-information (PII) filters configuredNo action required. Periodically review the PII entity types and regex patterns to ensure coverage matches your data.LowPassed
111122223333us-east-1BR-27Guardrail Contextual Grounding Check1 guardrails have contextual grounding checks enabledNo action required. Review grounding and relevance thresholds periodically to balance hallucination detection against false positives.LowPassed
111122223333us-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHigh N/A
111111111111
111122223333 us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalBR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLow N/A
111111111111
111122223333 us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredBR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333us-east-1BR-32Bedrock CloudWatch Alarm CheckNo CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Create CloudWatch alarms on AWS/Bedrock runtime metrics such as Invocations, InvocationThrottles, InputTokenCount, OutputTokenCount, and ContentFilteredCount, and route them to an Amazon SNS topic for notification.MediumFailed
111122223333us-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: Model invocation logging is properly configured with delivery to: Amazon S3, CloudWatch LogsEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.MediumPassed
111122223333us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: CloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETEEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.MediumPassed
111122223333GlobalAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Check must run in AWS Organizations management account to evaluate organizational policiesUse IAM and organization controls to require approved guardrails for model and agent invocations where supported. Informational N/A
111111111111eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required
111122223333us-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Configure model or application evaluations that include adversarial, safety, and security-relevant test cases.MediumFailed
111122223333us-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
111122223333us-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
111122223333us-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: 11 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Configure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.LowPassed
111122223333us-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: 1 guardrails have complete content filter coverage (hate, insults, sexual, violence)Configure guardrails with appropriate content filters and thresholds for all agent-facing workloads.LowPassed
111122223333us-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: Guardrail 'nist-ai-rmf-guardrail' (ID: do7xkmhadx7k) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure automated reasoning policies on guardrails where formal response validation is required.MediumFailed
111122223333us-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: 1 guardrails have sensitive-information (PII) filters configuredConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.LowPassed
111122223333us-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: 1 guardrails have contextual grounding checks enabledEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.LowPassed
111122223333us-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
111122223333us-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources found
111122223333us-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Configure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.MediumFailed
111122223333ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity No action required Informational N/A
111111111111eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found
111122223333ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging No action required Informational N/A
111111111111eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found
111122223333ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails No action required Informational N/A
111111111111eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
111122223333ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage No action required Informational N/A
111111111111eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required
111122223333ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templates Informational N/A
111111111111eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
111122223333ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account No action required Informational N/A
111111111111GlobalBR-01AmazonBedrockFullAccess role checkRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111111111111GlobalBR-01AmazonBedrockFullAccess role checkRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111122223333ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
111111111111GlobalBR-01AmazonBedrockFullAccess role checkRole 'myAskMeAnything-role-kmsizqwf' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111122223333ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-cdk_agent_core'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-neoCyan_Agent'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_knnc9'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_qxqw2'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
111122223333ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keys HighFailedN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'myAskMeAnything-role-kmsizqwf' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
111122223333ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryption HighFailedN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-20pp' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
111122223333ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principles HighFailedN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-yhc3' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockClientUser' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
111122223333ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholds HighFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole '111111111111-us-east-1-kb-bedrock-service-role' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responses MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole '111111111111-us-east-1-kb-setup-function-role' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'agentcore-wildrydes_gateway_role_ab3991f6-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applications MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' last accessed Bedrock on 2025-12-21You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D' last accessed Bedrock on 2024-06-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ' last accessed Bedrock on 2025-04-27You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_072pr' last accessed Bedrock on 2024-06-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_byjin' last accessed Bedrock on 2024-11-17You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_h9718' last accessed Bedrock on 2024-11-17You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' last accessed Bedrock on 2026-01-01You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' last accessed Bedrock on 2025-12-28You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_semicon' last accessed Bedrock on 2024-09-01You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_xtwwd' last accessed Bedrock on 2025-10-13You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_y9m7f' last accessed Bedrock on 2025-04-27You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonQInvestigationRole-DefaultInvestigationGroup-8vxyjh' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonSageMaker-ExecutionRole-20231014T200029' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonSageMaker-ExecutionRole-20250525T153161' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
111122223333ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111122223333ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
111122223333us-west-2BR-02Amazon Bedrock private connectivity not usedNo Bedrock service VPC endpoints found in VPCs: vpc-0f85a6754ab37efb7, vpc-5c3b6524, vpc-03bcafcb58a3029fcCreate a VPC endpoint in your VPC with any of the following Bedrock service endpoints that your application may be using: +- com.amazonaws.region.bedrock +- com.amazonaws.region.bedrock-runtime +- com.amazonaws.region.bedrock-agent +- com.amazonaws.region.bedrock-agent-runtime Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'aws-api-mcp-server-execution-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-04Bedrock Model Invocation Logging CheckModel invocation logging is not enabled. This limits your ability to track and audit model usage.Enable model invocation logging to collect invocation logs, model input data, and model output data. Configure logging to deliver to Amazon S3, CloudWatch Logs, or both for comprehensive monitoring. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-05Bedrock Guardrails CheckAmazon Bedrock Guardrails are properly configured with 1 guardrailsNo action required. Continue monitoring and updating guardrails as needed.HighPassed
111122223333us-west-2BR-06Bedrock CloudTrail Logging CheckCloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETENo action required. Continue monitoring CloudTrail logs for Bedrock activity. MediumPassed
111122223333us-west-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333us-west-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-bedrock-agent' (XSPYLN4FQL) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'IDP-DOCUMENTBEDROCKKB-CY8N0Q7N4YDT' (SUGAG7RGYD) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'promptfoo-rag-workshop-111122223333-kb' (N74ZIKTUFL) uses 'RDS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'InvestmentResearchKB' (M1GMUG3BP0) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-quick-start-xtwwd' (ENFHSBBLMV) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'kb-s3-vector-store' (116IXQU5VP) uses 'S3_VECTORS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-10Bedrock Guardrail IAM Enforcement MissingThe following roles can invoke Bedrock models without enforced guardrails: 111122223333-us-east-1-kb-bedrock-service-role, agentcore-wildrydes_gateway_role_ab3991f6-role, AgentCoreEvalsSDK-us-east-1-d04ba7b68b, AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76, AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b, AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D, AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ, AmazonBedrockExecutionRoleForKnowledgeBase_072pr, AmazonBedrockExecutionRoleForKnowledgeBase_byjin, AmazonBedrockExecutionRoleForKnowledgeBase_h9718...Add IAM policy conditions to enforce guardrail usage: +1. Use 'bedrock:GuardrailIdentifier' condition key +2. Specify required guardrail ARN or ID +3. Example: "Condition": {"StringEquals": {"bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account:guardrail/guardrail-id"}}High Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on 2024-11-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333us-west-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333us-west-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333us-west-2BR-16Guardrail Tier Validation CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) is using the 'CLASSIC' content-filter tier instead of 'STANDARD'. The STANDARD tier provides more robust content filtering and broader language support than the CLASSIC tier.Update the guardrail to use the STANDARD content-filter tier for improved contextual understanding, better prompt attack filtering (distinguishing jailbreaks from prompt injection), and broader language support. The STANDARD tier requires cross-Region inference. Review pricing implications before upgrading. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-west-2BR-18Model Evaluation Implementation CheckNo Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Create model evaluation jobs using Amazon Bedrock Evaluations to assess foundation model performance against safety and quality metrics. Use built-in datasets or custom test sets. Enable LLM-as-a-judge evaluation for comprehensive assessment. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSVAPTAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deployment MediumN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-bedrock-agent' (ID: XSPYLN4FQL) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'IDP-DOCUMENTBEDROCKKB-CY8N0Q7N4YDT' (ID: SUGAG7RGYD) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'promptfoo-rag-workshop-111122223333-kb' (ID: N74ZIKTUFL) uses 'RDS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'InvestmentResearchKB' (ID: M1GMUG3BP0) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-quick-start-xtwwd' (ID: ENFHSBBLMV) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'kb-s3-vector-store' (ID: 116IXQU5VP) uses 'S3_VECTORS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333us-west-2BR-22Model Invocation Throttling Limits Check7 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Continue monitoring quota utilization. Review and adjust quotas as application requirements change.LowPassed
111122223333us-west-2BR-23Guardrail Content Filter Coverage CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) is missing content filters: HATE, VIOLENCE, SEXUAL, INSULTS. Complete content filter coverage is essential for comprehensive content safety.Update guardrail to enable all content filters (HATE, INSULTS, SEXUAL, VIOLENCE). Configure appropriate threshold levels (LOW, MEDIUM, HIGH) for both input and output filtering based on your use case. Review AWS documentation for threshold guidance.High Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'BedrockCognitoFederatedRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-24Automated Reasoning Policy Implementation CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure Automated Reasoning policies on guardrails to mathematically verify model responses. Define policies that specify allowed and disallowed behaviors. Use for high-assurance use cases where formal verification is required. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-111111111111-us-east-1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-bedrock-agent' (ID: XSPYLN4FQL) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.Low Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-111111111111-us-west-2' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'IDP-DOCUMENTBEDROCKKB-CY8N0Q7N4YDT' (ID: SUGAG7RGYD) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.Low Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cfn-contextualChatBot-usi-LambdaExecutionRoleForKno-aHg3J0xel6VU' last accessed Bedrock on 2024-03-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'promptfoo-rag-workshop-111122223333-kb' (ID: N74ZIKTUFL) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.Low Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'InvestmentResearchKB' (ID: M1GMUG3BP0) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.Low Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-quick-start-xtwwd' (ID: ENFHSBBLMV) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.Low Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'kb-s3-vector-store' (ID: 116IXQU5VP) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.Low Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CustomerSupportStackInfra-CustomerSupportLambdaRole-ujGGiNU6KEnI' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2BR-26Guardrail Sensitive Information Filter CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) has no sensitive-information filters configured (no PII entities or regex patterns). Prompts and model responses are not screened for sensitive data such as PII.Configure sensitive-information filters on the guardrail: add PII entity types (e.g. NAME, EMAIL, SSN, CREDIT_DEBIT_CARD_NUMBER) and/or custom regex patterns, and set the appropriate BLOCK or ANONYMIZE action for input and output.High Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-27Guardrail Contextual Grounding CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have contextual grounding checks enabled. Without grounding and relevance checks, the guardrail cannot detect hallucinated (ungrounded) or off-topic model responses.Enable contextual grounding checks (GROUNDING and RELEVANCE filter types) on the guardrail with appropriate thresholds. This is especially important for RAG applications to ensure responses are grounded in the retrieved source material. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'e2ebedrockrag-KbRoleStack-2YO19O2NS6FP-KbRole-OgMxcvrnZrHZ' last accessed Bedrock on 2025-11-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'fsi-genai-workshop-bedrock-kb-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2BR-32Bedrock CloudWatch Alarm CheckNo CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Create CloudWatch alarms on AWS/Bedrock runtime metrics such as Invocations, InvocationThrottles, InputTokenCount, OutputTokenCount, and ContentFilteredCount, and route them to an Amazon SNS topic for notification. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'fsi-genai-workshop-lambda-execution-role' last accessed Bedrock on 2025-12-28You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: Model invocation logging is not enabled. This limits your ability to track and audit model usage.Enable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'fsi-genai-workshop-websocket-lambda-role' last accessed Bedrock on 2025-12-28You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: CloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETEEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Configure model or application evaluations that include adversarial, safety, and security-relevant test cases. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-BDASAMPLEPROJECT-SGJRDJI15S-LambdaExecutionRole-MCRJbTEDuyKt' last accessed Bedrock on 2025-08-24You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111122223333us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111122223333us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: 7 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Configure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.LowPassed
111122223333us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) is missing content filters: HATE, VIOLENCE, SEXUAL, INSULTS. Complete content filter coverage is essential for comprehensive content safety.Configure guardrails with appropriate content filters and thresholds for all agent-facing workloads.High Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-ChatWithDocumentResolverFunctionRole-ATyH7GeR2ad1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure automated reasoning policies on guardrails where formal response validation is required. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-DOCUMENTBEDROCKKB-CY8-StartIngestionJobFunction-NjNLRuUn8qtp' last accessed Bedrock on 2025-08-24You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
111122223333us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) has no sensitive-information filters configured (no PII entities or regex patterns). Prompts and model responses are not screened for sensitive data such as PII.Configure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.High Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-EvaluationFunctionRole-LQdnEMAdwWPe' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have contextual grounding checks enabled. Without grounding and relevance checks, the guardrail cannot detect hallucinated (ungrounded) or off-topic model responses.Enable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-PATTERN1STACK-TNHNKPK-ProcessResultsFunctionRol-8z8mNwa6RahP' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
111122223333us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111122223333us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Configure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Medium Failed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-PATTERN1STACK-TNHNKPK-SummarizationFunctionRole-MY6sxSMvFNr4' last accessed Bedrock on 2025-10-07You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-PATTERN1STACK-TNHNKPKJY4Q-InvokeBDAFunctionRole-pLHufEKQ0Nu4' last accessed Bedrock on 2025-10-07You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-QueryKnowledgeBaseResolverFunctionRole-p9Mcpfk0BA6z' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' last accessed Bedrock on 2024-07-30You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'LLMEvaluationPromptfoo-Aurora-Bedrock-Role' last accessed Bedrock on 2025-12-30You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'LLMEvaluationPromptfoo-LambdaExecutionRole-umo63kVrhIoy' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' last accessed Bedrock on 2025-12-30You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'Meeting-Note-Bot-Role' last accessed Bedrock on 2025-10-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'myAskMeAnything-role-kmsizqwf' last accessed Bedrock on 2024-01-04You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'resco-aiml-security-19304-BedrockSecurityAssessment-kgYUbi1MIbbb' last accessed Bedrock on 2026-04-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'SAT-PrereqTest-CodeBuildRole-SATv2Stack-PreReqs' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'threat-designer-role' last accessed Bedrock on 2025-07-02You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckUser 'BedrockAPIKey-yhc3' last accessed Bedrock on 2026-04-19You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckUser 'BedrockClientUser' last accessed Bedrock on 2025-04-06You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111us-east-1
111122223333sa-east-1 BR-02 Amazon Bedrock private connectivity check No regional Bedrock resources found to assess private connectivity Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-04 Bedrock Model Invocation Logging Check No regional Bedrock resources found to monitor with invocation logging Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-05 Bedrock Guardrails Check No regional Bedrock resources found to protect with guardrails Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-06 Bedrock CloudTrail Logging Check No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-07 Bedrock Prompt Management Check Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses. Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-08 Bedrock Agent IAM Roles Check No Bedrock agents found in the account Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-09 Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.No Knowledge Bases found in the accountNo action required Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-10 Bedrock Guardrail IAM Enforcement Check No guardrails configured - IAM enforcement check not applicable Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-11 Bedrock Custom Model Encryption Check No custom/fine-tuned models found in the account Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-12 Bedrock Invocation Log Encryption Check Model invocation logging to S3 is not configured Informational N/A
111111111111us-east-1
111122223333sa-east-1 BR-13 Bedrock Flows Guardrails Check No Bedrock Flows found in the account Informational N/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20231014T200029' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
111122223333sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keys HighFailedN/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMakerServiceCatalogProductsExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'EMR_EC2_DefaultRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
111122223333sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryption HighFailedN/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
111122223333sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principles HighFailedN/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'SageMaker-EMR-ExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
111122223333sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
111122223333sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholds HighFailedN/A
111111111111us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access type
111122223333sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
111122223333sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111122223333sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responses HighFailedN/A
111111111111us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.
111122223333sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applications MediumFailedN/A
111111111111us-east-1SM-03Missing Encryption ConfigurationDomain 'QuickSetupDomain-20250525T153160' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced security
111122223333sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topics HighFailedN/A
111111111111us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required
111122223333sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111122223333sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumPassedN/A
111111111111us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
111122223333sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action required Informational N/A
111111111111us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
111122223333sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
111122223333sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
111122223333sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
111122223333sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
111122223333sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
111122223333sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
111122223333sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
111122223333sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
111122223333sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
111122223333sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
111122223333sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
111122223333sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
111122223333sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
111122223333GlobalAC-02AgentCore IAM Full Access PolicyThe following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161Replace with least-privilege policies scoped to specific AgentCore resources and actionsHighFailed
111122223333GlobalAC-02AgentCore IAM Wildcard PermissionsThe following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-roleScope permissions to specific AgentCore resources using resource ARNsHighFailed
111122223333GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (199 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (199 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (199 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (82 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
111122223333GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CloudSeerTrustedServiceRole', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW'Review and remove unused AgentCore permissions following least privilege principle Informational N/A
111111111111
111122223333GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
111122223333 us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/AAC-01AgentCore Runtime VPC ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111
111122223333 us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/AAC-01AgentCore Runtime VPC ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111
111122223333 us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/AAC-01AgentCore Runtime VPC ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111
111122223333 us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/AAC-01AgentCore Runtime VPC ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111
111122223333 us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/AAC-01AgentCore Runtime VPC ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111
111122223333 us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredAC-04AgentCore Runtime CloudWatch LogsRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshooting MediumPassedFailed
111111111111
111122223333 us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassedAC-04AgentCore Runtime X-Ray TracingRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111111111111
111122223333 us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111111111111ap-southeast-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/AAC-04AgentCore Runtime CloudWatch LogsRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111111111111ap-southeast-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111111111111ap-southeast-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111111111111ap-southeast-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111111111111ap-southeast-2
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111122223333us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-customer_support_agent' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailed
111122223333us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-origami_expeditions' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailed
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
111122223333us-east-1AC-07AgentCore Memory EncryptionMemory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysMediumFailed
111122223333us-east-1AC-07AgentCore Memory EncryptionMemory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysMediumFailed
111122223333us-east-1AC-07AgentCore Memory EncryptionMemory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysMediumFailed
111122223333us-east-1AC-13AgentCore Gateway Configuration CheckFound 2 Gateway resourcesNo action requiredMediumPassed
111122223333us-east-1AC-08AgentCore VPC Endpoints MissingNo AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.Create VPC interface endpoints for AgentCore services: +1. com.amazonaws.region.bedrock-agentcore +2. com.amazonaws.region.bedrock-agentcore-control +3. com.amazonaws.region.bedrock-agentcore-runtime +This enables private connectivity via AWS PrivateLinkHighFailed
111122223333us-east-1AC-10AgentCore Resource-Based Policies MissingThe following AgentCore resources do not have resource-based policies: Runtime 'origami_expeditions', Runtime 'neoCyan_Agent', Runtime 'customer_support_agent', Runtime 'cdk_agent_core', Runtime 'awsapimcpserver' and 2 more. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to: +1. Implement defense-in-depth access control +2. Enable cross-account access control +3. Restrict access based on source VPC or IP +4. Implement hierarchical authorization for Agent RuntimesHighFailed
111122223333us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
111122223333us-east-1AC-12AgentCore Gateway Encryption MissingThe following Gateways do not use customer-managed KMS encryption: 'customersupport-gw', 'wildrydes-gateway-ab3991f6'. Gateway configuration data uses AWS-managed keys.1. Create gateways with customer-managed KMS keys for additional control +2. AWS-managed keys are single-tenant and region-specific +3. Consider CMK for enhanced audit capabilities and key rotation controlLowFailed
111122223333us-east-1AG-24Agentic AI Gateway Inbound AuthorizationGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) uses authorizerType CUSTOM_JWT.No action requiredHighPassed
111122223333us-east-1AG-25Agentic AI Gateway Tool Policy Enforcement MissingGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) does not have a policy engine configuration. Tool calls are not evaluated by AgentCore policy enforcement.Attach an AgentCore policy engine to the gateway and use ENFORCE mode for production tool authorization.HighFailed
111122223333us-east-1AG-26Agentic AI Gateway Error Detail ExposureGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) does not expose DEBUG-level exception detail.No action requiredMediumPassed
111122223333us-east-1AG-27Agentic AI Gateway WAF Protection MissingGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) is not associated with an AWS WAF web ACL.Associate an AWS WAF web ACL with internet-facing AgentCore gateways to add request filtering and abuse protection.LowFailed
111122223333us-east-1AG-24Agentic AI Gateway Inbound AuthorizationGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) uses authorizerType CUSTOM_JWT.No action requiredHighPassed
111122223333us-east-1AG-25Agentic AI Gateway Tool Policy Enforcement MissingGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) does not have a policy engine configuration. Tool calls are not evaluated by AgentCore policy enforcement.Attach an AgentCore policy engine to the gateway and use ENFORCE mode for production tool authorization.HighFailed
111122223333us-east-1AG-26Agentic AI Gateway Error Detail ExposureGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) does not expose DEBUG-level exception detail.No action requiredMediumPassed
111122223333us-east-1AG-27Agentic AI Gateway WAF Protection MissingGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) is not associated with an AWS WAF web ACL.Associate an AWS WAF web ACL with internet-facing AgentCore gateways to add request filtering and abuse protection.LowFailed
111122223333GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: The following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161Replace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighFailed
111122223333GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: The following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-roleReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighFailed
111122223333GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (199 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (199 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (199 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (82 days)Remove or restrict stale AgentCore permissions for principals that no longer need access.MediumFailed
111122223333GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CloudSeerTrustedServiceRole', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW'Remove or restrict stale AgentCore permissions for principals that no longer need access.InformationalN/A
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: Memory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configuredConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.MediumFailed
111122223333us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: Memory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configuredConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.MediumFailed
111122223333us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: Memory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configuredConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.MediumFailed
111122223333us-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.Create required VPC endpoints for AgentCore services and validate endpoint availability.HighFailed
111122223333us-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: The following AgentCore resources do not have resource-based policies: Runtime 'origami_expeditions', Runtime 'neoCyan_Agent', Runtime 'customer_support_agent', Runtime 'cdk_agent_core', Runtime 'awsapimcpserver' and 2 more. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.HighFailed
111122223333us-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333us-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: The following Gateways do not use customer-managed KMS encryption: 'customersupport-gw', 'wildrydes-gateway-ab3991f6'. Gateway configuration data uses AWS-managed keys.Configure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.LowFailed
111122223333sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
111122223333sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
111122223333sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
111122223333sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
111122223333sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
111122223333sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
111122223333sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
111122223333sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
111122223333sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
111122223333sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333ap-south-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
111122223333ap-south-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
111122223333ap-south-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
111122223333ap-south-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111122223333ap-south-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111122223333ap-south-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111122223333ap-south-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111122223333ap-south-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111122223333ap-south-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111122223333ap-south-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
111122223333ap-south-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333ap-south-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333ap-south-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111122223333ap-south-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111122223333ap-south-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111122223333ap-south-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111122223333ap-south-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111122223333ap-south-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111122223333ap-south-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111122223333ap-south-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111122223333ap-south-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111122223333ap-south-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111122223333ap-south-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111122223333ap-south-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111122223333ap-south-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20231014T200029' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMakerServiceCatalogProductsExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'EMR_EC2_DefaultRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'SageMaker-EMR-ExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHighFailed
111122223333us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailed
111122223333us-east-1SM-03Missing Encryption ConfigurationDomain 'QuickSetupDomain-20250525T153160' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
111122223333us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111122223333us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111122223333us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111122223333us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111122223333us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111122223333us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111122223333us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
111122223333us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111122223333us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111122223333us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111122223333us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111122223333us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111122223333us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111122223333us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111122223333us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111122223333us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111122223333us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111122223333us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111122223333us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111122223333us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333us-west-2SM-01Non-VPC Only Network AccessSageMaker domain 'd-krxh4fmtaxjl' (PromptEvaluationDomain) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHighFailed
111122223333us-west-2SM-02SSO Not Properly ConfiguredSageMaker domain 'd-krxh4fmtaxjl' (PromptEvaluationDomain) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailed
111122223333us-west-2SM-03Missing Encryption ConfigurationDomain 'PromptEvaluationDomain' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
111122223333us-west-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111122223333us-west-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111122223333us-west-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111122223333us-west-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111122223333us-west-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111122223333us-west-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111122223333us-west-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
111122223333us-west-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333us-west-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333us-west-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111122223333us-west-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111122223333us-west-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111122223333us-west-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111122223333us-west-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111122223333us-west-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111122223333us-west-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111122223333us-west-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111122223333us-west-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111122223333us-west-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111122223333us-west-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111122223333us-west-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111122223333us-west-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333us-west-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333us-west-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
111122223333eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111122223333eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
111122223333eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
111122223333eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
111122223333eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111122223333eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111122223333eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
111122223333eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
111122223333eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
111122223333eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
111122223333eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111122223333eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
111122223333eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
111122223333eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111122223333eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111122223333eu-west-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111122223333eu-west-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111122223333eu-west-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
111122223333eu-west-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111122223333eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111122223333eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
111122223333eu-west-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
111122223333eu-west-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
111122223333eu-west-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
111122223333eu-west-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
111122223333eu-west-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
111122223333eu-west-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111122223333eu-west-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
111122223333sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
111122223333sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
111122223333sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
111122223333sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111122223333sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111122223333sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111122223333sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111122223333sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111122223333sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111122223333sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
111122223333sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333sa-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111122223333sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111122223333sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111122223333sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111122223333sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111122223333sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111122223333sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111122223333sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111122223333sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111122223333sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111122223333sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111122223333sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111122223333sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
111122223333eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
111122223333eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
111122223333eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
111122223333eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
111122223333eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
111122223333eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333eu-west-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333eu-west-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
111122223333eu-west-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
111122223333eu-west-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
111122223333eu-west-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
111122223333eu-west-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
111122223333eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
111122223333eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
111122223333eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
111122223333eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
111122223333eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111122223333eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111122223333eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111122223333eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111122223333eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111122223333eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111122223333eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
111122223333eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111122223333eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111122223333eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111122223333eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111122223333eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111122223333eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111122223333eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111122223333eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111122223333eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111122223333eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111122223333eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111122223333eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111122223333eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111122223333eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333us-east-1FS-01AWS Shield Advanced Not EnabledAWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.1. Subscribe to AWS Shield Advanced for DDoS protection. +2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection. +3. Enable Shield Response Team (SRT) access and configure proactive engagement. +4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.LowFailed
111122223333us-west-2FS-01AWS Shield Advanced Not EnabledAWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.1. Subscribe to AWS Shield Advanced for DDoS protection. +2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection. +3. Enable Shield Response Team (SRT) access and configure proactive engagement. +4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.LowFailed
111122223333us-east-1FS-01No Regional WAF Web ACLs FoundNo AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP). +2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock. +3. Add AWS Managed Rules for known bad inputs.MediumFailed
111122223333us-west-2FS-01No Regional WAF Web ACLs FoundNo AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP). +2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock. +3. Add AWS Managed Rules for known bad inputs.MediumFailed
111122223333us-east-1FS-02API Gateway Usage Plans Missing ThrottleUsage plans without throttling: myAskMeAnything-UsagePlan. Unbounded API calls can exhaust Bedrock token quotas and inflate costs.Set rateLimit and burstLimit on all usage plans associated with GenAI API stages. Consider per-consumer API keys with individual quotas.MediumFailed
111122223333us-west-2FS-02API Gateway Usage Plans Missing ThrottleUsage plans without throttling: myAskMeAnything-UsagePlan. Unbounded API calls can exhaust Bedrock token quotas and inflate costs.Set rateLimit and burstLimit on all usage plans associated with GenAI API stages. Consider per-consumer API keys with individual quotas.MediumFailed
111122223333us-east-1FS-03Bedrock Token Quotas CustomizedFound 236 Bedrock token-based quota(s); at least one applied value exceeds the AWS default, indicating quotas have been reviewed and raised.No action required. Periodically re-review quotas against expected peak load.MediumPassed
111122223333us-west-2FS-03Bedrock Token Quotas CustomizedFound 236 Bedrock token-based quota(s); at least one applied value exceeds the AWS default, indicating quotas have been reviewed and raised.No action required. Periodically re-review quotas against expected peak load.MediumPassed
111122223333us-east-1FS-04No Cost Anomaly Detection MonitorsNo AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker. +2. Configure alert subscriptions (SNS/email) for anomalies above threshold. +3. Set daily spend budgets with AWS Budgets as a secondary control.MediumFailed
111122223333us-west-2FS-04No Cost Anomaly Detection MonitorsNo AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker. +2. Configure alert subscriptions (SNS/email) for anomalies above threshold. +3. Set daily spend budgets with AWS Budgets as a secondary control.MediumFailed
111122223333us-east-1FS-05No Bedrock CloudWatch Alarms FoundNo CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Create CloudWatch alarms for: +- AWS/Bedrock InvocationThrottles (threshold > 0) +- AWS/Bedrock TokensProcessed (threshold based on quota) +- Custom application-level token counters via EMFMediumFailed
111122223333us-west-2FS-05No Bedrock CloudWatch Alarms FoundNo CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Create CloudWatch alarms for: +- AWS/Bedrock InvocationThrottles (threshold > 0) +- AWS/Bedrock TokensProcessed (threshold based on quota) +- Custom application-level token counters via EMFMediumFailed
111122223333us-east-1FS-06No AI/ML Service Budgets ConfiguredNo AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds. +2. Add SNS notifications to on-call channels. +3. Consider budget actions to apply IAM deny policies when thresholds are breached.MediumFailed
111122223333us-west-2FS-06No AI/ML Service Budgets ConfiguredNo AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds. +2. Add SNS notifications to on-call channels. +3. Consider budget actions to apply IAM deny policies when thresholds are breached.MediumFailed
111122223333us-east-1FS-07Agent Action Boundary CheckNo Bedrock agents found.No action required.InformationalN/A
111122223333us-west-2FS-07Agent Action Boundary CheckNo Bedrock agents found.No action required.InformationalN/A
111122223333us-east-1FS-08AgentCore Runtimes Missing Policy EngineRuntimes without authorizer configuration: origami_expeditions, neoCyan_Agent, customer_support_agent, cdk_agent_core, awsapimcpserver. Without a policy engine, agents can invoke any registered tool without authorization checks.Configure an authorizer (Lambda or Cedar policy store) on each AgentCore runtime to enforce fine-grained tool-call authorization.HighFailed
111122223333us-west-2FS-08AgentCore Runtimes Missing Policy EngineRuntimes without authorizer configuration: origami_expeditions, neoCyan_Agent, customer_support_agent, cdk_agent_core, awsapimcpserver. Without a policy engine, agents can invoke any registered tool without authorization checks.Configure an authorizer (Lambda or Cedar policy store) on each AgentCore runtime to enforce fine-grained tool-call authorization.HighFailed
111122223333us-east-1FS-09Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-111122223333-FinServAssessment, resco-aiml-IAMPermissionCaching, aiml-security-aiml-security-111122223333-SagemakerAssessment, resco-aiml-CleanupBucket, aiml-security-aiml-security-111122223333-BedrockAssessment, resco-aiml-BedrockAssessment, aiml-security-aiml-security-111122223333-CleanupBucket, aiml-security-aiml-security-111122223333-AgentCoreAssessment, e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Unlimited concurrency allows runaway agent loops to exhaust account limits.1. Set reserved concurrency on agent Lambda functions. +2. Implement maximum iteration counts in agent orchestration logic. +3. Use Step Functions with MaxConcurrency and timeout states. +4. Add circuit-breaker patterns to agent tool invocations.MediumFailed
111122223333us-west-2FS-09Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-111122223333-FinServAssessment, resco-aiml-IAMPermissionCaching, aiml-security-aiml-security-111122223333-SagemakerAssessment, resco-aiml-CleanupBucket, aiml-security-aiml-security-111122223333-BedrockAssessment, resco-aiml-BedrockAssessment, aiml-security-aiml-security-111122223333-CleanupBucket, aiml-security-aiml-security-111122223333-AgentCoreAssessment, e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Unlimited concurrency allows runaway agent loops to exhaust account limits.1. Set reserved concurrency on agent Lambda functions. +2. Implement maximum iteration counts in agent orchestration logic. +3. Use Step Functions with MaxConcurrency and timeout states. +4. Add circuit-breaker patterns to agent tool invocations.MediumFailed
111122223333us-east-1FS-10Human-in-the-Loop Check — No Agent Workflows FoundNo Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.InformationalN/A
111122223333us-west-2FS-10Human-in-the-Loop Check — No Agent Workflows FoundNo Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.InformationalN/A
111122223333us-east-1FS-11No Agent Rate Alarms FoundNo CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.Create CloudWatch alarms on: +- Bedrock agent invocation counts (threshold based on expected max) +- Lambda invocation errors for agent functions +- Step Functions execution failures and timeoutsMediumFailed
111122223333us-west-2FS-11No Agent Rate Alarms FoundNo CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.Create CloudWatch alarms on: +- Bedrock agent invocation counts (threshold based on expected max) +- Lambda invocation errors for agent functions +- Step Functions execution failures and timeoutsMediumFailed
111122223333us-east-1FS-12No Bedrock-Scoped SCPs FoundNo Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list. +2. Use bedrock:ModelId condition key to allowlist approved models. +3. Maintain a model inventory and update the SCP when models are approved/retired.HighFailed
111122223333us-west-2FS-12No Bedrock-Scoped SCPs FoundNo Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list. +2. Use bedrock:ModelId condition key to allowlist approved models. +3. Maintain a model inventory and update the SCP when models are approved/retired.HighFailed
111122223333us-east-1FS-13Model Provenance Tags PresentAll reviewed models have required provenance tags.No action required.MediumPassed
111122223333us-west-2FS-13Model Provenance Tags PresentAll reviewed models have required provenance tags.No action required.MediumPassed
111122223333us-east-1FS-14Model Governance Config Rules PresentFound 11 model-related Config rule(s).No action required.MediumPassed
111122223333us-west-2FS-14Model Governance Config Rules PresentFound 11 model-related Config rule(s).No action required.MediumPassed
111122223333us-east-1FS-15No Bedrock Evaluation Jobs FoundNo Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.1. Run Bedrock Model Evaluation with adversarial/red-team datasets. +2. Use FMEval library for automated robustness testing. +3. Schedule periodic re-evaluation after model updates.MediumFailed
111122223333us-west-2FS-15No Bedrock Evaluation Jobs FoundNo Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.1. Run Bedrock Model Evaluation with adversarial/red-team datasets. +2. Use FMEval library for automated robustness testing. +3. Schedule periodic re-evaluation after model updates.MediumFailed
111122223333us-east-1FS-16ECR Repositories Without Image Scanning4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111122223333-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.HighFailed
111122223333us-west-2FS-16ECR Repositories Without Image Scanning4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111122223333-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.HighFailed
111122223333us-east-1FS-20No SageMaker Feature Groups FoundNo SageMaker Feature Store groups found.No action required.InformationalN/A
111122223333us-west-2FS-20No SageMaker Feature Groups FoundNo SageMaker Feature Store groups found.No action required.InformationalN/A
111122223333us-east-1FS-21Training Data Buckets Without Versioning13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111122223333-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111122223333-huo1mvme4t.Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning.HighFailed
111122223333us-west-2FS-21Training Data Buckets Without Versioning13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111122223333-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111122223333-huo1mvme4t.Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning.HighFailed
111122223333us-east-1FS-22Overly Permissive Knowledge Base IAM Roles827 role(s) with wildcard KB permissions: +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'Admin' allows '*' +- Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*' +- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'Agentic-AI-MCP-Strands-SDK-Works-VSCodeInstanceRole-NCTUnlnRBFO6' allows '*' +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocationJobs' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock:* with specific actions such as bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.HighFailed
111122223333us-west-2FS-22Overly Permissive Knowledge Base IAM Roles827 role(s) with wildcard KB permissions: +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'Admin' allows '*' +- Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*' +- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'Agentic-AI-MCP-Strands-SDK-Works-VSCodeInstanceRole-NCTUnlnRBFO6' allows '*' +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocationJobs' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock:* with specific actions such as bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.HighFailed
111122223333us-east-1FS-24ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredFound 3 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.1. Add metadata fields (tenantId, dataClassification) to KB data sources. +2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls. +3. Validate filters in integration tests to prevent cross-tenant data leakage.InformationalN/A
111122223333us-west-2FS-24ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredFound 3 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.1. Add metadata fields (tenantId, dataClassification) to KB data sources. +2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls. +3. Validate filters in integration tests to prevent cross-tenant data leakage.InformationalN/A
111122223333us-east-1FS-25OpenSearch Serverless Encryption Policies PresentFound 5 encryption policy(ies); 5 use a customer-managed KMS key.Verify all vector store collections use customer-managed KMS keys.HighPassed
111122223333us-west-2FS-25OpenSearch Serverless Encryption Policies PresentFound 5 encryption policy(ies); 5 use a customer-managed KMS key.Verify all vector store collections use customer-managed KMS keys.HighPassed
111122223333us-east-1FS-26OpenSearch Serverless Collections Not VPC-RestrictedFound 5 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.HighFailed
111122223333us-west-2FS-26OpenSearch Serverless Collections Not VPC-RestrictedFound 5 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.HighFailed
111122223333us-east-1FS-27Contextual Grounding Enabled on GuardrailsGuardrails with contextual grounding: nist-ai-rmf-guardrail.No action required for contextual grounding. Also consider enabling Automated Reasoning checks for formal policy verification.HighPassed
111122223333us-west-2FS-27Contextual Grounding Enabled on GuardrailsGuardrails with contextual grounding: nist-ai-rmf-guardrail.No action required for contextual grounding. Also consider enabling Automated Reasoning checks for formal policy verification.HighPassed
111122223333us-east-1FS-27No Automated Reasoning Policies FoundNo Bedrock Automated Reasoning policies have been created. ARC (GA August 2025) uses formal verification to guarantee that GenAI outputs comply with authored business rules — e.g., loan criteria, regulatory thresholds, policy constraints. Without ARC policies, factual accuracy of outputs is not formally verified, only heuristically filtered by contextual grounding thresholds.1. In the Amazon Bedrock console → Guardrails → Automated Reasoning, create a policy document encoding your FinServ business rules (e.g., eligibility criteria, rate limits, regulatory thresholds). +2. Associate the ARC policy with your guardrail (automatedReasoningPolicy.policies field in CreateGuardrail/UpdateGuardrail). +3. Set confidenceThreshold on the policy to control strictness. +4. ARC requires cross-Region inference — ensure your guardrail has a guardrailProfileArn configured (crossRegionDetails in GetGuardrail response). +5. Reference: AWS Announcement — Automated Reasoning checks GA (August 2025).MediumFailed
111122223333us-west-2FS-27No Automated Reasoning Policies FoundNo Bedrock Automated Reasoning policies have been created. ARC (GA August 2025) uses formal verification to guarantee that GenAI outputs comply with authored business rules — e.g., loan criteria, regulatory thresholds, policy constraints. Without ARC policies, factual accuracy of outputs is not formally verified, only heuristically filtered by contextual grounding thresholds.1. In the Amazon Bedrock console → Guardrails → Automated Reasoning, create a policy document encoding your FinServ business rules (e.g., eligibility criteria, rate limits, regulatory thresholds). +2. Associate the ARC policy with your guardrail (automatedReasoningPolicy.policies field in CreateGuardrail/UpdateGuardrail). +3. Set confidenceThreshold on the policy to control strictness. +4. ARC requires cross-Region inference — ensure your guardrail has a guardrailProfileArn configured (crossRegionDetails in GetGuardrail response). +5. Reference: AWS Announcement — Automated Reasoning checks GA (August 2025).MediumFailed
111122223333us-east-1FS-28Denied Topics Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides broader language support and improved detection for denied topics.Verify topics cover regulated financial advice categories. For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (set topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile on the guardrail). When authoring denied-topic policies, use existing compliance materials as the source: employee policies, training materials, procedure documents, and incident reports (PDF §1.2.1 Practical guidance).HighPassed
111122223333us-west-2FS-28Denied Topics Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides broader language support and improved detection for denied topics.Verify topics cover regulated financial advice categories. For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (set topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile on the guardrail). When authoring denied-topic policies, use existing compliance materials as the source: employee policies, training materials, procedure documents, and incident reports (PDF §1.2.1 Practical guidance).HighPassed
111122223333us-east-1FS-29ADVISORY: Compliance Disclaimer — Manual Review RequiredApplication-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.1. Implement post-processing to append required disclaimers to GenAI outputs. +2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures. +3. Document disclaimer requirements in the AI use case register. +4. Test disclaimer presence in QA/UAT before production deployment.InformationalN/A
111122223333us-west-2FS-29ADVISORY: Compliance Disclaimer — Manual Review RequiredApplication-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.1. Implement post-processing to append required disclaimers to GenAI outputs. +2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures. +3. Document disclaimer requirements in the AI use case register. +4. Test disclaimer presence in QA/UAT before production deployment.InformationalN/A
111122223333us-east-1FS-30ADVISORY: Compliance Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with compliance-specific datasets: +- Fair lending test cases (ECOA, Fair Housing Act) +- UDAP/UDAAP unfair/deceptive practice scenarios +- AML/KYC edge casesInformationalN/A
111122223333us-west-2FS-30ADVISORY: Compliance Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with compliance-specific datasets: +- Fair lending test cases (ECOA, Fair Housing Act) +- UDAP/UDAAP unfair/deceptive practice scenarios +- AML/KYC edge casesInformationalN/A
111122223333us-east-1FS-31Knowledge Base Data Sources Past Review Threshold2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): +- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 722 days ago +- KB '111122223333-us-east-1-kb' source '111122223333-us-east-1-kb-datasource' last synced 199 days ago +Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. +2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. +3. Set CloudWatch alarms on sync job failures.MediumFailed
111122223333us-west-2FS-31Knowledge Base Data Sources Past Review Threshold2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): +- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 722 days ago +- KB '111122223333-us-east-1-kb' source '111122223333-us-east-1-kb-datasource' last synced 199 days ago +Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. +2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. +3. Set CloudWatch alarms on sync job failures.MediumFailed
111122223333us-east-1FS-32ADVISORY: Source Attribution — Manual Review RequiredSource attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.1. Use Bedrock RetrieveAndGenerate with citations enabled. +2. Include source document references in response post-processing. +3. Test citation accuracy in QA before production deployment. +4. Consider Bedrock Guardrails grounding checks to validate response accuracy.InformationalN/A
111122223333us-west-2FS-32ADVISORY: Source Attribution — Manual Review RequiredSource attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.1. Use Bedrock RetrieveAndGenerate with citations enabled. +2. Include source document references in response post-processing. +3. Test citation accuracy in QA before production deployment. +4. Consider Bedrock Guardrails grounding checks to validate response accuracy.InformationalN/A
111122223333us-east-1FS-33KB Data Source Buckets Without VersioningKB data source S3 buckets without versioning: 111122223333-us-east-1-kb-data-bucket.Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection.MediumFailed
111122223333us-west-2FS-33KB Data Source Buckets Without VersioningKB data source S3 buckets without versioning: 111122223333-us-east-1-kb-data-bucket.Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection.MediumFailed
111122223333us-east-1FS-34Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, anthropic.claude-opus-4-1-20250805-v1:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). +2. Migrate active usage to current model versions. +3. Document training-data cutoff dates for all models in use. +4. Add data-currency disclaimers to outputs from models with old cutoffs.InformationalN/A
111122223333us-west-2FS-34Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, anthropic.claude-opus-4-1-20250805-v1:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). +2. Migrate active usage to current model versions. +3. Document training-data cutoff dates for all models in use. +4. Add data-currency disclaimers to outputs from models with old cutoffs.InformationalN/A
111122223333us-east-1FS-35ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation or FMEval with harmful content datasets: +- Toxicity detection +- Hate speech classification +- Violence/self-harm contentInformationalN/A
111122223333us-west-2FS-35ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation or FMEval with harmful content datasets: +- Toxicity detection +- Hate speech classification +- Violence/self-harm contentInformationalN/A
111122223333us-east-1FS-36Guardrail Content Filters on CLASSIC TierGuardrails with content filters: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides improved contextual understanding, typographical error detection, 60+ language support, and better prompt-attack classification (distinguishes jailbreaks from prompt injection).Consider upgrading to STANDARD tier content filters for FinServ workloads that handle multiple languages or require higher detection accuracy. STANDARD tier requires cross-region inference (crossRegionDetails.guardrailProfileArn on the guardrail). To upgrade: update the guardrail's contentPolicy.filtersConfig.contentFiltersTierConfig with tierName=STANDARD and configure a guardrail cross-region profile.HighPassed
111122223333us-west-2FS-36Guardrail Content Filters on CLASSIC TierGuardrails with content filters: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides improved contextual understanding, typographical error detection, 60+ language support, and better prompt-attack classification (distinguishes jailbreaks from prompt injection).Consider upgrading to STANDARD tier content filters for FinServ workloads that handle multiple languages or require higher detection accuracy. STANDARD tier requires cross-region inference (crossRegionDetails.guardrailProfileArn on the guardrail). To upgrade: update the guardrail's contentPolicy.filtersConfig.contentFiltersTierConfig with tierName=STANDARD and configure a guardrail cross-region profile.HighPassed
111122223333us-east-1FS-37ADVISORY: User Feedback Mechanism — Manual Review RequiredUser feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.1. Implement thumbs-up/down or flag-for-review UI in GenAI applications. +2. Route flagged outputs to human reviewers via SQS/SNS. +3. Log feedback to DynamoDB/S3 for model improvement. +4. Define SLAs for reviewing flagged content.InformationalN/A
111122223333us-west-2FS-37ADVISORY: User Feedback Mechanism — Manual Review RequiredUser feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.1. Implement thumbs-up/down or flag-for-review UI in GenAI applications. +2. Route flagged outputs to human reviewers via SQS/SNS. +3. Log feedback to DynamoDB/S3 for model improvement. +4. Define SLAs for reviewing flagged content.InformationalN/A
111122223333us-east-1FS-38No Guardrails With Word FiltersFound 1 guardrail(s) but none have word/phrase filters. Profanity and prohibited financial terms may appear in outputs.Add word filters to guardrails: +- Enable AWS managed profanity list +- Add custom denylist for prohibited financial terms +- Add allowlist for required regulatory languageMediumFailed
111122223333us-west-2FS-38No Guardrails With Word FiltersFound 1 guardrail(s) but none have word/phrase filters. Profanity and prohibited financial terms may appear in outputs.Add word filters to guardrails: +- Enable AWS managed profanity list +- Add custom denylist for prohibited financial terms +- Add allowlist for required regulatory languageMediumFailed
111122223333us-east-1FS-39No SageMaker Clarify Bias MonitoringNo SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions. +2. Define protected attributes (age, gender, race proxies). +3. Set bias metric thresholds and alert on violations. +4. Document bias testing results for regulatory examination.HighFailed
111122223333us-west-2FS-39No SageMaker Clarify Bias MonitoringNo SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions. +2. Define protected attributes (age, gender, race proxies). +3. Set bias metric thresholds and alert on violations. +4. Document bias testing results for regulatory examination.HighFailed
111122223333us-east-1FS-40ADVISORY: Bias Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with bias test datasets: +- Demographic parity test cases +- Equal opportunity scenarios +- Counterfactual fairness testsInformationalN/A
111122223333us-west-2FS-40ADVISORY: Bias Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with bias test datasets: +- Demographic parity test cases +- Equal opportunity scenarios +- Counterfactual fairness testsInformationalN/A
111122223333us-east-1FS-41No SageMaker Clarify Explainability MonitoringNo SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).1. Configure SageMaker Clarify explainability for credit/lending models. +2. Generate SHAP values for feature importance. +3. Map top features to human-readable adverse action reason codes. +4. Store explanations for regulatory examination.HighFailed
111122223333us-west-2FS-41No SageMaker Clarify Explainability MonitoringNo SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).1. Configure SageMaker Clarify explainability for credit/lending models. +2. Generate SHAP values for feature importance. +3. Map top features to human-readable adverse action reason codes. +4. Store explanations for regulatory examination.HighFailed
111122223333us-east-1FS-42No SageMaker Model Cards FoundNo SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.1. Create SageMaker Model Cards for all production models. +2. Document: intended use, out-of-scope uses, training data, bias evaluations. +3. Include regulatory compliance attestations. +4. Review and update cards at each model version release.MediumFailed
111122223333us-west-2FS-42No SageMaker Model Cards FoundNo SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.1. Create SageMaker Model Cards for all production models. +2. Document: intended use, out-of-scope uses, training data, bias evaluations. +3. Include regulatory compliance attestations. +4. Review and update cards at each model version release.MediumFailed
111122223333us-east-1FS-43No CloudWatch Logs Data Protection PoliciesNo CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.1. Create CloudWatch Logs data protection policies to mask PII. +2. Enable masking for: SSN, credit card numbers, bank account numbers, email. +3. Apply policies to Bedrock invocation log groups. +4. Test masking with synthetic PII before production deployment.HighFailed
111122223333us-west-2FS-43No CloudWatch Logs Data Protection PoliciesNo CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.1. Create CloudWatch Logs data protection policies to mask PII. +2. Enable masking for: SSN, credit card numbers, bank account numbers, email. +3. Apply policies to Bedrock invocation log groups. +4. Test masking with synthetic PII before production deployment.HighFailed
111122223333us-east-1FS-44Amazon Macie EnabledAmazon Macie is enabled and scanning S3 buckets.Verify Macie jobs cover training data and KB data source buckets.HighPassed
111122223333us-west-2FS-44Amazon Macie EnabledAmazon Macie is enabled and scanning S3 buckets.Verify Macie jobs cover training data and KB data source buckets.HighPassed
111122223333us-east-1FS-45Guardrail PII Filters ConfiguredGuardrails with PII filters: nist-ai-rmf-guardrail.No action required.HighPassed
111122223333us-west-2FS-45Guardrail PII Filters ConfiguredGuardrails with PII filters: nist-ai-rmf-guardrail.No action required.HighPassed
111122223333us-east-1FS-46AI/ML Buckets Without Data Classification Tags18 AI/ML bucket(s) without data-classification tags: 111122223333-us-east-1-kb-data-bucket, ancbedrocklogging, ancknowledgebase, aws-streaming-data-solut-outputaccesslogsbucket8b-1o7m0kb4bafm4, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, create-customer-resources-kb-bucket-111122223333.Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule.MediumFailed
111122223333us-west-2FS-46AI/ML Buckets Without Data Classification Tags18 AI/ML bucket(s) without data-classification tags: 111122223333-us-east-1-kb-data-bucket, ancbedrocklogging, ancknowledgebase, aws-streaming-data-solut-outputaccesslogsbucket8b-1o7m0kb4bafm4, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, create-customer-resources-kb-bucket-111122223333.Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule.MediumFailed
111122223333us-east-1FS-47Guardrail Grounding Thresholds AppropriateAll 1 guardrail(s) with a GROUNDING filter have thresholds ≥0.7.No action required.HighPassed
111122223333us-west-2FS-47Guardrail Grounding Thresholds AppropriateAll 1 guardrail(s) with a GROUNDING filter have thresholds ≥0.7.No action required.HighPassed
111122223333us-east-1FS-48Active Knowledge Bases for RAG PresentFound 3 active Knowledge Base(s) for RAG grounding.No action required.MediumPassed
111122223333us-west-2FS-48Active Knowledge Bases for RAG PresentFound 3 active Knowledge Base(s) for RAG grounding.No action required.MediumPassed
111122223333us-east-1FS-49ADVISORY: Hallucination Disclaimer — Manual Review RequiredApplication-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.' +2. Implement post-processing to append disclaimers. +3. Test disclaimer presence in QA before production.InformationalN/A
111122223333us-west-2FS-49ADVISORY: Hallucination Disclaimer — Manual Review RequiredApplication-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.' +2. Implement post-processing to append disclaimers. +3. Test disclaimer presence in QA before production.InformationalN/A
111122223333us-east-1FS-50Relevance Grounding Filters PresentGuardrails with RELEVANCE grounding filters: nist-ai-rmf-guardrail.No action required.MediumPassed
111122223333us-west-2FS-50Relevance Grounding Filters PresentGuardrails with RELEVANCE grounding filters: nist-ai-rmf-guardrail.No action required.MediumPassed
111122223333us-east-1FS-51No Guardrails With Prompt Attack FiltersFound 1 guardrail(s) but none have PROMPT_ATTACK filters. Prompt injection attacks may bypass system prompts and access controls.1. Enable PROMPT_ATTACK content filter in Bedrock Guardrails. +2. Set input filter strength to HIGH. +3. Use input tags () to differentiate user inputs from developer-provided prompts — required for PROMPT_ATTACK filters to work correctly with InvokeModel/InvokeModelWithResponseStream. +4. Consider STANDARD tier (GA June 2025) for better jailbreak vs. injection classification and broader language support. +5. Implement application-level input sanitization as defense-in-depth.HighFailed
111122223333us-west-2FS-51No Guardrails With Prompt Attack FiltersFound 1 guardrail(s) but none have PROMPT_ATTACK filters. Prompt injection attacks may bypass system prompts and access controls.1. Enable PROMPT_ATTACK content filter in Bedrock Guardrails. +2. Set input filter strength to HIGH. +3. Use input tags () to differentiate user inputs from developer-provided prompts — required for PROMPT_ATTACK filters to work correctly with InvokeModel/InvokeModelWithResponseStream. +4. Consider STANDARD tier (GA June 2025) for better jailbreak vs. injection classification and broader language support. +5. Implement application-level input sanitization as defense-in-depth.HighFailed
111122223333us-east-1FS-52Bedrock Lambda Functions on Deprecated RuntimesFunctions on deprecated runtimes: e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Deprecated runtimes may use outdated boto3/SDK versions lacking security patches.1. Upgrade Lambda functions to a supported runtime — Python 3.12+, Node.js 22.x or 24.x, Java 21+, or .NET 8+. +2. Update boto3 to the latest version in Lambda layers (pin the version in requirements.txt and redeploy). +3. Enable Lambda runtime management controls for automatic minor-version updates (runtimeManagementConfig.updateRuntimeOn = 'Auto'). +4. Refer to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html for the authoritative list of supported and deprecated runtimes.MediumFailed
111122223333us-west-2FS-52Bedrock Lambda Functions on Deprecated RuntimesFunctions on deprecated runtimes: e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Deprecated runtimes may use outdated boto3/SDK versions lacking security patches.1. Upgrade Lambda functions to a supported runtime — Python 3.12+, Node.js 22.x or 24.x, Java 21+, or .NET 8+. +2. Update boto3 to the latest version in Lambda layers (pin the version in requirements.txt and redeploy). +3. Enable Lambda runtime management controls for automatic minor-version updates (runtimeManagementConfig.updateRuntimeOn = 'Auto'). +4. Refer to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html for the authoritative list of supported and deprecated runtimes.MediumFailed
111122223333us-east-1FS-53No WAF Web ACLs — Injection Rules Not ApplicableNo regional WAF Web ACLs found.Create WAF Web ACLs with injection protection rules (see FS-01).InformationalN/A
111122223333us-west-2FS-53No WAF Web ACLs — Injection Rules Not ApplicableNo regional WAF Web ACLs found.Create WAF Web ACLs with injection protection rules (see FS-01).InformationalN/A
111122223333us-east-1FS-54ADVISORY: Penetration Testing — Manual Review RequiredPenetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.1. Conduct penetration testing of GenAI applications at least annually and before major releases. +2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts. +3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it. +4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail. +5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.InformationalN/A
111122223333us-west-2FS-54ADVISORY: Penetration Testing — Manual Review RequiredPenetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.1. Conduct penetration testing of GenAI applications at least annually and before major releases. +2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts. +3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it. +4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail. +5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.InformationalN/A
111122223333us-east-1FS-55No Output Validation Functions FoundNo Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.1. Implement output validation Lambda functions in GenAI pipelines. +2. Validate output schema, length, and content before downstream use. +3. Sanitize outputs before rendering in web UIs (XSS prevention). +4. Encode outputs appropriately for the target context (HTML, SQL, JSON).MediumFailed
111122223333us-west-2FS-55No Output Validation Functions FoundNo Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.1. Implement output validation Lambda functions in GenAI pipelines. +2. Validate output schema, length, and content before downstream use. +3. Sanitize outputs before rendering in web UIs (XSS prevention). +4. Encode outputs appropriately for the target context (HTML, SQL, JSON).MediumFailed
111122223333us-east-1FS-56No WAF ACLs — XSS Prevention Not ApplicableNo regional WAF Web ACLs found.Create WAF ACLs with XSS prevention rules.InformationalN/A
111122223333us-west-2FS-56No WAF ACLs — XSS Prevention Not ApplicableNo regional WAF Web ACLs found.Create WAF ACLs with XSS prevention rules.InformationalN/A
111122223333us-east-1FS-57ADVISORY: Output Encoding — Manual Review RequiredOutput encoding practices cannot be verified via AWS APIs. Manual code review required.1. HTML-encode GenAI outputs before rendering in web UIs. +2. Use parameterized queries when GenAI output is used in database operations. +3. JSON-encode outputs before embedding in JavaScript contexts. +4. Validate output length and format before passing to downstream APIs.InformationalN/A
111122223333us-west-2FS-57ADVISORY: Output Encoding — Manual Review RequiredOutput encoding practices cannot be verified via AWS APIs. Manual code review required.1. HTML-encode GenAI outputs before rendering in web UIs. +2. Use parameterized queries when GenAI output is used in database operations. +3. JSON-encode outputs before embedding in JavaScript contexts. +4. Validate output length and format before passing to downstream APIs.InformationalN/A
111122223333us-east-1FS-58ADVISORY: Output Schema Validation — Manual Review RequiredFound 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.1. Use Bedrock structured output (response schemas) where supported. +2. Implement JSON schema validation on Lambda output processors. +3. Reject malformed outputs and return safe error responses. +4. Log schema validation failures to CloudWatch for monitoring.InformationalN/A
111122223333us-west-2FS-58ADVISORY: Output Schema Validation — Manual Review RequiredFound 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.1. Use Bedrock structured output (response schemas) where supported. +2. Implement JSON schema validation on Lambda output processors. +3. Reject malformed outputs and return safe error responses. +4. Log schema validation failures to CloudWatch for monitoring.InformationalN/A
111122223333us-east-1FS-59Topic Restrictions Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only; the STANDARD tier (GA June 2025) adds broader language support for off-topic detection.For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile).MediumPassed
111122223333us-west-2FS-59Topic Restrictions Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only; the STANDARD tier (GA June 2025) adds broader language support for off-topic detection.For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile).MediumPassed
111122223333us-east-1FS-60ADVISORY: Contextual Grounding for Off-Topic PreventionContextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.1. Include explicit scope instructions in system prompts. +2. Use Bedrock Guardrails relevance grounding filter. +3. Test with off-topic prompts in QA to verify rejection behavior.InformationalN/A
111122223333us-west-2FS-60ADVISORY: Contextual Grounding for Off-Topic PreventionContextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.1. Include explicit scope instructions in system prompts. +2. Use Bedrock Guardrails relevance grounding filter. +3. Test with off-topic prompts in QA to verify rejection behavior.InformationalN/A
111122223333us-east-1FS-61No Automated KB Sync Schedules DetectedFound 3 Knowledge Base(s) but no EventBridge Scheduler schedules or EventBridge rules with 'bedrock'/'knowledge' naming were found. Note: this check uses a name/target heuristic — sync automation with other naming conventions, AWS Step Functions-based orchestration, or native Bedrock API-triggered syncs (StartIngestionJob called directly) will not be detected. Verify sync automation manually if applicable.1. Use EventBridge Scheduler (the AWS-recommended approach) to create a recurring schedule (e.g., rate(1 day) or a cron expression) that triggers a Lambda function calling the Bedrock StartIngestionJob API for each data source. Classic EventBridge scheduled rules also work but are a legacy feature. +2. As of December 2024, Bedrock Knowledge Bases supports custom connectors and streaming data ingestion — use direct document ingestion (KnowledgeBaseDocuments API) for real-time updates without a full S3 sync. +3. Set sync frequency based on data currency requirements (e.g., hourly for market data, daily for regulatory guidance). +4. Configure CloudWatch alarms or SNS notifications on IngestionJob FAILED status for sync failure alerting.MediumFailed
111122223333us-west-2FS-61No Automated KB Sync Schedules DetectedFound 3 Knowledge Base(s) but no EventBridge Scheduler schedules or EventBridge rules with 'bedrock'/'knowledge' naming were found. Note: this check uses a name/target heuristic — sync automation with other naming conventions, AWS Step Functions-based orchestration, or native Bedrock API-triggered syncs (StartIngestionJob called directly) will not be detected. Verify sync automation manually if applicable.1. Use EventBridge Scheduler (the AWS-recommended approach) to create a recurring schedule (e.g., rate(1 day) or a cron expression) that triggers a Lambda function calling the Bedrock StartIngestionJob API for each data source. Classic EventBridge scheduled rules also work but are a legacy feature. +2. As of December 2024, Bedrock Knowledge Bases supports custom connectors and streaming data ingestion — use direct document ingestion (KnowledgeBaseDocuments API) for real-time updates without a full S3 sync. +3. Set sync frequency based on data currency requirements (e.g., hourly for market data, daily for regulatory guidance). +4. Configure CloudWatch alarms or SNS notifications on IngestionJob FAILED status for sync failure alerting.MediumFailed
111122223333us-east-1FS-62ADVISORY: Data Currency Disclaimer — Manual Review RequiredData currency disclaimers cannot be verified via AWS APIs. Manual review required.1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].' +2. Expose KB last sync timestamp in application responses. +3. Alert users when KB data is older than defined threshold.InformationalN/A
111122223333us-west-2FS-62ADVISORY: Data Currency Disclaimer — Manual Review RequiredData currency disclaimers cannot be verified via AWS APIs. Manual review required.1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].' +2. Expose KB last sync timestamp in application responses. +3. Alert users when KB data is older than defined threshold.InformationalN/A
111122223333us-east-1FS-63Foundation Model Lifecycle ManagementNo legacy models detected. 10 lifecycle-related Config rule(s) found.No action required.MediumPassed
111122223333us-west-2FS-63Foundation Model Lifecycle ManagementNo legacy models detected. 10 lifecycle-related Config rule(s) found.No action required.MediumPassed
111122223333us-east-1FS-65KB Data Source Buckets Missing S3 Event NotificationsThe following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: +- semiconductor-demo-9999 +- 111122223333-us-east-1-kb-data-bucket1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. +2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. +3. Integrate alerts into your security incident response workflow.MediumFailed
111122223333us-west-2FS-65KB Data Source Buckets Missing S3 Event NotificationsThe following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: +- semiconductor-demo-9999 +- 111122223333-us-east-1-kb-data-bucket1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. +2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. +3. Integrate alerts into your security incident response workflow.MediumFailed
111122223333us-east-1FS-66AgentCore Runtimes Missing End-User Identity PropagationThe following runtimes have no JWT or IAM authorizer configured for end-user identity propagation. Tool calls are authorized only by the agent execution role, not the originating user: +- origami_expeditions +- neoCyan_Agent +- customer_support_agent +- cdk_agent_core +- awsapimcpserver1. Configure a custom JWT authorizer or IAM authorizer on each AgentCore runtime. +2. Propagate the end-user's identity token to downstream tool services. +3. Ensure tool services validate the propagated identity before executing actions. +4. Do not expose propagated identity tokens to unauthorized third parties.HighFailed
111122223333us-west-2FS-66AgentCore Runtimes Missing End-User Identity PropagationThe following runtimes have no JWT or IAM authorizer configured for end-user identity propagation. Tool calls are authorized only by the agent execution role, not the originating user: +- origami_expeditions +- neoCyan_Agent +- customer_support_agent +- cdk_agent_core +- awsapimcpserver1. Configure a custom JWT authorizer or IAM authorizer on each AgentCore runtime. +2. Propagate the end-user's identity token to downstream tool services. +3. Ensure tool services validate the propagated identity before executing actions. +4. Do not expose propagated identity tokens to unauthorized third parties.HighFailed
111122223333us-east-1FS-67Agent Action-Group Lambdas May Lack Transaction ThresholdsThe following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: +- aiml-security-aiml-security-111122223333-FinServAssessment +- aiml-security-aiml-security-111122223333-BedrockAssessment +- resco-aiml-BedrockAssessment +- aiml-security-aiml-security-111122223333-AgentCoreAssessment +- e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk +- e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII +- resco-aiml-AgentCoreAssessment1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. +2. Implement threshold enforcement logic in the Lambda handler. +3. Configure AgentCore Policy Engine rules to cap financial transaction amounts. +4. Route transactions exceeding thresholds to a human-in-the-loop approval step.HighFailed
111122223333us-west-2FS-67Agent Action-Group Lambdas May Lack Transaction ThresholdsThe following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: +- aiml-security-aiml-security-111122223333-FinServAssessment +- aiml-security-aiml-security-111122223333-BedrockAssessment +- resco-aiml-BedrockAssessment +- aiml-security-aiml-security-111122223333-AgentCoreAssessment +- e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk +- e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII +- resco-aiml-AgentCoreAssessment1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. +2. Implement threshold enforcement logic in the Lambda handler. +3. Configure AgentCore Policy Engine rules to cap financial transaction amounts. +4. Route transactions exceeding thresholds to a human-in-the-loop approval step.HighFailed
111122223333us-east-1FS-68API Gateway Request Body Size Limits Not EnforcedFound 3 REST API(s) and 0 regional WAF Web ACL(s), but none enforce a maximum request-body size. Note: an API Gateway request validator does NOT cap body size (it validates the schema and required params; the REST limit is a fixed 10 MB), and a WAF body SizeConstraint only inspects the first ~16 KB of the body by default. Oversized prompts can exhaust Bedrock token quotas and inflate costs.1. Add a maxLength (or maxItems/maxProperties) bound to the request-body JSON-Schema model used by your request validator, so oversized prompts are rejected with a 400. +2. Add a WAF SizeConstraintStatement on the request Body sized within WAF's body-inspection window (default 16 KB; raise via the web ACL AssociationConfig, or set OversizeHandling=MATCH to block bodies beyond the window), and associate the ACL with the API stage. +3. Set the max_tokens parameter in Bedrock API calls to cap output length. +4. Implement client-side token counting before submitting requests.MediumFailed
111122223333us-west-2FS-68API Gateway Request Body Size Limits Not EnforcedFound 3 REST API(s) and 0 regional WAF Web ACL(s), but none enforce a maximum request-body size. Note: an API Gateway request validator does NOT cap body size (it validates the schema and required params; the REST limit is a fixed 10 MB), and a WAF body SizeConstraint only inspects the first ~16 KB of the body by default. Oversized prompts can exhaust Bedrock token quotas and inflate costs.1. Add a maxLength (or maxItems/maxProperties) bound to the request-body JSON-Schema model used by your request validator, so oversized prompts are rejected with a 400. +2. Add a WAF SizeConstraintStatement on the request Body sized within WAF's body-inspection window (default 16 KB; raise via the web ACL AssociationConfig, or set OversizeHandling=MATCH to block bodies beyond the window), and associate the ACL with the API stage. +3. Set the max_tokens parameter in Bedrock API calls to cap output length. +4. Implement client-side token counting before submitting requests.MediumFailed
111122223333us-east-1FS-69Prompt Input Validation Functions PresentFound 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111122223333-CleanupBucket.Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.MediumPassed
111122223333us-west-2FS-69Prompt Input Validation Functions PresentFound 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111122223333-CleanupBucket.Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.MediumPassed
111122223333eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
111122223333ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
111122223333sa-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
444455556666ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
444455556666ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
444455556666ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
444455556666ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
444455556666ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
444455556666ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
444455556666ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
444455556666ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
444455556666ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
444455556666ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
444455556666ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666us-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666us-west-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-west-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666sa-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
444455556666ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
444455556666ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
444455556666ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
444455556666ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
444455556666ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
444455556666ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
444455556666ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
444455556666ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
444455556666ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
444455556666ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
444455556666ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
444455556666ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
444455556666ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
444455556666GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
444455556666GlobalBR-03Marketplace Subscription Access CheckNo identities found with overly permissive marketplace subscription accessNo action requiredMediumPassed
444455556666us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666us-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666GlobalBR-15Cross-Account Guardrails Enforcement CheckCheck must run in AWS Organizations management account to evaluate organizational policiesRun assessment in management account to check cross-account guardrails enforcementMediumN/A
444455556666us-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666us-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666us-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666us-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666us-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666us-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666us-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666us-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666us-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666us-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666us-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666us-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666us-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666us-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666us-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
444455556666us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
444455556666GlobalAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Check must run in AWS Organizations management account to evaluate organizational policiesUse IAM and organization controls to require approved guardrails for model and agent invocations where supported.InformationalN/A
444455556666us-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
444455556666us-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
444455556666us-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
444455556666us-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
444455556666us-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
444455556666us-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
444455556666us-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
444455556666us-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
444455556666us-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
444455556666us-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
444455556666us-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
444455556666us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-west-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
444455556666us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
444455556666us-west-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
444455556666us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-west-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
444455556666us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
444455556666us-west-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
444455556666us-west-2AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-west-2AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-west-2AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-west-2AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
444455556666us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
444455556666us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
444455556666us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
444455556666us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
444455556666us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
444455556666sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
444455556666sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
444455556666sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
444455556666sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
444455556666sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
444455556666sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
444455556666sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
444455556666sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
444455556666sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
444455556666sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
444455556666sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
444455556666eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666eu-west-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
444455556666eu-west-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
444455556666eu-west-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
444455556666eu-west-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
444455556666eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
444455556666eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
444455556666eu-west-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
444455556666eu-west-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
444455556666eu-west-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
444455556666eu-west-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
444455556666eu-west-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
444455556666eu-west-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
444455556666eu-west-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
444455556666GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access foundNo action requiredHighPassed
444455556666GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (82 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
444455556666GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Review and remove unused AgentCore permissions following least privilege principleInformationalN/A
444455556666GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
444455556666us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
444455556666us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
444455556666us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
444455556666us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
444455556666us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
444455556666us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
444455556666us-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666us-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: No roles with overly permissive AgentCore access foundReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighPassed
444455556666GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (82 days)Remove or restrict stale AgentCore permissions for principals that no longer need access.MediumFailed
444455556666GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Remove or restrict stale AgentCore permissions for principals that no longer need access.InformationalN/A
444455556666us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
444455556666us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
444455556666us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
444455556666us-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
444455556666us-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
444455556666us-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666us-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
444455556666eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
444455556666eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
444455556666eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
444455556666eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
444455556666eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
444455556666eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
444455556666eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666eu-west-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666eu-west-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
444455556666eu-west-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
444455556666eu-west-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
444455556666eu-west-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
444455556666eu-west-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
444455556666eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
444455556666eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
444455556666eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
444455556666eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
444455556666eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
444455556666eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
444455556666eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
444455556666eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
444455556666eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
444455556666eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
444455556666eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
444455556666eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
444455556666eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
444455556666eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
444455556666eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
444455556666eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
444455556666eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
444455556666eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
444455556666eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
444455556666eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
444455556666eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
444455556666eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
444455556666GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredHighPassed
444455556666us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
444455556666us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
444455556666us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
444455556666us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
444455556666us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
444455556666us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
444455556666us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
444455556666us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
444455556666us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
444455556666us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
444455556666us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
444455556666us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
444455556666us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
444455556666us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
444455556666us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
444455556666us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
444455556666us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
444455556666us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
444455556666us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
444455556666us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
444455556666us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
444455556666ap-south-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
444455556666ap-south-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666ap-south-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
444455556666ap-south-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666ap-south-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
444455556666ap-south-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
444455556666ap-south-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
444455556666ap-south-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
444455556666ap-south-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
444455556666ap-south-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
444455556666ap-south-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666ap-south-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666ap-south-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
444455556666ap-south-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
444455556666ap-south-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
444455556666ap-south-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
444455556666ap-south-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
444455556666ap-south-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
444455556666ap-south-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
444455556666ap-south-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
444455556666ap-south-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
444455556666ap-south-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
444455556666ap-south-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
444455556666ap-south-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
444455556666ap-south-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
444455556666sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666sa-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666sa-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666sa-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666sa-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666sa-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666sa-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666sa-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
444455556666sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
444455556666sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
444455556666sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
444455556666sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
444455556666sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
444455556666sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
444455556666sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
444455556666sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
444455556666sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
444455556666sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
444455556666sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
444455556666sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
444455556666sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
444455556666sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
444455556666sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
444455556666sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
444455556666sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
444455556666sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
444455556666sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
444455556666sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
444455556666sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
444455556666sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666sa-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
444455556666sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
444455556666sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
444455556666sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
444455556666sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
444455556666sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
444455556666sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
444455556666sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
444455556666sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
444455556666sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
444455556666sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
444455556666sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
444455556666sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
444455556666us-west-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
444455556666us-west-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666us-west-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
444455556666us-west-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666us-west-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
444455556666us-west-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
444455556666us-west-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
444455556666us-west-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
444455556666us-west-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
444455556666us-west-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
444455556666us-west-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666us-west-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
444455556666us-west-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
444455556666us-west-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
444455556666us-west-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
444455556666us-west-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
444455556666us-west-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
444455556666us-west-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
444455556666us-west-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
444455556666us-west-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
444455556666us-west-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
444455556666us-west-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
444455556666us-west-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
444455556666us-west-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
444455556666us-west-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666us-west-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666us-west-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
444455556666us-west-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666us-west-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666us-west-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666us-west-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666us-west-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666us-west-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666us-west-2BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666us-west-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666us-west-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666us-west-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666us-west-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666us-west-2BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-west-2BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666us-west-2BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666us-west-2BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666us-west-2BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666us-west-2BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666us-west-2BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666us-west-2BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666us-west-2BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
444455556666us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
444455556666us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
444455556666us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
444455556666us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
444455556666us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
444455556666us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
444455556666us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
444455556666us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
444455556666us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
444455556666us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
444455556666us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
444455556666us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
777788889999ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
777788889999ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
777788889999ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
777788889999ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
777788889999ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
777788889999ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
777788889999ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
777788889999ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
777788889999ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
777788889999ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
777788889999ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
777788889999ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
777788889999sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
777788889999sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
777788889999sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
777788889999sa-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
777788889999sa-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
777788889999sa-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
777788889999sa-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
777788889999sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
777788889999sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
777788889999sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
777788889999sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
777788889999sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
777788889999sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
777788889999sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
777788889999sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
777788889999sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
777788889999sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
777788889999sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
777788889999sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
777788889999sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
777788889999sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
777788889999sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
777788889999sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
777788889999sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
777788889999sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
777788889999sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
777788889999sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
777788889999sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
777788889999sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
777788889999sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
777788889999sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
777788889999sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
777788889999sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
777788889999sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
777788889999us-east-1FS-01AWS Shield Advanced Not EnabledAWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.1. Subscribe to AWS Shield Advanced for DDoS protection. +2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection. +3. Enable Shield Response Team (SRT) access and configure proactive engagement. +4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.LowFailed
777788889999us-east-1FS-01No Regional WAF Web ACLs FoundNo AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP). +2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock. +3. Add AWS Managed Rules for known bad inputs.MediumFailed
777788889999us-east-1FS-02No API Gateway Usage Plans FoundNo usage plans configured. GenAI API endpoints may have no rate limits.Create API Gateway usage plans with throttle settings (rateLimit and burstLimit) for all Bedrock-facing APIs.InformationalN/A
777788889999us-east-1FS-03Bedrock Token Quotas CustomizedFound 236 Bedrock token-based quota(s); at least one applied value exceeds the AWS default, indicating quotas have been reviewed and raised.No action required. Periodically re-review quotas against expected peak load.MediumPassed
777788889999us-east-1FS-04No Cost Anomaly Detection MonitorsNo AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker. +2. Configure alert subscriptions (SNS/email) for anomalies above threshold. +3. Set daily spend budgets with AWS Budgets as a secondary control.MediumFailed
777788889999us-east-1FS-05No Bedrock CloudWatch Alarms FoundNo CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Create CloudWatch alarms for: +- AWS/Bedrock InvocationThrottles (threshold > 0) +- AWS/Bedrock TokensProcessed (threshold based on quota) +- Custom application-level token counters via EMFMediumFailed
777788889999us-east-1FS-06No AI/ML Service Budgets ConfiguredNo AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds. +2. Add SNS notifications to on-call channels. +3. Consider budget actions to apply IAM deny policies when thresholds are breached.MediumFailed
777788889999us-east-1FS-07Agent Action Boundaries Look AppropriateReviewed 1 agent(s); no wildcard sensitive actions found.No action required.HighPassed
777788889999us-east-1FS-08No AgentCore Runtimes FoundNo AgentCore runtimes found; policy engine check not applicable.If using AgentCore, configure the Policy Engine to authorize tool calls.InformationalN/A
777788889999us-east-1FS-09Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-mgmt-FinServAssessment, aiml-sec-test-resources-SageMakerJobCustomResource-ZA5QCAi0pN3d, AIMLSecurityAssessment-CodeBuildStartBuildLambda-VYOqtzWoNo3m, aiml-security-aiml-security-mgmt-CleanupBucket, aiml-security-aiml-security-mgmt-SagemakerAssessment, aiml-security-aiml-security-mgmt-GenerateReport, aiml-security-aiml-security-mgmt-IAMPermissionCaching, aiml-security-aiml-security-mgmt-AgentCoreAssessment, aiml-security-aiml-security-mgmt-BedrockAssessment, aiml-security-aiml-security-mgmt-ResolveRegions. Unlimited concurrency allows runaway agent loops to exhaust account limits.1. Set reserved concurrency on agent Lambda functions. +2. Implement maximum iteration counts in agent orchestration logic. +3. Use Step Functions with MaxConcurrency and timeout states. +4. Add circuit-breaker patterns to agent tool invocations.MediumFailed
777788889999us-east-1FS-10Human-in-the-Loop Check — No Agent Workflows FoundNo Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.InformationalN/A
777788889999us-east-1FS-11No Agent Rate Alarms FoundNo CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.Create CloudWatch alarms on: +- Bedrock agent invocation counts (threshold based on expected max) +- Lambda invocation errors for agent functions +- Step Functions execution failures and timeoutsMediumFailed
777788889999us-east-1FS-12No Bedrock-Scoped SCPs FoundNo Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list. +2. Use bedrock:ModelId condition key to allowlist approved models. +3. Maintain a model inventory and update the SCP when models are approved/retired.HighFailed
777788889999us-east-1FS-13Models Missing Provenance Tags2 model(s) missing required provenance tags: +- SageMaker model 'SageMakerModelWithIsolation-JASFpUHjajdk' missing tags: {'version', 'approval-date', 'source'} +- SageMaker model 'SageMakerModelNoIsolation-yQ7EpJeL7pgI' missing tags: {'version', 'approval-date', 'source'}Tag all models with: source (e.g., 'aws-marketplace', 'internal'), version, and approval-date. Enforce tagging via SCP or AWS Config rule.MediumFailed
777788889999us-east-1FS-14Model Governance Config Rules PresentFound 13 model-related Config rule(s).No action required.MediumPassed
777788889999us-east-1FS-15No Bedrock Evaluation Jobs FoundNo Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.1. Run Bedrock Model Evaluation with adversarial/red-team datasets. +2. Use FMEval library for automated robustness testing. +3. Schedule periodic re-evaluation after model updates.MediumFailed
777788889999us-east-1FS-16ECR Repositories Without Image Scanning2 ECR repo(s) without scan-on-push: cdk-hnb659fds-container-assets-777788889999-us-east-1, aiml-sec-test-agentcore-no-encryption.Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.HighFailed
777788889999us-east-1FS-20Feature Groups Without Offline Store1 feature group(s) lack an active offline store: aiml-sec-test-feature-group. Without offline store, historical feature data cannot be used for rollback.1. Enable offline store (S3-backed) for all production feature groups. +2. Enable S3 versioning on the offline store bucket. +3. Document rollback procedures for poisoned feature data.MediumFailed
777788889999us-east-1FS-21Training Data Buckets Have VersioningAll 2 training bucket(s) have versioning enabled.No action required.HighPassed
777788889999us-east-1FS-22Overly Permissive Knowledge Base IAM Roles823 role(s) with wildcard KB permissions: +- Role 'Admin' allows '*' +- Role 'aiml-sec-test-resources-BedrockAgentRole-RScmoTZfp2sC' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockAgentRole-RScmoTZfp2sC' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockAgentRoleWithoutGuar-Z3kN5ANhP89G' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockAgentRoleWithoutGuar-Z3kN5ANhP89G' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a' allows 'bedrock:*' +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:ListModelInvocationJobs' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:GetModelInvocationLoggingConfiguration' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock:* with specific actions such as bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.HighFailed
777788889999us-east-1FS-24ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredFound 1 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.1. Add metadata fields (tenantId, dataClassification) to KB data sources. +2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls. +3. Validate filters in integration tests to prevent cross-tenant data leakage.InformationalN/A
777788889999us-east-1FS-25OpenSearch Serverless Encryption Policies PresentFound 1 encryption policy(ies); 1 use a customer-managed KMS key.Verify all vector store collections use customer-managed KMS keys.HighPassed
777788889999us-east-1FS-26OpenSearch Serverless Collections Not VPC-RestrictedFound 1 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.HighFailed
777788889999us-east-1FS-27COULD NOT ASSESS: Guardrail Contextual Grounding CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-27No Automated Reasoning Policies FoundNo Bedrock Automated Reasoning policies have been created. ARC (GA August 2025) uses formal verification to guarantee that GenAI outputs comply with authored business rules — e.g., loan criteria, regulatory thresholds, policy constraints. Without ARC policies, factual accuracy of outputs is not formally verified, only heuristically filtered by contextual grounding thresholds.1. In the Amazon Bedrock console → Guardrails → Automated Reasoning, create a policy document encoding your FinServ business rules (e.g., eligibility criteria, rate limits, regulatory thresholds). +2. Associate the ARC policy with your guardrail (automatedReasoningPolicy.policies field in CreateGuardrail/UpdateGuardrail). +3. Set confidenceThreshold on the policy to control strictness. +4. ARC requires cross-Region inference — ensure your guardrail has a guardrailProfileArn configured (crossRegionDetails in GetGuardrail response). +5. Reference: AWS Announcement — Automated Reasoning checks GA (August 2025).MediumFailed
777788889999us-east-1FS-28COULD NOT ASSESS: Financial Denied Topics CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-29ADVISORY: Compliance Disclaimer — Manual Review RequiredApplication-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.1. Implement post-processing to append required disclaimers to GenAI outputs. +2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures. +3. Document disclaimer requirements in the AI use case register. +4. Test disclaimer presence in QA/UAT before production deployment.InformationalN/A
777788889999us-east-1FS-30ADVISORY: Compliance Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with compliance-specific datasets: +- Fair lending test cases (ECOA, Fair Housing Act) +- UDAP/UDAAP unfair/deceptive practice scenarios +- AML/KYC edge casesInformationalN/A
777788889999us-east-1FS-31Knowledge Base Data Sources Past Review Threshold1 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): +- KB 'knowledge-base-prowler-findings' source 'knowledge-base-quick-start-9lb68-data-source' last synced 423 days ago +Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. +2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. +3. Set CloudWatch alarms on sync job failures.MediumFailed
777788889999us-east-1FS-32ADVISORY: Source Attribution — Manual Review RequiredSource attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.1. Use Bedrock RetrieveAndGenerate with citations enabled. +2. Include source document references in response post-processing. +3. Test citation accuracy in QA before production deployment. +4. Consider Bedrock Guardrails grounding checks to validate response accuracy.InformationalN/A
777788889999us-east-1FS-33KB Data Source Buckets Have VersioningAll reviewed KB data source buckets have versioning enabled.No action required.MediumPassed
777788889999us-east-1FS-34Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, anthropic.claude-opus-4-1-20250805-v1:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). +2. Migrate active usage to current model versions. +3. Document training-data cutoff dates for all models in use. +4. Add data-currency disclaimers to outputs from models with old cutoffs.InformationalN/A
777788889999us-east-1FS-35ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation or FMEval with harmful content datasets: +- Toxicity detection +- Hate speech classification +- Violence/self-harm contentInformationalN/A
777788889999us-east-1FS-36COULD NOT ASSESS: Guardrail Content Filters CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-37ADVISORY: User Feedback Mechanism — Manual Review RequiredUser feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.1. Implement thumbs-up/down or flag-for-review UI in GenAI applications. +2. Route flagged outputs to human reviewers via SQS/SNS. +3. Log feedback to DynamoDB/S3 for model improvement. +4. Define SLAs for reviewing flagged content.InformationalN/A
777788889999us-east-1FS-38COULD NOT ASSESS: Guardrail Word Filters CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-39No SageMaker Clarify Bias MonitoringNo SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions. +2. Define protected attributes (age, gender, race proxies). +3. Set bias metric thresholds and alert on violations. +4. Document bias testing results for regulatory examination.HighFailed
777788889999us-east-1FS-40ADVISORY: Bias Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with bias test datasets: +- Demographic parity test cases +- Equal opportunity scenarios +- Counterfactual fairness testsInformationalN/A
777788889999us-east-1FS-41No SageMaker Clarify Explainability MonitoringNo SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).1. Configure SageMaker Clarify explainability for credit/lending models. +2. Generate SHAP values for feature importance. +3. Map top features to human-readable adverse action reason codes. +4. Store explanations for regulatory examination.HighFailed
777788889999us-east-1FS-42No SageMaker Model Cards FoundNo SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.1. Create SageMaker Model Cards for all production models. +2. Document: intended use, out-of-scope uses, training data, bias evaluations. +3. Include regulatory compliance attestations. +4. Review and update cards at each model version release.MediumFailed
777788889999us-east-1FS-43No CloudWatch Logs Data Protection PoliciesNo CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.1. Create CloudWatch Logs data protection policies to mask PII. +2. Enable masking for: SSN, credit card numbers, bank account numbers, email. +3. Apply policies to Bedrock invocation log groups. +4. Test masking with synthetic PII before production deployment.HighFailed
777788889999us-east-1FS-44Amazon Macie Not EnabledAmazon Macie is not enabled. S3 buckets containing training data and KB data sources are not being scanned for PII/sensitive data.1. Enable Amazon Macie in all regions where AI/ML data is stored. +2. Create Macie classification jobs for training data and KB buckets. +3. Configure Macie findings to route to Security Hub and SNS. +4. Remediate PII findings before using data for model training.HighFailed
777788889999us-east-1FS-45COULD NOT ASSESS: Guardrail PII Filters CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-46AI/ML Buckets Without Data Classification Tags3 AI/ML bucket(s) without data-classification tags: aiml-sec-test-resources-bedrockloggingbucket-wtuvpinrlpmd, aiml-sec-test-resources-sagemakerbucket-6zzmxxaxco6g, aiml-security-mgmt-aimlassessmentbucket-kbitsdgexylv.Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule.MediumFailed
777788889999us-east-1FS-47COULD NOT ASSESS: Guardrail Grounding Threshold CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-48Active Knowledge Bases for RAG PresentFound 1 active Knowledge Base(s) for RAG grounding.No action required.MediumPassed
777788889999us-east-1FS-49ADVISORY: Hallucination Disclaimer — Manual Review RequiredApplication-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.' +2. Implement post-processing to append disclaimers. +3. Test disclaimer presence in QA before production.InformationalN/A
777788889999us-east-1FS-50COULD NOT ASSESS: Guardrail Relevance Grounding CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-51COULD NOT ASSESS: Prompt Injection Input Validation CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-52Bedrock Lambda Functions on Current RuntimesAll 10 Bedrock Lambda function(s) use current runtimes.No action required.MediumPassed
777788889999us-east-1FS-53No WAF Web ACLs — Injection Rules Not ApplicableNo regional WAF Web ACLs found.Create WAF Web ACLs with injection protection rules (see FS-01).InformationalN/A
777788889999us-east-1FS-54ADVISORY: Penetration Testing — Manual Review RequiredPenetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.1. Conduct penetration testing of GenAI applications at least annually and before major releases. +2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts. +3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it. +4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail. +5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.InformationalN/A
777788889999us-east-1FS-55No Output Validation Functions FoundNo Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.1. Implement output validation Lambda functions in GenAI pipelines. +2. Validate output schema, length, and content before downstream use. +3. Sanitize outputs before rendering in web UIs (XSS prevention). +4. Encode outputs appropriately for the target context (HTML, SQL, JSON).MediumFailed
777788889999us-east-1FS-56No WAF ACLs — XSS Prevention Not ApplicableNo regional WAF Web ACLs found.Create WAF ACLs with XSS prevention rules.InformationalN/A
777788889999us-east-1FS-57ADVISORY: Output Encoding — Manual Review RequiredOutput encoding practices cannot be verified via AWS APIs. Manual code review required.1. HTML-encode GenAI outputs before rendering in web UIs. +2. Use parameterized queries when GenAI output is used in database operations. +3. JSON-encode outputs before embedding in JavaScript contexts. +4. Validate output length and format before passing to downstream APIs.InformationalN/A
777788889999us-east-1FS-58ADVISORY: Output Schema Validation — Manual Review RequiredFound 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.1. Use Bedrock structured output (response schemas) where supported. +2. Implement JSON schema validation on Lambda output processors. +3. Reject malformed outputs and return safe error responses. +4. Log schema validation failures to CloudWatch for monitoring.InformationalN/A
777788889999us-east-1FS-59COULD NOT ASSESS: Guardrail Topic Allowlist CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
777788889999us-east-1FS-60ADVISORY: Contextual Grounding for Off-Topic PreventionContextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.1. Include explicit scope instructions in system prompts. +2. Use Bedrock Guardrails relevance grounding filter. +3. Test with off-topic prompts in QA to verify rejection behavior.InformationalN/A
777788889999us-east-1FS-61No Automated KB Sync Schedules DetectedFound 1 Knowledge Base(s) but no EventBridge Scheduler schedules or EventBridge rules with 'bedrock'/'knowledge' naming were found. Note: this check uses a name/target heuristic — sync automation with other naming conventions, AWS Step Functions-based orchestration, or native Bedrock API-triggered syncs (StartIngestionJob called directly) will not be detected. Verify sync automation manually if applicable.1. Use EventBridge Scheduler (the AWS-recommended approach) to create a recurring schedule (e.g., rate(1 day) or a cron expression) that triggers a Lambda function calling the Bedrock StartIngestionJob API for each data source. Classic EventBridge scheduled rules also work but are a legacy feature. +2. As of December 2024, Bedrock Knowledge Bases supports custom connectors and streaming data ingestion — use direct document ingestion (KnowledgeBaseDocuments API) for real-time updates without a full S3 sync. +3. Set sync frequency based on data currency requirements (e.g., hourly for market data, daily for regulatory guidance). +4. Configure CloudWatch alarms or SNS notifications on IngestionJob FAILED status for sync failure alerting.MediumFailed
777788889999us-east-1FS-62ADVISORY: Data Currency Disclaimer — Manual Review RequiredData currency disclaimers cannot be verified via AWS APIs. Manual review required.1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].' +2. Expose KB last sync timestamp in application responses. +3. Alert users when KB data is older than defined threshold.InformationalN/A
777788889999us-east-1FS-63Foundation Model Lifecycle ManagementNo legacy models detected. 11 lifecycle-related Config rule(s) found.No action required.MediumPassed
777788889999us-east-1FS-65KB Data Source Buckets Missing S3 Event NotificationsThe following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: +- sat2-prowler-2025-prowlerfindingsbucket-wc1k0mza7lpk1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. +2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. +3. Integrate alerts into your security incident response workflow.MediumFailed
777788889999us-east-1FS-66No AgentCore Runtimes FoundNo AgentCore runtimes found; identity propagation check not applicable.If using AgentCore, configure token propagation so end-user identities are forwarded to tool services.InformationalN/A
777788889999us-east-1FS-67Agent Action-Group Lambdas May Lack Transaction ThresholdsThe following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: +- aiml-security-aiml-security-mgmt-FinServAssessment +- aiml-security-aiml-security-mgmt-AgentCoreAssessment +- aiml-security-aiml-security-mgmt-BedrockAssessment1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. +2. Implement threshold enforcement logic in the Lambda handler. +3. Configure AgentCore Policy Engine rules to cap financial transaction amounts. +4. Route transactions exceeding thresholds to a human-in-the-loop approval step.HighFailed
777788889999us-east-1FS-68API Gateway Request Body Size Limits — Not ApplicableNo API Gateway REST APIs and no regional WAF Web ACLs were found in this region. There is no input-payload surface to assess for body-size limits.If GenAI endpoints are fronted by API Gateway or WAF in another region, run the assessment there. Otherwise no action is required.InformationalN/A
777788889999us-east-1FS-69Prompt Input Validation Functions PresentFound 1 Lambda function(s) with input validation/sanitization naming patterns: aiml-security-aiml-security-mgmt-CleanupBucket.Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.MediumPassed
777788889999us-west-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-west-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
777788889999eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
777788889999ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
777788889999sa-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
777788889999eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
777788889999eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
777788889999eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
777788889999eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
777788889999eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
777788889999eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
777788889999eu-west-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
777788889999eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
777788889999eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
777788889999eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
777788889999eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
777788889999eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
777788889999eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
777788889999eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
777788889999eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
777788889999eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
777788889999eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
777788889999eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
777788889999eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
777788889999eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
777788889999eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
777788889999eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
777788889999eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
777788889999eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
777788889999eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
777788889999eu-west-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
777788889999eu-west-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
777788889999eu-west-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
777788889999eu-west-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
777788889999eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
777788889999eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
777788889999eu-west-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
777788889999eu-west-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
777788889999eu-west-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
777788889999eu-west-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
777788889999eu-west-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
777788889999eu-west-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
777788889999eu-west-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
777788889999ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
777788889999ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
777788889999ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
777788889999ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
777788889999ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
777788889999ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
777788889999ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
777788889999ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
777788889999ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
777788889999ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
777788889999ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
777788889999ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
777788889999ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
777788889999ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
777788889999ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
777788889999ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
777788889999ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
777788889999ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
777788889999ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
777788889999ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
777788889999ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
777788889999ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
777788889999ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
777788889999ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
777788889999ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
777788889999ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
777788889999ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
777788889999ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
777788889999ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
777788889999ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
777788889999ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
777788889999ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
777788889999ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
777788889999ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
777788889999ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
777788889999us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-west-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
777788889999us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
777788889999us-west-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
777788889999us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-west-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
777788889999us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
777788889999us-west-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
777788889999us-west-2AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-west-2AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-west-2AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-west-2AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
777788889999us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
777788889999us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
777788889999us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
777788889999us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
777788889999us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
777788889999sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
777788889999sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
777788889999sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
777788889999sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
777788889999sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
777788889999sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
777788889999sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
777788889999sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
777788889999sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
777788889999sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
777788889999sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
777788889999eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
777788889999eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
777788889999eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
777788889999eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
777788889999eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
777788889999eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999eu-west-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999eu-west-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999eu-west-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
777788889999eu-west-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
777788889999eu-west-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
777788889999eu-west-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
777788889999eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
777788889999eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999GlobalAC-02AgentCore IAM Wildcard PermissionsThe following roles have wildcard AgentCore permissions on all resources: aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOVScope permissions to specific AgentCore resources using resource ARNsHighFailed
777788889999GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOV', role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Review and remove unused AgentCore permissions following least privilege principleInformationalN/A
777788889999GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
777788889999us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'aiml-sec-test-agentcore-no-encryption' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailed
777788889999us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
777788889999us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
777788889999us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
777788889999us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
777788889999us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
777788889999us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
777788889999us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
777788889999us-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999us-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
777788889999GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: The following roles have wildcard AgentCore permissions on all resources: aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOVReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighFailed
777788889999GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOV', role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Remove or restrict stale AgentCore permissions for principals that no longer need access.InformationalN/A
777788889999us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
777788889999us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
777788889999us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
777788889999us-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
777788889999us-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
777788889999us-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999us-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
777788889999ap-south-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
777788889999ap-south-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
777788889999ap-south-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
777788889999ap-south-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
777788889999ap-south-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
777788889999ap-south-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
777788889999ap-south-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
777788889999ap-south-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
777788889999ap-south-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
777788889999ap-south-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
777788889999ap-south-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999ap-south-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999ap-south-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
777788889999ap-south-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
777788889999ap-south-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
777788889999ap-south-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
777788889999ap-south-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
777788889999ap-south-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
777788889999ap-south-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
777788889999ap-south-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
777788889999ap-south-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
777788889999ap-south-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
777788889999ap-south-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
777788889999ap-south-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
777788889999ap-south-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
777788889999ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
777788889999ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
777788889999GlobalSM-02SageMaker Full Access Policy UsedRole 'aiml-sec-test-resources-SageMakerFullAccessRole-ZREdSNCErx2S' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
777788889999us-east-1SM-01Direct Internet Access EnabledSageMaker notebook instance 'aiml-sec-test-notebook-with-internet' has direct internet access enabledConfigure the notebook instance to use VPC connectivity and disable direct internet accessHighFailed
777788889999us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-ilmtsfeenavc' (aiml-sec-test-domain-fail-028e1010-52cbf970) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHighFailed
777788889999us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-cmz7ohkxxop3' (aiml-sec-test-domain-fail-fef4e7f0-bb429d11) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHighFailed
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-7zl8skw96ppk' (aiml-sec-test-domain-pass-028e1010-3dba8b08) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailed
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-ilmtsfeenavc' (aiml-sec-test-domain-fail-028e1010-52cbf970) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailed
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-uqjoi05f0zzp' (aiml-sec-test-domain-pass-fef4e7f0-51d1e898) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailed
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-cmz7ohkxxop3' (aiml-sec-test-domain-fail-fef4e7f0-bb429d11) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailed
777788889999us-east-1SM-03Missing Encryption ConfigurationNotebook Instance 'aiml-sec-test-notebook-with-internet' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
777788889999us-east-1SM-03Missing Encryption ConfigurationDomain 'aiml-sec-test-domain-fail-028e1010-52cbf970' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
777788889999us-east-1SM-03Missing Encryption ConfigurationDomain 'aiml-sec-test-domain-fail-fef4e7f0-bb429d11' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
777788889999us-east-1SM-03Missing Encryption ConfigurationTraining Job 'aiml-sec-test-training-no-encryption-028e1010-e2fb8765' - No output encryption configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
777788889999us-east-1SM-03Missing VPC EncryptionTraining Job 'aiml-sec-test-training-no-encryption-028e1010-e2fb8765' - Inter-container traffic encryption not enabledEnable encryption for inter-container traffic and VPC communicationMediumFailed
777788889999us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
777788889999us-east-1SM-05SageMaker Model Registry IssueModel group 'aiml-sec-test-model-package-group' has minimal versioningImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentLowFailed
777788889999us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
777788889999us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
777788889999us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
777788889999us-east-1SM-08Model Registry Empty Model GroupModel group aiml-sec-test-model-package-group has no registered modelsImplement proper model versioning and approval workflowsLowFailed
777788889999us-east-1SM-09SageMaker Notebook Root Access EnabledNotebook instance 'aiml-sec-test-notebook-with-internet' has root access enabled. Root access allows users to install arbitrary software, modify system configurations, and potentially escalate privileges.Disable root access by updating the notebook instance with RootAccess=Disabled. Note: Lifecycle configurations will still run with root access.HighFailed
777788889999us-east-1SM-10SageMaker Notebook Not in VPCNotebook instance 'aiml-sec-test-notebook-with-internet' is not deployed in a custom VPC. This uses SageMaker's service VPC with reduced network isolation.Create the notebook instance within a custom VPC by specifying SubnetId and SecurityGroupIds. This provides network isolation and allows use of VPC endpoints.HighFailed
777788889999us-east-1SM-11SageMaker Model Network Isolation DisabledModel 'SageMakerModelNoIsolation-yQ7EpJeL7pgI' does not have network isolation enabled. Model containers can make outbound network calls, potentially exfiltrating data.Enable network isolation by setting EnableNetworkIsolation=True when creating models. This prevents containers from making outbound network calls.HighFailed
777788889999us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
777788889999us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
777788889999us-east-1SM-14SageMaker Model Platform Repository AccessModel 'SageMakerModelWithIsolation-JASFpUHjajdk' uses Platform repository access mode. Container images are pulled from public/external registries, exposing supply chain risks.Configure RepositoryAccessMode=Vpc in ImageConfig to pull images from private ECR repositories through VPC. This provides supply chain security.MediumFailed
777788889999us-east-1SM-14SageMaker Model Platform Repository AccessModel 'SageMakerModelNoIsolation-yQ7EpJeL7pgI' uses Platform repository access mode. Container images are pulled from public/external registries, exposing supply chain risks.Configure RepositoryAccessMode=Vpc in ImageConfig to pull images from private ECR repositories through VPC. This provides supply chain security.MediumFailed
777788889999us-east-1SM-15SageMaker Feature Store Offline Encryption MissingFeature group 'aiml-sec-test-feature-group' offline store does not have KMS encryption configured. Feature data in S3 may not be encrypted with customer-managed keys.Configure KmsKeyId in OfflineStoreConfig.S3StorageConfig when creating feature groups to encrypt offline store data with customer-managed KMS keys.MediumFailed
777788889999us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
777788889999us-east-1SM-17SageMaker Processing Job Encryption CheckAll 1 processing jobs have volume encryption configuredNo action requiredMediumPassed
777788889999us-east-1SM-18SageMaker Transform Job Encryption CheckAll 1 transform jobs have volume encryption configuredNo action requiredMediumPassed
777788889999us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
777788889999us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
777788889999us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
777788889999us-east-1SM-22Model Approval Workflow CheckChecked 1 model package groups. Approval workflows appear to be properly configured.No action requiredMediumPassed
777788889999us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
777788889999us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
777788889999us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
777788889999eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
777788889999eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
777788889999eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
777788889999eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
777788889999eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
777788889999eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
777788889999eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
777788889999eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
777788889999eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
777788889999eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
777788889999eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
777788889999eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
777788889999eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
777788889999eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
777788889999eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
777788889999eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
777788889999eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
777788889999eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
777788889999eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
777788889999eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
777788889999eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
777788889999eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
777788889999eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
777788889999eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
777788889999eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
777788889999us-west-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
777788889999us-west-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
777788889999us-west-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
777788889999us-west-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
777788889999us-west-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
777788889999us-west-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
777788889999us-west-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
777788889999us-west-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
777788889999us-west-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
777788889999us-west-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
777788889999us-west-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999us-west-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999us-west-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
777788889999us-west-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
777788889999us-west-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
777788889999us-west-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
777788889999us-west-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
777788889999us-west-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
777788889999us-west-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
777788889999us-west-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
777788889999us-west-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
777788889999us-west-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
777788889999us-west-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
777788889999us-west-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
777788889999us-west-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
777788889999us-west-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
777788889999us-west-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
777788889999sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
777788889999sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
777788889999sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
777788889999sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
777788889999sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
777788889999sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
777788889999sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
777788889999sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
777788889999sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
777788889999sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
777788889999sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
777788889999sa-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
777788889999sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
777788889999sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
777788889999sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
777788889999sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
777788889999sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
777788889999sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
777788889999sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
777788889999sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
777788889999sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
777788889999sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
777788889999sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
777788889999sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
777788889999sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
777788889999sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
777788889999GlobalBR-01AmazonBedrockFullAccess role checkRole 'aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
777788889999GlobalBR-03Marketplace Subscription Access CheckRole 'aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
777788889999GlobalBR-03Marketplace Subscription Access CheckRole 'aiml-sec-test-resources-MarketplaceOverlyPermissive-igL3hGIapee1' has overly permissive marketplace subscription access through policy 'OverlyPermissiveMarketplace'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
777788889999GlobalBR-03Marketplace Subscription Access CheckRole 'ProwlerApp-EC2-Role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
777788889999us-east-1BR-02Amazon Bedrock private connectivityBedrock VPC endpoints found: VPC vpc-089a9d593e34658c6 has endpoint com.amazonaws.us-east-1.bedrock-runtimeNo action requiredHighPassed
777788889999us-east-1BR-04Bedrock Model Invocation Logging CheckModel invocation logging is not enabled. This limits your ability to track and audit model usage.Enable model invocation logging to collect invocation logs, model input data, and model output data. Configure logging to deliver to Amazon S3, CloudWatch Logs, or both for comprehensive monitoring.MediumFailed
777788889999us-east-1BR-05Bedrock Guardrails CheckAmazon Bedrock Guardrails are properly configured with 1 guardrailsNo action required. Continue monitoring and updating guardrails as needed.HighPassed
777788889999us-east-1BR-06Bedrock CloudTrail Logging CheckCloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETENo action required. Continue monitoring CloudTrail logs for Bedrock activity.MediumPassed
777788889999us-east-1BR-07Bedrock Prompt Management CheckPrompt Management is being used with 1 promptsNo action required. Continue using Prompt Management for consistent and optimized prompts.LowPassed
777788889999us-east-1BR-08Bedrock Agent IAM Roles CheckError during check: An error occurred (AccessDeniedException) when calling the GetAgent operation: You do not have sufficient permissions to the key. Check credentials for appropriate permissions to the key (kms:Decrypt, kms:GenerateDataKey) and try again.Investigate error and retry assessmentHighFailed
777788889999us-east-1BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-prowler-findings' (9K2QZLVCZW) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
777788889999us-east-1BR-10Bedrock Guardrail IAM Enforcement MissingThe following roles can invoke Bedrock models without enforced guardrails: aiml-sec-test-resources-BedrockAgentRoleWithoutGuar-Z3kN5ANhP89G, aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a, aiml-sec-test-resources-BedrockKnowledgeBaseRole-6NNC1i9FuTbM, AmazonBedrockExecutionRoleForKnowledgeBase_7erx6, ProwlerApp-EC2-RoleAdd IAM policy conditions to enforce guardrail usage: +1. Use 'bedrock:GuardrailIdentifier' condition key +2. Specify required guardrail ARN or ID +3. Example: "Condition": {"StringEquals": {"bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account:guardrail/guardrail-id"}}HighFailed
777788889999us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
777788889999us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
777788889999GlobalBR-15Cross-Account Guardrails Enforcement CheckCheck must run in AWS Organizations management account to evaluate organizational policiesRun assessment in management account to check cross-account guardrails enforcementMediumN/A
777788889999us-east-1BR-16Guardrail Tier Validation CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists.InformationalN/A
777788889999us-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999us-east-1BR-18Model Evaluation Implementation CheckNo Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Create model evaluation jobs using Amazon Bedrock Evaluations to assess foundation model performance against safety and quality metrics. Use built-in datasets or custom test sets. Enable LLM-as-a-judge evaluation for comprehensive assessment.MediumFailed
777788889999us-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
777788889999us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-prowler-findings' (ID: 9K2QZLVCZW) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
777788889999us-east-1BR-22Model Invocation Throttling Limits Check9 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Continue monitoring quota utilization. Review and adjust quotas as application requirements change.LowPassed
777788889999us-east-1BR-23Guardrail Content Filter Coverage CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists.InformationalN/A
777788889999us-east-1BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-prowler-findings' (ID: 9K2QZLVCZW) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
777788889999us-east-1BR-26Guardrail Sensitive Information Filter CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists.InformationalN/A
777788889999us-east-1BR-27Guardrail Contextual Grounding CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists.InformationalN/A
777788889999us-east-1BR-28Agent Guardrail Association Check1 agents have an associated guardrailNo action required. Continue associating guardrails with new agents.LowPassed
777788889999us-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999us-east-1BR-32Bedrock CloudWatch Alarm CheckNo CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Create CloudWatch alarms on AWS/Bedrock runtime metrics such as Invocations, InvocationThrottles, InputTokenCount, OutputTokenCount, and ContentFilteredCount, and route them to an Amazon SNS topic for notification.MediumFailed
777788889999us-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: Model invocation logging is not enabled. This limits your ability to track and audit model usage.Enable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.MediumFailed
777788889999us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: CloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETEEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.MediumPassed
777788889999GlobalAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Check must run in AWS Organizations management account to evaluate organizational policiesUse IAM and organization controls to require approved guardrails for model and agent invocations where supported.InformationalN/A
777788889999us-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Configure model or application evaluations that include adversarial, safety, and security-relevant test cases.MediumFailed
777788889999us-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
777788889999us-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: 9 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Configure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.LowPassed
777788889999us-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: Guardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Configure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
777788889999us-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: Guardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Configure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
777788889999us-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: Guardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Enable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
777788889999us-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: 1 agents have an associated guardrailAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.LowPassed
777788889999us-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Configure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.MediumFailed
777788889999us-west-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
777788889999us-west-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
777788889999us-west-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
777788889999us-west-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
777788889999us-west-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
777788889999us-west-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
777788889999us-west-2BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
777788889999us-west-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
777788889999us-west-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999us-west-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
777788889999us-west-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
777788889999us-west-2BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
777788889999us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999us-west-2BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
777788889999us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
777788889999us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
777788889999us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
777788889999us-west-2BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
777788889999us-west-2BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
777788889999us-west-2BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
777788889999us-west-2BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
777788889999us-west-2BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
777788889999us-west-2BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
777788889999us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
777788889999us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
777788889999us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999us-west-2BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
777788889999us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
777788889999us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
777788889999us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
777788889999us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
777788889999us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
777788889999us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
777788889999us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
777788889999us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
777788889999us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
777788889999us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
777788889999us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
777788889999us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
777788889999us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
+ +
+
Risk Distribution
+

Pass Rate by Severity

+
+
HIGH
12.8%
28 of 219 checks passed
+
MEDIUM
29.3%
82 of 280 checks passed
+
LOW
30.3%
30 of 99 checks passed
+
Overall
23.4%
140 of 598 actionable checks
+
+

Risk by Account

+
111122223333
193
78 High · 95 Med · 20 Low
444455556666
3
0 High · 3 Med · 0 Low
777788889999
64
28 High · 31 Med · 5 Low
+

Risk by Region

+
ap-south-1
0
0 High · 0 Med · 0 Low
eu-west-1
0
0 High · 0 Med · 0 Low
sa-east-1
0
0 High · 0 Med · 0 Low
us-east-1
157
52 High · 90 Med · 15 Low
us-west-2
64
22 High · 32 Med · 10 Low
+

Findings by Assessment Area

+
+
Bedrock
461
50 Failed · 18 Passed
+
SageMaker
423
34 Failed · 61 Passed
+
AgentCore
182
39 Failed · 3 Passed
+
Agentic AI Security
388
47 Failed · 18 Passed
+
Financial Services Risk
210
90 Failed · 40 Passed
+
+
+
+
Amazon Bedrock Findings
+
+
+
+
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2589,9 +22249,9 @@

Security Assessment Overview

- - - + + + @@ -2600,20 +22260,20 @@

Security Assessment Overview

- - - + + + - - + + - - - + + + @@ -2622,9 +22282,9 @@

Security Assessment Overview

- - - + + + @@ -2633,9 +22293,9 @@

Security Assessment Overview

- - - + + + @@ -2644,9 +22304,9 @@

Security Assessment Overview

- - - + + + @@ -2655,9 +22315,196 @@

Security Assessment Overview

- - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2666,9 +22513,9 @@

Security Assessment Overview

- - - + + + @@ -2677,9 +22524,9 @@

Security Assessment Overview

- - - + + + @@ -2688,9 +22535,9 @@

Security Assessment Overview

- - - + + + @@ -2699,9 +22546,9 @@

Security Assessment Overview

- - - + + + @@ -2714,9 +22561,9 @@

Security Assessment Overview

- - - + + + @@ -2725,20 +22572,20 @@

Security Assessment Overview

- - - + + + - - + + - - - + + + @@ -2747,9 +22594,9 @@

Security Assessment Overview

- - - + + + @@ -2758,9 +22605,9 @@

Security Assessment Overview

- - - + + + @@ -2769,9 +22616,9 @@

Security Assessment Overview

- - - + + + @@ -2780,1402 +22627,1795 @@

Security Assessment Overview

- - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - + + + - + - - + + - - - - - + + + + + - - - - - - - - - - - - - + + - - - + + + - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - + - - + + - - - - - + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - + - - + + - - - - - - + + + + + + - - + + - - - - - + + + + + - + - - + + - - - - - + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111122223333GlobalBR-01AmazonBedrockFullAccess role checkRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111122223333GlobalBR-01AmazonBedrockFullAccess role checkRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111122223333GlobalBR-01AmazonBedrockFullAccess role checkRole 'myAskMeAnything-role-kmsizqwf' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-cdk_agent_core'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-neoCyan_Agent'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_knnc9'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_qxqw2'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckRole 'myAskMeAnything-role-kmsizqwf' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-20pp' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-yhc3' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockClientUser' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111122223333us-east-1BR-02Amazon Bedrock private connectivity not usedNo Bedrock service VPC endpoints found in VPCs: vpc-03472be90d65c2f68, vpc-39319f44, vpc-064f3e808e378cbc8, vpc-02d020a365a06c7feCreate a VPC endpoint in your VPC with any of the following Bedrock service endpoints that your application may be using: +- com.amazonaws.region.bedrock +- com.amazonaws.region.bedrock-runtime +- com.amazonaws.region.bedrock-agent +- com.amazonaws.region.bedrock-agent-runtimeMediumFailed
111122223333us-east-1BR-04Bedrock Model Invocation Logging CheckModel invocation logging is properly configured with delivery to: Amazon S3, CloudWatch LogsNo action requiredMediumPassed
111122223333us-east-1BR-05Bedrock Guardrails CheckAmazon Bedrock Guardrails are properly configured with 1 guardrailsNo action required. Continue monitoring and updating guardrails as needed.HighPassed
111122223333us-east-1BR-06Bedrock CloudTrail Logging CheckCloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETENo action required. Continue monitoring CloudTrail logs for Bedrock activity.MediumPassed
111122223333us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333us-east-1BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-semiconductors' (RQYFDSE1LT) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-east-1BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base '111122223333-us-east-1-kb' (PAJOKBSIMQ) uses 'S3_VECTORS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-east-1BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'e2e-rag-knowledgebase' (ESIYAYSYTJ) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-east-1BR-10Bedrock Guardrail IAM Enforcement MissingThe following roles can invoke Bedrock models without enforced guardrails: 111122223333-us-east-1-kb-bedrock-service-role, agentcore-wildrydes_gateway_role_ab3991f6-role, AgentCoreEvalsSDK-us-east-1-d04ba7b68b, AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76, AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b, AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D, AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ, AmazonBedrockExecutionRoleForKnowledgeBase_072pr, AmazonBedrockExecutionRoleForKnowledgeBase_byjin, AmazonBedrockExecutionRoleForKnowledgeBase_h9718...Add IAM policy conditions to enforce guardrail usage: +1. Use 'bedrock:GuardrailIdentifier' condition key +2. Specify required guardrail ARN or ID +3. Example: "Condition": {"StringEquals": {"bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account:guardrail/guardrail-id"}}HighFailed
111122223333us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333us-east-1BR-12Bedrock Invocation Log EncryptionS3 bucket 'nistairmfguardrail-invocationlogsbucket8fe5371b-wmlsng7pkyhm' for invocation logs uses SSE-S3 encryption instead of customer-managed KMS. Invocation logs may contain sensitive prompts and responses.1. Enable SSE-KMS with a customer-managed key on the S3 bucket +2. Update bucket policy to require encrypted uploads +3. Consider enabling S3 bucket versioning and MFA delete for log integrityMediumFailed
111122223333us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333GlobalBR-15Cross-Account Guardrails Enforcement CheckCheck must run in AWS Organizations management account to evaluate organizational policiesRun assessment in management account to check cross-account guardrails enforcementMediumN/A
111122223333us-east-1BR-16Guardrail Tier Validation CheckGuardrail 'nist-ai-rmf-guardrail' (ID: do7xkmhadx7k) is using the 'CLASSIC' content-filter tier instead of 'STANDARD'. The STANDARD tier provides more robust content filtering and broader language support than the CLASSIC tier.Update the guardrail to use the STANDARD content-filter tier for improved contextual understanding, better prompt attack filtering (distinguishing jailbreaks from prompt injection), and broader language support. The STANDARD tier requires cross-Region inference. Review pricing implications before upgrading.MediumFailed
111122223333us-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-east-1BR-18Model Evaluation Implementation CheckNo Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Create model evaluation jobs using Amazon Bedrock Evaluations to assess foundation model performance against safety and quality metrics. Use built-in datasets or custom test sets. Enable LLM-as-a-judge evaluation for comprehensive assessment.MediumFailed
111122223333us-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-semiconductors' (ID: RQYFDSE1LT) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base '111122223333-us-east-1-kb' (ID: PAJOKBSIMQ) uses 'S3_VECTORS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'e2e-rag-knowledgebase' (ID: ESIYAYSYTJ) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333us-east-1BR-22Model Invocation Throttling Limits Check11 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Continue monitoring quota utilization. Review and adjust quotas as application requirements change.LowPassed
111122223333us-east-1BR-23Guardrail Content Filter Coverage Check1 guardrails have complete content filter coverage (hate, insults, sexual, violence)No action required. Continue monitoring filter effectiveness and adjust thresholds as needed.LowPassed
111122223333us-east-1BR-24Automated Reasoning Policy Implementation CheckGuardrail 'nist-ai-rmf-guardrail' (ID: do7xkmhadx7k) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure Automated Reasoning policies on guardrails to mathematically verify model responses. Define policies that specify allowed and disallowed behaviors. Use for high-assurance use cases where formal verification is required.MediumFailed
111122223333us-east-1BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-semiconductors' (ID: RQYFDSE1LT) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-east-1BR-25RAG Evaluation Jobs CheckKnowledge base '111122223333-us-east-1-kb' (ID: PAJOKBSIMQ) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-east-1BR-25RAG Evaluation Jobs CheckKnowledge base 'e2e-rag-knowledgebase' (ID: ESIYAYSYTJ) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-east-1BR-26Guardrail Sensitive Information Filter Check1 guardrails have sensitive-information (PII) filters configuredNo action required. Periodically review the PII entity types and regex patterns to ensure coverage matches your data.LowPassed
111122223333us-east-1BR-27Guardrail Contextual Grounding Check1 guardrails have contextual grounding checks enabledNo action required. Review grounding and relevance thresholds periodically to balance hallucination detection against false positives.LowPassed
111122223333us-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333us-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333us-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333us-east-1BR-32Bedrock CloudWatch Alarm CheckNo CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Create CloudWatch alarms on AWS/Bedrock runtime metrics such as Invocations, InvocationThrottles, InputTokenCount, OutputTokenCount, and ContentFilteredCount, and route them to an Amazon SNS topic for notification.MediumFailed
111122223333ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
111122223333ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111122223333ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
111122223333ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
111122223333ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
111122223333ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
111122223333ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111122223333ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111122223333ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
111122223333ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
111122223333ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
111122223333ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
111122223333ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111122223333ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
111122223333ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
111122223333ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111122223333ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111122223333us-west-2BR-02Amazon Bedrock private connectivity not usedNo Bedrock service VPC endpoints found in VPCs: vpc-0f85a6754ab37efb7, vpc-5c3b6524, vpc-03bcafcb58a3029fcCreate a VPC endpoint in your VPC with any of the following Bedrock service endpoints that your application may be using: +- com.amazonaws.region.bedrock +- com.amazonaws.region.bedrock-runtime +- com.amazonaws.region.bedrock-agent +- com.amazonaws.region.bedrock-agent-runtimeMediumFailed
111122223333us-west-2BR-04Bedrock Model Invocation Logging CheckModel invocation logging is not enabled. This limits your ability to track and audit model usage.Enable model invocation logging to collect invocation logs, model input data, and model output data. Configure logging to deliver to Amazon S3, CloudWatch Logs, or both for comprehensive monitoring.MediumFailed
111122223333us-west-2BR-05Bedrock Guardrails CheckAmazon Bedrock Guardrails are properly configured with 1 guardrailsNo action required. Continue monitoring and updating guardrails as needed.HighPassed
111122223333us-west-2BR-06Bedrock CloudTrail Logging CheckCloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETENo action required. Continue monitoring CloudTrail logs for Bedrock activity.MediumPassed
111122223333us-west-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333us-west-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-bedrock-agent' (XSPYLN4FQL) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'IDP-DOCUMENTBEDROCKKB-CY8N0Q7N4YDT' (SUGAG7RGYD) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'promptfoo-rag-workshop-111122223333-kb' (N74ZIKTUFL) uses 'RDS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'InvestmentResearchKB' (M1GMUG3BP0) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-quick-start-xtwwd' (ENFHSBBLMV) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'kb-s3-vector-store' (116IXQU5VP) uses 'S3_VECTORS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestionInformationalN/A
111122223333us-west-2BR-10Bedrock Guardrail IAM Enforcement MissingThe following roles can invoke Bedrock models without enforced guardrails: 111122223333-us-east-1-kb-bedrock-service-role, agentcore-wildrydes_gateway_role_ab3991f6-role, AgentCoreEvalsSDK-us-east-1-d04ba7b68b, AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76, AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b, AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D, AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ, AmazonBedrockExecutionRoleForKnowledgeBase_072pr, AmazonBedrockExecutionRoleForKnowledgeBase_byjin, AmazonBedrockExecutionRoleForKnowledgeBase_h9718...Add IAM policy conditions to enforce guardrail usage: +1. Use 'bedrock:GuardrailIdentifier' condition key +2. Specify required guardrail ARN or ID +3. Example: "Condition": {"StringEquals": {"bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account:guardrail/guardrail-id"}}HighFailed
111122223333us-west-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333us-west-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333us-west-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333us-west-2BR-16Guardrail Tier Validation CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) is using the 'CLASSIC' content-filter tier instead of 'STANDARD'. The STANDARD tier provides more robust content filtering and broader language support than the CLASSIC tier.Update the guardrail to use the STANDARD content-filter tier for improved contextual understanding, better prompt attack filtering (distinguishing jailbreaks from prompt injection), and broader language support. The STANDARD tier requires cross-Region inference. Review pricing implications before upgrading.MediumFailed
111122223333us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-west-2BR-18Model Evaluation Implementation CheckNo Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Create model evaluation jobs using Amazon Bedrock Evaluations to assess foundation model performance against safety and quality metrics. Use built-in datasets or custom test sets. Enable LLM-as-a-judge evaluation for comprehensive assessment.MediumFailed
111122223333us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-bedrock-agent' (ID: XSPYLN4FQL) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'IDP-DOCUMENTBEDROCKKB-CY8N0Q7N4YDT' (ID: SUGAG7RGYD) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'promptfoo-rag-workshop-111122223333-kb' (ID: N74ZIKTUFL) uses 'RDS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'InvestmentResearchKB' (ID: M1GMUG3BP0) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-quick-start-xtwwd' (ID: ENFHSBBLMV) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'kb-s3-vector-store' (ID: 116IXQU5VP) uses 'S3_VECTORS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestionInformationalN/A
111122223333us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333us-west-2BR-22Model Invocation Throttling Limits Check7 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Continue monitoring quota utilization. Review and adjust quotas as application requirements change.LowPassed
111122223333us-west-2BR-23Guardrail Content Filter Coverage CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) is missing content filters: HATE, VIOLENCE, SEXUAL, INSULTS. Complete content filter coverage is essential for comprehensive content safety.Update guardrail to enable all content filters (HATE, INSULTS, SEXUAL, VIOLENCE). Configure appropriate threshold levels (LOW, MEDIUM, HIGH) for both input and output filtering based on your use case. Review AWS documentation for threshold guidance.HighFailed
111122223333us-west-2BR-24Automated Reasoning Policy Implementation CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure Automated Reasoning policies on guardrails to mathematically verify model responses. Define policies that specify allowed and disallowed behaviors. Use for high-assurance use cases where formal verification is required.MediumFailed
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-bedrock-agent' (ID: XSPYLN4FQL) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'IDP-DOCUMENTBEDROCKKB-CY8N0Q7N4YDT' (ID: SUGAG7RGYD) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'promptfoo-rag-workshop-111122223333-kb' (ID: N74ZIKTUFL) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'InvestmentResearchKB' (ID: M1GMUG3BP0) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-quick-start-xtwwd' (ID: ENFHSBBLMV) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-west-2BR-25RAG Evaluation Jobs CheckKnowledge base 'kb-s3-vector-store' (ID: 116IXQU5VP) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
111122223333us-west-2BR-26Guardrail Sensitive Information Filter CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) has no sensitive-information filters configured (no PII entities or regex patterns). Prompts and model responses are not screened for sensitive data such as PII.Configure sensitive-information filters on the guardrail: add PII entity types (e.g. NAME, EMAIL, SSN, CREDIT_DEBIT_CARD_NUMBER) and/or custom regex patterns, and set the appropriate BLOCK or ANONYMIZE action for input and output.HighFailed
111122223333us-west-2BR-27Guardrail Contextual Grounding CheckGuardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have contextual grounding checks enabled. Without grounding and relevance checks, the guardrail cannot detect hallucinated (ungrounded) or off-topic model responses.Enable contextual grounding checks (GROUNDING and RELEVANCE filter types) on the guardrail with appropriate thresholds. This is especially important for RAG applications to ensure responses are grounded in the retrieved source material.MediumFailed
111122223333us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333us-west-2BR-32Bedrock CloudWatch Alarm CheckNo CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Create CloudWatch alarms on AWS/Bedrock runtime metrics such as Invocations, InvocationThrottles, InputTokenCount, OutputTokenCount, and ContentFilteredCount, and route them to an Amazon SNS topic for notification.MediumFailed
111122223333sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
111122223333sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111122223333sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
111122223333sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
111122223333sa-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333sa-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333sa-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
111122223333sa-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
111122223333sa-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333sa-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333sa-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111122223333sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111122223333sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
111122223333sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
111122223333sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
111122223333sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
111122223333sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111122223333sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
111122223333sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
111122223333sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111122223333sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111122223333eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
111122223333eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111122223333eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
111122223333eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
111122223333eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
111122223333eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
111122223333eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111122223333eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111122223333eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111122223333eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
111122223333eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
111122223333eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
111122223333eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
111122223333eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
111122223333eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
111122223333eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111122223333eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
111122223333eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
111122223333eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
111122223333eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111122223333eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111122223333eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
111122223333eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
444455556666ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
444455556666GlobalBR-03Marketplace Subscription Access CheckNo identities found with overly permissive marketplace subscription accessNo action requiredMediumPassed
444455556666us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666us-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666GlobalBR-15Cross-Account Guardrails Enforcement CheckCheck must run in AWS Organizations management account to evaluate organizational policiesRun assessment in management account to check cross-account guardrails enforcementMediumN/A
444455556666us-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666us-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666us-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666us-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666us-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666us-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666us-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666us-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666us-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666us-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666us-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666us-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666us-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666us-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
444455556666eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
444455556666eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
444455556666eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
444455556666eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
444455556666eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
444455556666sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
444455556666sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
444455556666sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
444455556666sa-east-1 BR-07 Bedrock Prompt Management Check Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses. Informational N/A
111111111111ap-southeast-2
444455556666sa-east-1 BR-08 Bedrock Agent IAM Roles Check No Bedrock agents found in the account Informational N/A
111111111111ap-southeast-2
444455556666sa-east-1 BR-09 Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.No Knowledge Bases found in the accountNo action required Informational N/A
111111111111ap-southeast-2
444455556666sa-east-1 BR-10 Bedrock Guardrail IAM Enforcement Check No guardrails configured - IAM enforcement check not applicable Informational N/A
111111111111ap-southeast-2
444455556666sa-east-1 BR-11 Bedrock Custom Model Encryption Check No custom/fine-tuned models found in the account Informational N/A
111111111111ap-southeast-2
444455556666sa-east-1 BR-12 Bedrock Invocation Log Encryption Check Model invocation logging to S3 is not configured Informational N/A
111111111111ap-southeast-2
444455556666sa-east-1 BR-13 Bedrock Flows Guardrails Check No Bedrock Flows found in the account Informational N/A
111111111111eu-west-1
444455556666sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
444455556666sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
444455556666sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
444455556666sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
444455556666sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
444455556666us-west-2 BR-02 Amazon Bedrock private connectivity check No regional Bedrock resources found to assess private connectivity Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-04 Bedrock Model Invocation Logging Check No regional Bedrock resources found to monitor with invocation logging Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-05 Bedrock Guardrails Check No regional Bedrock resources found to protect with guardrails Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-06 Bedrock CloudTrail Logging Check No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-07 Bedrock Prompt Management Check Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses. Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-08 Bedrock Agent IAM Roles Check No Bedrock agents found in the account Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-09 Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.No Knowledge Bases found in the accountNo action required Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-10 Bedrock Guardrail IAM Enforcement Check No guardrails configured - IAM enforcement check not applicable Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-11 Bedrock Custom Model Encryption Check No custom/fine-tuned models found in the account Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-12 Bedrock Invocation Log Encryption Check Model invocation logging to S3 is not configured Informational N/A
111111111111eu-west-1
444455556666us-west-2 BR-13 Bedrock Flows Guardrails Check No Bedrock Flows found in the account Informational N/A
111111111111eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check
444455556666us-west-2BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
444455556666us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-west-2BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
111111111111eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configured
444455556666us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
444455556666us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
444455556666us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
444455556666us-west-2BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotas No action requiredInformationalN/A
444455556666us-west-2BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
444455556666us-west-2BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responses MediumPassedN/A
444455556666us-west-2BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
444455556666us-west-2BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
444455556666us-west-2BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
444455556666us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
444455556666us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
444455556666us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
444455556666us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
444455556666us-west-2BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
777788889999sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
777788889999sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
777788889999sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
777788889999sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
777788889999sa-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
777788889999sa-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
777788889999sa-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
777788889999sa-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
777788889999sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
777788889999sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111111111111eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protection
777788889999sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
111111111111eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required
777788889999sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deployment MediumPassedN/A
111111111111eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformational
777788889999sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHigh N/A
111111111111eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformational
777788889999sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHigh N/A
111111111111eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
777788889999sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action required Informational N/A
111111111111eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformational
777788889999sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
111111111111eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformational
777788889999sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMedium N/A
111111111111eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformational
777788889999sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
111111111111eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformational
777788889999sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHigh N/A
111111111111eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformational
777788889999sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMedium N/A
111111111111eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformational
777788889999sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHigh N/A
111111111111eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
777788889999sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
777788889999sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
777788889999sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarms No action required Informational N/A
111111111111
777788889999 eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundBR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity No action required Informational N/A
111111111111
777788889999 eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessBR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging No action required Informational N/A
111111111111
777788889999 eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundBR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails No action required Informational N/A
111111111111
777788889999 eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundBR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage No action required Informational N/A
111111111111
777788889999 eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredBR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templates Informational N/A
111111111111
777788889999 eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundBR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account No action required Informational N/A
111111111111
777788889999 eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundBR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the account No action required Informational N/A
111111111111
777788889999 eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredBR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies Informational N/A
111111111111
777788889999 eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundBR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account No action required Informational N/A
111111111111
777788889999 eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption Informational N/A
111111111111eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111111111111
777788889999 eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account No action requiredLowPassed
111111111111eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
111111111111us-east-1FS-01AWS Shield Advanced Not EnabledAWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.1. Subscribe to AWS Shield Advanced for DDoS protection. -2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection. -3. Enable Shield Response Team (SRT) access and configure proactive engagement. -4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.LowFailed
111111111111us-east-1FS-01No Regional WAF Web ACLs FoundNo AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP). -2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock. -3. Add AWS Managed Rules for known bad inputs.MediumFailed
111111111111us-east-1FS-02API Gateway Usage Plans Missing ThrottleUsage plans without throttling: myAskMeAnything-UsagePlan. Unbounded API calls can exhaust Bedrock token quotas and inflate costs.Set rateLimit and burstLimit on all usage plans associated with GenAI API stages. Consider per-consumer API keys with individual quotas.
777788889999eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protection MediumFailedN/A
111111111111us-east-1FS-03Bedrock Token Quotas At DefaultAll 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.1. Review current Bedrock TPM/TPD quotas in the Service Quotas console. -2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review. -3. Implement client-side token counting and pre-flight quota checks. -4. Use Bedrock cross-region inference profiles to distribute load.Medium
777788889999eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111us-east-1FS-04No Cost Anomaly Detection MonitorsNo AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker. -2. Configure alert subscriptions (SNS/email) for anomalies above threshold. -3. Set daily spend budgets with AWS Budgets as a secondary control.MediumFailed
777788889999eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
111111111111us-east-1FS-05No Bedrock CloudWatch Alarms FoundNo CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Create CloudWatch alarms for: -- AWS/Bedrock InvocationThrottles (threshold > 0) -- AWS/Bedrock TokensProcessed (threshold based on quota) -- Custom application-level token counters via EMF
777788889999eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deployment MediumFailedN/A
111111111111us-east-1FS-06No AI/ML Service Budgets ConfiguredNo AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds. -2. Add SNS notifications to on-call channels. -3. Consider budget actions to apply IAM deny policies when thresholds are breached.MediumFailed
777788889999eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
111111111111us-east-1FS-07Agent Action Boundary CheckNo Bedrock agents found.No action required.
777788889999eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
777788889999eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action required Informational N/A
111111111111us-east-1FS-08AgentCore Runtimes Missing Policy EngineRuntimes without authorizer configuration: origami_expeditions, neoCyan_Agent, customer_support_agent, cdk_agent_core, awsapimcpserver. Without a policy engine, agents can invoke any registered tool without authorization checks.Configure an authorizer (Lambda or Cedar policy store) on each AgentCore runtime to enforce fine-grained tool-call authorization.
777788889999eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholds HighFailedN/A
111111111111us-east-1FS-09Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-111111111111-FinServAssessment, resco-aiml-IAMPermissionCaching, aiml-security-aiml-security-111111111111-SagemakerAssessment, resco-aiml-CleanupBucket, aiml-security-aiml-security-111111111111-BedrockAssessment, resco-aiml-BedrockAssessment, aiml-security-aiml-security-111111111111-CleanupBucket, aiml-security-aiml-security-111111111111-AgentCoreAssessment, e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Unlimited concurrency allows runaway agent loops to exhaust account limits.1. Set reserved concurrency on agent Lambda functions. -2. Implement maximum iteration counts in agent orchestration logic. -3. Use Step Functions with MaxConcurrency and timeout states. -4. Add circuit-breaker patterns to agent tool invocations.
777788889999eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responses MediumFailedN/A
111111111111us-east-1FS-10Human-in-the-Loop Check — No Agent Workflows FoundNo Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.Informational
777788889999eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
111111111111us-east-1FS-11No Agent Rate Alarms FoundNo CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.Create CloudWatch alarms on: -- Bedrock agent invocation counts (threshold based on expected max) -- Lambda invocation errors for agent functions -- Step Functions execution failures and timeouts
777788889999eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
777788889999eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applications MediumFailedN/A
111111111111us-east-1FS-12No Bedrock-Scoped SCPs FoundNo Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list. -2. Use bedrock:ModelId condition key to allowlist approved models. -3. Maintain a model inventory and update the SCP when models are approved/retired.
777788889999eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topics HighFailedN/A
111111111111us-east-1FS-13Model Provenance Tags PresentAll reviewed models have required provenance tags.No action required.MediumPassed
777788889999eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111111111111us-east-1FS-14Model Governance Config Rules PresentFound 11 model-related Config rule(s).No action required.MediumPassed
777788889999eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111111111111us-east-1FS-15No Bedrock Evaluation Jobs FoundNo Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.1. Run Bedrock Model Evaluation with adversarial/red-team datasets. -2. Use FMEval library for automated robustness testing. -3. Schedule periodic re-evaluation after model updates.
777788889999eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumFailedN/A
111111111111us-east-1FS-16ECR Repositories Without Image Scanning4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111111111111-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.HighFailed
777788889999eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111111111111us-east-1FS-20No SageMaker Feature Groups FoundNo SageMaker Feature Store groups found.No action required.
777788889999ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action required Informational N/A
111111111111us-east-1FS-21Training Data Buckets Without Versioning13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111111111111-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111111111111-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111111111111-huo1mvme4t.Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning.HighFailed
777788889999ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111111111111us-east-1FS-22Overly Permissive Knowledge Base IAM Roles722 role(s) with wildcard KB permissions: -- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'Admin' allows '*' -- Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*' -- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'Agentic-AI-MCP-Strands-SDK-Works-VSCodeInstanceRole-NCTUnlnRBFO6' allows '*' -- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.HighFailed
777788889999ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
777788889999ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
777788889999ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
777788889999ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
777788889999ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
777788889999ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111111111111us-east-1FS-24ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredFound 3 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.1. Add metadata fields (tenantId, dataClassification) to KB data sources. -2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls. -3. Validate filters in integration tests to prevent cross-tenant data leakage.
777788889999ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action required Informational N/A
111111111111us-east-1FS-25OpenSearch Serverless Encryption Policies PresentFound 5 encryption policy(ies); 5 use a customer-managed KMS key.Verify all vector store collections use customer-managed KMS keys.HighPassed
777788889999ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
111111111111us-east-1FS-26OpenSearch Serverless Collections Not VPC-RestrictedFound 5 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.
777788889999ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keys HighFailedN/A
111111111111us-east-1FS-27No Guardrails — Contextual Grounding Not ApplicableNo Bedrock Guardrails configured. Configure guardrails first (see BR-05).Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).
777788889999ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action required Informational N/A
111111111111us-east-1FS-27Automated Reasoning Policies — Access CheckAccess denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml. -2. Check for an Organizations SCP / permission boundary denying the action. -3. Confirm the assessed region supports Automated Reasoning checks. -4. Re-run the assessment after re-deploying.Low
777788889999ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMedium N/A
111111111111us-east-1FS-28No Guardrails — Denied Topics Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with denied topics for regulated financial content.Informational
777788889999ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHigh N/A
111111111111us-east-1FS-29ADVISORY: Compliance Disclaimer — Manual Review RequiredApplication-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.1. Implement post-processing to append required disclaimers to GenAI outputs. -2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures. -3. Document disclaimer requirements in the AI use case register. -4. Test disclaimer presence in QA/UAT before production deployment.Informational
777788889999ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHigh N/A
111111111111us-east-1FS-30ADVISORY: Compliance Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with compliance-specific datasets: -- Fair lending test cases (ECOA, Fair Housing Act) -- UDAP/UDAAP unfair/deceptive practice scenarios -- AML/KYC edge cases
777788889999ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action required Informational N/A
111111111111us-east-1FS-31Knowledge Base Data Sources Past Review Threshold2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): -- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 702 days ago -- KB '111111111111-us-east-1-kb' source '111111111111-us-east-1-kb-datasource' last synced 180 days ago -Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. -2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. -3. Set CloudWatch alarms on sync job failures.
777788889999ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
777788889999ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responses MediumFailedN/A
111111111111us-east-1FS-32ADVISORY: Source Attribution — Manual Review RequiredSource attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.1. Use Bedrock RetrieveAndGenerate with citations enabled. -2. Include source document references in response post-processing. -3. Test citation accuracy in QA before production deployment. -4. Consider Bedrock Guardrails grounding checks to validate response accuracy.Informational
777788889999ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
111111111111us-east-1FS-33KB Data Source Buckets Without VersioningKB data source S3 buckets without versioning: 111111111111-us-east-1-kb-data-bucket.Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection.
777788889999ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
777788889999ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applications MediumFailedN/A
111111111111us-east-1FS-34Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). -2. Migrate active usage to current model versions. -3. Document training-data cutoff dates for all models in use. -4. Add data-currency disclaimers to outputs from models with old cutoffs.Informational
777788889999ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHigh N/A
111111111111us-east-1FS-35ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation or FMEval with harmful content datasets: -- Toxicity detection -- Hate speech classification -- Violence/self-harm contentInformational
777788889999ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLow N/A
111111111111us-east-1FS-36No Guardrails — Content Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with content filters.Informational
777788889999ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.Low N/A
111111111111us-east-1FS-37ADVISORY: User Feedback Mechanism — Manual Review RequiredUser feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.1. Implement thumbs-up/down or flag-for-review UI in GenAI applications. -2. Route flagged outputs to human reviewers via SQS/SNS. -3. Log feedback to DynamoDB/S3 for model improvement. -4. Define SLAs for reviewing flagged content.Informational
777788889999ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMedium N/A
111111111111us-east-1FS-38No Guardrails — Word Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with word filters.
777788889999ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action required Informational N/A
111111111111us-east-1FS-39No SageMaker Clarify Bias MonitoringNo SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions. -2. Define protected attributes (age, gender, race proxies). -3. Set bias metric thresholds and alert on violations. -4. Document bias testing results for regulatory examination.
777788889999GlobalBR-01AmazonBedrockFullAccess role checkRole 'aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required access High Failed
111111111111us-east-1FS-40ADVISORY: Bias Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with bias test datasets: -- Demographic parity test cases -- Equal opportunity scenarios -- Counterfactual fairness testsInformationalN/A
777788889999GlobalBR-03Marketplace Subscription Access CheckRole 'aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111us-east-1FS-41No SageMaker Clarify Explainability MonitoringNo SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).1. Configure SageMaker Clarify explainability for credit/lending models. -2. Generate SHAP values for feature importance. -3. Map top features to human-readable adverse action reason codes. -4. Store explanations for regulatory examination.
777788889999GlobalBR-03Marketplace Subscription Access CheckRole 'aiml-sec-test-resources-MarketplaceOverlyPermissive-igL3hGIapee1' has overly permissive marketplace subscription access through policy 'OverlyPermissiveMarketplace'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check. High Failed
111111111111us-east-1FS-42No SageMaker Model Cards FoundNo SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.1. Create SageMaker Model Cards for all production models. -2. Document: intended use, out-of-scope uses, training data, bias evaluations. -3. Include regulatory compliance attestations. -4. Review and update cards at each model version release.Medium
777788889999GlobalBR-03Marketplace Subscription Access CheckRole 'ProwlerApp-EC2-Role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High Failed
111111111111
777788889999 us-east-1FS-43No CloudWatch Logs Data Protection PoliciesNo CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.1. Create CloudWatch Logs data protection policies to mask PII. -2. Enable masking for: SSN, credit card numbers, bank account numbers, email. -3. Apply policies to Bedrock invocation log groups. -4. Test masking with synthetic PII before production deployment.BR-02Amazon Bedrock private connectivityBedrock VPC endpoints found: VPC vpc-089a9d593e34658c6 has endpoint com.amazonaws.us-east-1.bedrock-runtimeNo action required HighPassed
777788889999us-east-1BR-04Bedrock Model Invocation Logging CheckModel invocation logging is not enabled. This limits your ability to track and audit model usage.Enable model invocation logging to collect invocation logs, model input data, and model output data. Configure logging to deliver to Amazon S3, CloudWatch Logs, or both for comprehensive monitoring.Medium Failed
111111111111
777788889999 us-east-1FS-44Amazon Macie EnabledAmazon Macie is enabled and scanning S3 buckets.Verify Macie jobs cover training data and KB data source buckets.BR-05Bedrock Guardrails CheckAmazon Bedrock Guardrails are properly configured with 1 guardrailsNo action required. Continue monitoring and updating guardrails as needed. High Passed
111111111111
777788889999 us-east-1FS-45No Guardrails — PII Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with PII/sensitive information filters.InformationalN/ABR-06Bedrock CloudTrail Logging CheckCloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETENo action required. Continue monitoring CloudTrail logs for Bedrock activity.MediumPassed
111111111111
777788889999 us-east-1FS-46AI/ML Buckets Without Data Classification Tags18 AI/ML bucket(s) without data-classification tags: 111111111111-us-east-1-kb-data-bucket, ancbedrocklogging, ancknowledgebase, aws-streaming-data-solut-outputaccesslogsbucket8b-1o7m0kb4bafm4, bedrock-agentcore-codebuild-sources-111111111111-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, create-customer-resources-kb-bucket-111111111111.Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule.MediumBR-07Bedrock Prompt Management CheckPrompt Management is being used with 1 promptsNo action required. Continue using Prompt Management for consistent and optimized prompts.LowPassed
777788889999us-east-1BR-08Bedrock Agent IAM Roles CheckError during check: An error occurred (AccessDeniedException) when calling the GetAgent operation: You do not have sufficient permissions to the key. Check credentials for appropriate permissions to the key (kms:Decrypt, kms:GenerateDataKey) and try again.Investigate error and retry assessmentHigh Failed
111111111111
777788889999 us-east-1FS-47No Guardrails — Grounding Threshold Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with contextual grounding checks.BR-09Bedrock Knowledge Base Encryption ReviewKnowledge Base 'knowledge-base-prowler-findings' (9K2QZLVCZW) uses 'OPENSEARCH_SERVERLESS' storage. Encryption is managed at the storage layer and cannot be validated from the KB API. Verify encryption configuration on the underlying storage resource.1. For OpenSearch Serverless: Verify encryption with CMK at collection level +2. For S3 data sources: Verify CMK-encrypted S3 buckets +3. For RDS: Verify KMS encryption on the database +4. Consider using CMK for transient data during ingestion Informational N/A
111111111111
777788889999 us-east-1FS-48Active Knowledge Bases for RAG PresentFound 3 active Knowledge Base(s) for RAG grounding.No action required.MediumPassedBR-10Bedrock Guardrail IAM Enforcement MissingThe following roles can invoke Bedrock models without enforced guardrails: aiml-sec-test-resources-BedrockAgentRoleWithoutGuar-Z3kN5ANhP89G, aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a, aiml-sec-test-resources-BedrockKnowledgeBaseRole-6NNC1i9FuTbM, AmazonBedrockExecutionRoleForKnowledgeBase_7erx6, ProwlerApp-EC2-RoleAdd IAM policy conditions to enforce guardrail usage: +1. Use 'bedrock:GuardrailIdentifier' condition key +2. Specify required guardrail ARN or ID +3. Example: "Condition": {"StringEquals": {"bedrock:GuardrailIdentifier": "arn:aws:bedrock:region:account:guardrail/guardrail-id"}}HighFailed
111111111111
777788889999 us-east-1FS-49ADVISORY: Hallucination Disclaimer — Manual Review RequiredApplication-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.' -2. Implement post-processing to append disclaimers. -3. Test disclaimer presence in QA before production.BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action required Informational N/A
111111111111
777788889999 us-east-1FS-50No Guardrails With Relevance Grounding FiltersNo guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.MediumFailedBR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111111111111
777788889999 us-east-1FS-51No Guardrails — Prompt Attack Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with prompt attack filters.BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action required Informational N/A
111111111111us-east-1FS-52Bedrock Lambda Functions on Deprecated RuntimesFunctions on deprecated runtimes: e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Deprecated runtimes may use outdated boto3/SDK versions lacking security patches.1. Upgrade Lambda functions to a supported runtime — Python 3.12+, Node.js 22.x or 24.x, Java 21+, or .NET 8+. -2. Update boto3 to the latest version in Lambda layers (pin the version in requirements.txt and redeploy). -3. Enable Lambda runtime management controls for automatic minor-version updates (runtimeManagementConfig.updateRuntimeOn = 'Auto'). -4. Refer to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html for the authoritative list of supported and deprecated runtimes.
777788889999GlobalBR-15Cross-Account Guardrails Enforcement CheckCheck must run in AWS Organizations management account to evaluate organizational policiesRun assessment in management account to check cross-account guardrails enforcement MediumFailedN/A
111111111111
777788889999 us-east-1FS-53No WAF Web ACLs — Injection Rules Not ApplicableNo regional WAF Web ACLs found.Create WAF Web ACLs with injection protection rules (see FS-01).BR-16Guardrail Tier Validation CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists. Informational N/A
111111111111
777788889999 us-east-1FS-54ADVISORY: Penetration Testing — Manual Review RequiredPenetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.1. Conduct penetration testing of GenAI applications at least annually and before major releases. -2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts. -3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it. -4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail. -5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.InformationalBR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111
777788889999 us-east-1FS-55No Output Validation Functions FoundNo Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.1. Implement output validation Lambda functions in GenAI pipelines. -2. Validate output schema, length, and content before downstream use. -3. Sanitize outputs before rendering in web UIs (XSS prevention). -4. Encode outputs appropriately for the target context (HTML, SQL, JSON).BR-18Model Evaluation Implementation CheckNo Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Create model evaluation jobs using Amazon Bedrock Evaluations to assess foundation model performance against safety and quality metrics. Use built-in datasets or custom test sets. Enable LLM-as-a-judge evaluation for comprehensive assessment. Medium Failed
111111111111
777788889999 us-east-1FS-56No WAF ACLs — XSS Prevention Not ApplicableNo regional WAF Web ACLs found.Create WAF ACLs with XSS prevention rules.InformationalBR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMedium N/A
111111111111
777788889999 us-east-1FS-57ADVISORY: Output Encoding — Manual Review RequiredOutput encoding practices cannot be verified via AWS APIs. Manual code review required.1. HTML-encode GenAI outputs before rendering in web UIs. -2. Use parameterized queries when GenAI output is used in database operations. -3. JSON-encode outputs before embedding in JavaScript contexts. -4. Validate output length and format before passing to downstream APIs.BR-20Knowledge Base Customer-Managed KMS Encryption ReviewKnowledge base 'knowledge-base-prowler-findings' (ID: 9K2QZLVCZW) uses 'OPENSEARCH_SERVERLESS' storage. The vector-store encryption key is managed at the storage layer and cannot be validated from the Knowledge Base API. Verify customer-managed KMS encryption on the underlying store.1. For OpenSearch Serverless: verify the collection uses a customer-managed KMS key +2. For Amazon RDS/Aurora: verify KMS encryption on the database +3. For third-party stores (Pinecone, Redis, MongoDB): verify the provider's encryption configuration +4. Verify the customer-managed KMS key used for transient data during ingestion Informational N/A
111111111111
777788889999 us-east-1FS-58ADVISORY: Output Schema Validation — Manual Review RequiredFound 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.1. Use Bedrock structured output (response schemas) where supported. -2. Implement JSON schema validation on Lambda output processors. -3. Reject malformed outputs and return safe error responses. -4. Log schema validation failures to CloudWatch for monitoring.BR-22Model Invocation Throttling Limits Check9 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Continue monitoring quota utilization. Review and adjust quotas as application requirements change.LowPassed
777788889999us-east-1BR-23Guardrail Content Filter Coverage CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists. Informational N/A
111111111111
777788889999 us-east-1FS-59No Guardrails — Topic Allowlist Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with topic policies to restrict off-topic responses.BR-25RAG Evaluation Jobs CheckKnowledge base 'knowledge-base-prowler-findings' (ID: 9K2QZLVCZW) does not have recent RAG evaluation jobs. RAG evaluations assess context relevance, response correctness, faithfulness, and harmfulness to prevent hallucinations.Create RAG evaluation jobs for knowledge bases using Amazon Bedrock Model Evaluation. Configure evaluations to test context relevance, answer correctness, and faithfulness metrics. Run evaluations regularly (monthly or after significant KB updates) to maintain quality.LowFailed
777788889999us-east-1BR-26Guardrail Sensitive Information Filter CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists. Informational N/A
111111111111
777788889999 us-east-1FS-60ADVISORY: Contextual Grounding for Off-Topic PreventionContextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.1. Include explicit scope instructions in system prompts. -2. Use Bedrock Guardrails relevance grounding filter. -3. Test with off-topic prompts in QA to verify rejection behavior.BR-27Guardrail Contextual Grounding CheckGuardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Retry the assessment. If the error persists, grant bedrock:GetGuardrail and verify the guardrail still exists. Informational N/A
111111111111
777788889999 us-east-1FS-61COULD NOT ASSESS: Knowledge Base Sync Schedule CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-FinServSecurityAssessment-G8d5dEiMJsZB/aiml-security-aiml-security-111111111111-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:111111111111:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). -2. Confirm the service/feature is supported in the assessed region. -3. Ensure botocore meets the version floor in requirements.txt. -4. Re-run the assessment; assess this control manually until it succeeds.BR-28Agent Guardrail Association Check1 agents have an associated guardrailNo action required. Continue associating guardrails with new agents. LowN/APassed
111111111111
777788889999 us-east-1FS-62ADVISORY: Data Currency Disclaimer — Manual Review RequiredData currency disclaimers cannot be verified via AWS APIs. Manual review required.1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].' -2. Expose KB last sync timestamp in application responses. -3. Alert users when KB data is older than defined threshold.InformationalBR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111
777788889999 us-east-1FS-63Foundation Model Lifecycle ManagementNo legacy models detected. 10 lifecycle-related Config rule(s) found.No action required.BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumPassedN/A
111111111111
777788889999 us-east-1FS-65KB Data Source Buckets Missing S3 Event NotificationsThe following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: -- semiconductor-demo-9999 -- 111111111111-us-east-1-kb-data-bucket1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. -2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. -3. Integrate alerts into your security incident response workflow.BR-32Bedrock CloudWatch Alarm CheckNo CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Create CloudWatch alarms on AWS/Bedrock runtime metrics such as Invocations, InvocationThrottles, InputTokenCount, OutputTokenCount, and ContentFilteredCount, and route them to an Amazon SNS topic for notification. Medium Failed
111111111111us-east-1FS-66AgentCore Runtimes Missing End-User Identity PropagationThe following runtimes have no JWT or IAM authorizer configured for end-user identity propagation. Tool calls are authorized only by the agent execution role, not the originating user: -- origami_expeditions -- neoCyan_Agent -- customer_support_agent -- cdk_agent_core -- awsapimcpserver1. Configure a custom JWT authorizer or IAM authorizer on each AgentCore runtime. -2. Propagate the end-user's identity token to downstream tool services. -3. Ensure tool services validate the propagated identity before executing actions. -4. Do not expose propagated identity tokens to unauthorized third parties.HighFailed
777788889999us-west-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
111111111111us-east-1FS-67Agent Action-Group Lambdas May Lack Transaction ThresholdsThe following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: -- aiml-security-aiml-security-111111111111-FinServAssessment -- aiml-security-aiml-security-111111111111-BedrockAssessment -- resco-aiml-BedrockAssessment -- aiml-security-aiml-security-111111111111-AgentCoreAssessment -- e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk -- e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII -- resco-aiml-AgentCoreAssessment1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. -2. Implement threshold enforcement logic in the Lambda handler. -3. Configure AgentCore Policy Engine rules to cap financial transaction amounts. -4. Route transactions exceeding thresholds to a human-in-the-loop approval step.HighFailed
777788889999us-west-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
111111111111us-east-1FS-68API Gateway Request Body Size Limits Not EnforcedFound 3 REST API(s) and 0 regional WAF Web ACL(s), but none enforce a maximum request-body size. Note: an API Gateway request validator does NOT cap body size (it validates the schema and required params; the REST limit is a fixed 10 MB), and a WAF body SizeConstraint only inspects the first ~16 KB of the body by default. Oversized prompts can exhaust Bedrock token quotas and inflate costs.1. Add a maxLength (or maxItems/maxProperties) bound to the request-body JSON-Schema model used by your request validator, so oversized prompts are rejected with a 400. -2. Add a WAF SizeConstraintStatement on the request Body sized within WAF's body-inspection window (default 16 KB; raise via the web ACL AssociationConfig, or set OversizeHandling=MATCH to block bodies beyond the window), and associate the ACL with the API stage. -3. Set the max_tokens parameter in Bedrock API calls to cap output length. -4. Implement client-side token counting before submitting requests.MediumFailed
777788889999us-west-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
111111111111us-east-1FS-69Prompt Input Validation Functions PresentFound 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111111111111-CleanupBucket.Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.MediumPassed
777788889999us-west-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
111111111111eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.
777788889999us-west-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templates Informational N/A
111111111111ap-southeast-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.
777788889999us-west-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action required Informational N/A
333333333333ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources found
777788889999us-west-2BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the account No action required Informational N/A
333333333333ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
777788889999us-west-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies Informational N/A
333333333333ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources found
777788889999us-west-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account No action required Informational N/A
333333333333ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
777788889999us-west-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption Informational N/A
333333333333ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources found
777788889999us-west-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account No action required Informational N/A
333333333333ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformational
777788889999us-west-2BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMedium N/A
333333333333ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformational
777788889999us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
333333333333ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
777788889999us-west-2BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
333333333333ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformational
777788889999us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMedium N/A
333333333333ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformational
777788889999us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHigh N/A
333333333333eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformational
777788889999us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHigh N/A
333333333333eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources found
777788889999us-west-2BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotas No action required Informational N/A
333333333333eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformational
777788889999us-west-2BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
333333333333eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformational
777788889999us-west-2BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMedium N/A
333333333333eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformational
777788889999us-west-2BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
333333333333eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformational
777788889999us-west-2BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHigh N/A
333333333333eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformational
777788889999us-west-2BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMedium N/A
333333333333eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformational
777788889999us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHigh N/A
333333333333eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformational
777788889999us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLow N/A
333333333333eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
777788889999us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
777788889999us-west-2BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarms No action required Informational N/A
333333333333eu-west-1
+
+
+
Amazon SageMaker Findings
+
+
+
+
+
+
+ +
+
+ + @@ -4184,9 +24424,9 @@

Security Assessment Overview

- - - + + + @@ -4195,9 +24435,9 @@

Security Assessment Overview

- - - + + + @@ -4206,9 +24446,9 @@

Security Assessment Overview

- - - + + + @@ -4217,9 +24457,9 @@

Security Assessment Overview

- - - + + + @@ -4228,9 +24468,9 @@

Security Assessment Overview

- - - + + + @@ -4239,9 +24479,9 @@

Security Assessment Overview

- - - + + + @@ -4250,9 +24490,9 @@

Security Assessment Overview

- - - + + + @@ -4261,9 +24501,9 @@

Security Assessment Overview

- - - + + + @@ -4272,9 +24512,9 @@

Security Assessment Overview

- - - + + + @@ -4283,9 +24523,9 @@

Security Assessment Overview

- - - + + + @@ -4294,9 +24534,9 @@

Security Assessment Overview

- - - + + + @@ -4305,9 +24545,9 @@

Security Assessment Overview

- - - + + + @@ -4316,9 +24556,9 @@

Security Assessment Overview

- - - + + + @@ -4327,9 +24567,9 @@

Security Assessment Overview

- - - + + + @@ -4338,9 +24578,9 @@

Security Assessment Overview

- - - + + + @@ -4349,9 +24589,9 @@

Security Assessment Overview

- - - + + + @@ -4360,9 +24600,9 @@

Security Assessment Overview

- - - + + + @@ -4371,9 +24611,9 @@

Security Assessment Overview

- - - + + + @@ -4382,9 +24622,9 @@

Security Assessment Overview

- - - + + + @@ -4393,9 +24633,9 @@

Security Assessment Overview

- - - + + + @@ -4404,9 +24644,9 @@

Security Assessment Overview

- - - + + + @@ -4415,9 +24655,9 @@

Security Assessment Overview

- - - + + + @@ -4426,9 +24666,9 @@

Security Assessment Overview

- - - + + + @@ -4437,9 +24677,9 @@

Security Assessment Overview

- - - + + + @@ -4448,74 +24688,140 @@

Security Assessment Overview

- - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - + + - - - + + + - + - - + + - - - + + + - - + + - - + + - - - + + + - + - - + + - - - - - - + + + + + + - - + + @@ -4525,8 +24831,8 @@

Security Assessment Overview

- - + + @@ -4536,8 +24842,8 @@

Security Assessment Overview

- - + + @@ -4547,8 +24853,8 @@

Security Assessment Overview

- - + + @@ -4558,8 +24864,8 @@

Security Assessment Overview

- - + + @@ -4569,8 +24875,8 @@

Security Assessment Overview

- - + + @@ -4580,8 +24886,8 @@

Security Assessment Overview

- - + + @@ -4591,8 +24897,8 @@

Security Assessment Overview

- - + + @@ -4602,8 +24908,8 @@

Security Assessment Overview

- - + + @@ -4613,8 +24919,8 @@

Security Assessment Overview

- - + + @@ -4624,8 +24930,8 @@

Security Assessment Overview

- - + + @@ -4635,8 +24941,8 @@

Security Assessment Overview

- - + + @@ -4646,8 +24952,8 @@

Security Assessment Overview

- - + + @@ -4657,8 +24963,8 @@

Security Assessment Overview

- - + + @@ -4668,8 +24974,8 @@

Security Assessment Overview

- - + + @@ -4679,8 +24985,8 @@

Security Assessment Overview

- - + + @@ -4690,8 +24996,8 @@

Security Assessment Overview

- - + + @@ -4701,8 +25007,8 @@

Security Assessment Overview

- - + + @@ -4712,8 +25018,8 @@

Security Assessment Overview

- - + + @@ -4723,8 +25029,8 @@

Security Assessment Overview

- - + + @@ -4734,8 +25040,8 @@

Security Assessment Overview

- - + + @@ -4745,8 +25051,8 @@

Security Assessment Overview

- - + + @@ -4756,8 +25062,8 @@

Security Assessment Overview

- - + + @@ -4767,8 +25073,8 @@

Security Assessment Overview

- - + + @@ -4778,42 +25084,42 @@

Security Assessment Overview

- - - + + + - - - + + + - - + + - - - + + + - - - + + + - + - - - + + + - - - - - - + + + + + + - - - + + + @@ -4822,9 +25128,9 @@

Security Assessment Overview

- - - + + + @@ -4833,9 +25139,9 @@

Security Assessment Overview

- - - + + + @@ -4844,9 +25150,9 @@

Security Assessment Overview

- - - + + + @@ -4855,9 +25161,9 @@

Security Assessment Overview

- - - + + + @@ -4866,9 +25172,9 @@

Security Assessment Overview

- - - + + + @@ -4877,9 +25183,9 @@

Security Assessment Overview

- - - + + + @@ -4888,9 +25194,9 @@

Security Assessment Overview

- - - + + + @@ -4899,9 +25205,9 @@

Security Assessment Overview

- - - + + + @@ -4910,9 +25216,9 @@

Security Assessment Overview

- - - + + + @@ -4921,9 +25227,9 @@

Security Assessment Overview

- - - + + + @@ -4932,9 +25238,9 @@

Security Assessment Overview

- - - + + + @@ -4943,9 +25249,9 @@

Security Assessment Overview

- - - + + + @@ -4954,9 +25260,9 @@

Security Assessment Overview

- - - + + + @@ -4965,9 +25271,9 @@

Security Assessment Overview

- - - + + + @@ -4976,9 +25282,9 @@

Security Assessment Overview

- - - + + + @@ -4987,9 +25293,9 @@

Security Assessment Overview

- - - + + + @@ -4998,9 +25304,9 @@

Security Assessment Overview

- - - + + + @@ -5009,9 +25315,9 @@

Security Assessment Overview

- - - + + + @@ -5020,9 +25326,9 @@

Security Assessment Overview

- - - + + + @@ -5031,9 +25337,9 @@

Security Assessment Overview

- - - + + + @@ -5042,9 +25348,9 @@

Security Assessment Overview

- - - + + + @@ -5053,9 +25359,9 @@

Security Assessment Overview

- - - + + + @@ -5064,9 +25370,9 @@

Security Assessment Overview

- - - + + + @@ -5075,1741 +25381,1505 @@

Security Assessment Overview

- - - - - - + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - - - + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - + + + + + + + + + + + + - - - + + + @@ -6818,9 +26888,9 @@

Security Assessment Overview

- - - + + + @@ -6829,9 +26899,9 @@

Security Assessment Overview

- - - + + + @@ -6840,9 +26910,9 @@

Security Assessment Overview

- - - + + + @@ -6851,9 +26921,9 @@

Security Assessment Overview

- - - + + + @@ -6862,9 +26932,9 @@

Security Assessment Overview

- - - + + + @@ -6873,9 +26943,9 @@

Security Assessment Overview

- - - + + + @@ -6884,9 +26954,9 @@

Security Assessment Overview

- - - + + + @@ -6895,9 +26965,9 @@

Security Assessment Overview

- - - + + + @@ -6906,9 +26976,9 @@

Security Assessment Overview

- - - + + + @@ -6917,9 +26987,9 @@

Security Assessment Overview

- - - + + + @@ -6928,9 +26998,9 @@

Security Assessment Overview

- - - + + + @@ -6939,9 +27009,9 @@

Security Assessment Overview

- - - + + + @@ -6950,9 +27020,9 @@

Security Assessment Overview

- - - + + + @@ -6961,9 +27031,9 @@

Security Assessment Overview

- - - + + + @@ -6972,9 +27042,9 @@

Security Assessment Overview

- - - + + + @@ -6983,9 +27053,9 @@

Security Assessment Overview

- - - + + + @@ -6994,9 +27064,9 @@

Security Assessment Overview

- - - + + + @@ -7005,9 +27075,9 @@

Security Assessment Overview

- - - + + + @@ -7016,9 +27086,9 @@

Security Assessment Overview

- - - + + + @@ -7027,9 +27097,9 @@

Security Assessment Overview

- - - + + + @@ -7038,9 +27108,9 @@

Security Assessment Overview

- - - + + + @@ -7049,9 +27119,9 @@

Security Assessment Overview

- - - + + + @@ -7060,9 +27130,9 @@

Security Assessment Overview

- - - + + + @@ -7071,9 +27141,9 @@

Security Assessment Overview

- - - + + + @@ -7082,9 +27152,9 @@

Security Assessment Overview

- - - + + + @@ -7093,9 +27163,9 @@

Security Assessment Overview

- - - + + + @@ -7104,20 +27174,9 @@

Security Assessment Overview

- - - - - - - - - - - - - - + + + @@ -7126,9 +27185,9 @@

Security Assessment Overview

- - - + + + @@ -7137,9 +27196,9 @@

Security Assessment Overview

- - - + + + @@ -7148,9 +27207,9 @@

Security Assessment Overview

- - - + + + @@ -7159,9 +27218,9 @@

Security Assessment Overview

- - - + + + @@ -7170,9 +27229,9 @@

Security Assessment Overview

- - - + + + @@ -7181,9 +27240,9 @@

Security Assessment Overview

- - - + + + @@ -7192,9 +27251,9 @@

Security Assessment Overview

- - - + + + @@ -7203,9 +27262,9 @@

Security Assessment Overview

- - - + + + @@ -7214,9 +27273,9 @@

Security Assessment Overview

- - - + + + @@ -7225,9 +27284,9 @@

Security Assessment Overview

- - - + + + @@ -7236,9 +27295,9 @@

Security Assessment Overview

- - - + + + @@ -7247,9 +27306,9 @@

Security Assessment Overview

- - - + + + @@ -7258,9 +27317,9 @@

Security Assessment Overview

- - - + + + @@ -7269,9 +27328,9 @@

Security Assessment Overview

- - - + + + @@ -7280,9 +27339,9 @@

Security Assessment Overview

- - - + + + @@ -7291,9 +27350,9 @@

Security Assessment Overview

- - - + + + @@ -7302,9 +27361,9 @@

Security Assessment Overview

- - - + + + @@ -7313,9 +27372,9 @@

Security Assessment Overview

- - - + + + @@ -7324,9 +27383,9 @@

Security Assessment Overview

- - - + + + @@ -7335,9 +27394,9 @@

Security Assessment Overview

- - - + + + @@ -7346,9 +27405,9 @@

Security Assessment Overview

- - - + + + @@ -7357,9 +27416,9 @@

Security Assessment Overview

- - - + + + @@ -7368,9 +27427,9 @@

Security Assessment Overview

- - - + + + @@ -7379,9 +27438,9 @@

Security Assessment Overview

- - - + + + @@ -7390,9 +27449,9 @@

Security Assessment Overview

- - - + + + @@ -7401,9 +27460,9 @@

Security Assessment Overview

- - - + + + @@ -7412,167 +27471,9 @@

Security Assessment Overview

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + @@ -7581,9 +27482,9 @@

Security Assessment Overview

- - - + + + @@ -7592,9 +27493,9 @@

Security Assessment Overview

- - - + + + @@ -7603,9 +27504,9 @@

Security Assessment Overview

- - - + + + @@ -7614,9 +27515,9 @@

Security Assessment Overview

- - - + + + @@ -7625,9 +27526,9 @@

Security Assessment Overview

- - - + + + @@ -7636,9 +27537,9 @@

Security Assessment Overview

- - - + + + @@ -7647,9 +27548,9 @@

Security Assessment Overview

- - - + + + @@ -7658,9 +27559,9 @@

Security Assessment Overview

- - - + + + @@ -7669,9 +27570,9 @@

Security Assessment Overview

- - - + + + @@ -7680,9 +27581,9 @@

Security Assessment Overview

- - - + + + @@ -7691,9 +27592,9 @@

Security Assessment Overview

- - - + + + @@ -7702,9 +27603,9 @@

Security Assessment Overview

- - - + + + @@ -7713,9 +27614,9 @@

Security Assessment Overview

- - - + + + @@ -7724,9 +27625,9 @@

Security Assessment Overview

- - - + + + @@ -7735,9 +27636,9 @@

Security Assessment Overview

- - - + + + @@ -7746,9 +27647,9 @@

Security Assessment Overview

- - - + + + @@ -7757,9 +27658,9 @@

Security Assessment Overview

- - - + + + @@ -7768,9 +27669,9 @@

Security Assessment Overview

- - - + + + @@ -7779,9 +27680,9 @@

Security Assessment Overview

- - - + + + @@ -7790,9 +27691,9 @@

Security Assessment Overview

- - - + + + @@ -7801,9 +27702,9 @@

Security Assessment Overview

- - - + + + @@ -7812,9 +27713,9 @@

Security Assessment Overview

- - - + + + @@ -7823,9 +27724,9 @@

Security Assessment Overview

- - - + + + @@ -7834,9 +27735,9 @@

Security Assessment Overview

- - - + + + @@ -7845,9 +27746,9 @@

Security Assessment Overview

- - - + + + @@ -7856,7201 +27757,7615 @@

Security Assessment Overview

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - + + - - - - - - + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - + + + - - - - - - - - - - - - - - + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - - - - - - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - + + + - + - - + + - - - + + + - - - + + + - - + + - - - + + + - - - + + + - - + + - - - - - - - - - - - - - - + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - - - + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - + - - + + - - - + + + - - - + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - + + + - + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111122223333ap-south-1 SM-01 SageMaker Internet Access Check No SageMaker notebook instances or domains found to check Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-02 SageMaker SSO Configuration Check No SageMaker domains found, or all domains use SSO with IAM Identity Center configured Medium Passed
333333333333eu-west-1
111122223333ap-south-1 SM-03 Data Protection Check No SageMaker resources found to check for data protection Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-04 GuardDuty Enabled Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. Medium Passed
333333333333eu-west-1
111122223333ap-south-1 SM-05 SageMaker Model Registry Issue No model package groups found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-05 SageMaker Feature Store Issue No feature groups found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-05 SageMaker Pipelines Issue No ML pipelines found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-06 SageMaker Clarify No Clarify Usage No SageMaker Clarify jobs found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-07 SageMaker Model Monitor No Model Monitoring No Model Monitor schedules found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-08 Model Registry Registry Not Used Model Registry is not being utilized Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-09 SageMaker Notebook Root Access Check No notebook instances found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-10 SageMaker Notebook VPC Deployment Check No notebook instances found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-11 SageMaker Model Network Isolation Check No models found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-12 SageMaker Endpoint Instance Count Check No InService endpoints found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-13 SageMaker Monitoring Network Isolation Check No monitoring schedules found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-14 SageMaker Model Repository Access Check No models found or all use default Platform access Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-15 SageMaker Feature Store Encryption Check No feature groups with offline stores found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-16 SageMaker Data Quality Job Encryption Check No data quality job definitions found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-17 SageMaker Processing Job Encryption Check No processing jobs found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-18 SageMaker Transform Job Encryption Check No transform jobs found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-19 SageMaker Hyperparameter Tuning Job Encryption Check No hyperparameter tuning jobs found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-20 SageMaker Compilation Job Encryption Check No compilation jobs found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-21 SageMaker AutoML Job Network Isolation Check No AutoML jobs found Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-22 Model Approval Workflow Check No model package groups found. Model Registry is not being used for model governance. Informational N/A
333333333333eu-west-1
111122223333ap-south-1 SM-23 Model Drift Detection Check No InService endpoints found to monitor. Medium Passed
333333333333eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20231014T200029' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMakerServiceCatalogProductsExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'EMR_EC2_DefaultRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
333333333333eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111122223333GlobalSM-02SageMaker Full Access Policy UsedRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
333333333333
111122223333 Global SM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredSageMaker Full Access Policy UsedRole 'SageMaker-EMR-ExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege HighPassedFailed
333333333333
111122223333 us-east-1 SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredNon-VPC Only Network AccessSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access type InformationalN/AHighFailed
333333333333
111122223333 us-east-1 SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredSSO Not Properly ConfiguredSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured. MediumPassedFailed
333333333333
111122223333 us-east-1 SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/AMissing Encryption ConfigurationDomain 'QuickSetupDomain-20250525T153160' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
333333333333
111122223333 us-east-1 SM-04 GuardDuty Enabled Medium Passed
333333333333
111122223333 us-east-1 SM-05 SageMaker Model Registry Issue Informational N/A
333333333333
111122223333 us-east-1 SM-05 SageMaker Feature Store Issue Informational N/A
333333333333
111122223333 us-east-1 SM-05 SageMaker Pipelines Issue Informational N/A
333333333333
111122223333 us-east-1 SM-06 SageMaker Clarify No Clarify Usage Informational N/A
333333333333
111122223333 us-east-1 SM-07 SageMaker Model Monitor No Model Monitoring Informational N/A
333333333333
111122223333 us-east-1 SM-08 Model Registry Registry Not Used Informational N/A
333333333333
111122223333 us-east-1 SM-09 SageMaker Notebook Root Access Check Informational N/A
333333333333
111122223333 us-east-1 SM-10 SageMaker Notebook VPC Deployment Check Informational N/A
333333333333
111122223333 us-east-1 SM-11 SageMaker Model Network Isolation Check Informational N/A
333333333333
111122223333 us-east-1 SM-12 SageMaker Endpoint Instance Count Check Informational N/A
333333333333
111122223333 us-east-1 SM-13 SageMaker Monitoring Network Isolation Check Informational N/A
333333333333
111122223333 us-east-1 SM-14 SageMaker Model Repository Access Check Informational N/A
333333333333
111122223333 us-east-1 SM-15 SageMaker Feature Store Encryption Check Informational N/A
333333333333
111122223333 us-east-1 SM-16 SageMaker Data Quality Job Encryption Check Informational N/A
333333333333
111122223333 us-east-1 SM-17 SageMaker Processing Job Encryption Check Informational N/A
333333333333
111122223333 us-east-1 SM-18 SageMaker Transform Job Encryption Check Informational N/A
333333333333
111122223333 us-east-1 SM-19 SageMaker Hyperparameter Tuning Job Encryption Check Informational N/A
333333333333
111122223333 us-east-1 SM-20 SageMaker Compilation Job Encryption Check Informational N/A
333333333333
111122223333 us-east-1 SM-21 SageMaker AutoML Job Network Isolation Check Informational N/A
333333333333
111122223333 us-east-1 SM-22 Model Approval Workflow Check Informational N/A
333333333333
111122223333 us-east-1 SM-23 Model Drift Detection Check Medium Passed
333333333333
111122223333 us-east-1 SM-24 A/B Testing and Shadow Deployment Check Low Passed
333333333333
111122223333 us-east-1 SM-25 ML Lineage Tracking - Experiments Not Used Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredNon-VPC Only Network AccessSageMaker domain 'd-krxh4fmtaxjl' (PromptEvaluationDomain) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access type InformationalN/AHighFailed
333333333333ap-southeast-2
111122223333us-west-2 SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredSSO Not Properly ConfiguredSageMaker domain 'd-krxh4fmtaxjl' (PromptEvaluationDomain) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured. MediumPassedFailed
333333333333ap-southeast-2
111122223333us-west-2 SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/AMissing Encryption ConfigurationDomain 'PromptEvaluationDomain' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
333333333333ap-southeast-2
111122223333us-west-2 SM-04 GuardDuty Enabled Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. Medium Passed
333333333333ap-southeast-2
111122223333us-west-2 SM-05 SageMaker Model Registry Issue No model package groups found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-05 SageMaker Feature Store Issue No feature groups found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-05 SageMaker Pipelines Issue No ML pipelines found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-06 SageMaker Clarify No Clarify Usage No SageMaker Clarify jobs found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-07 SageMaker Model Monitor No Model Monitoring No Model Monitor schedules found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-08 Model Registry Registry Not Used Model Registry is not being utilized Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-09 SageMaker Notebook Root Access Check No notebook instances found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-10 SageMaker Notebook VPC Deployment Check No notebook instances found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-11 SageMaker Model Network Isolation Check No models found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-12 SageMaker Endpoint Instance Count Check No InService endpoints found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-13 SageMaker Monitoring Network Isolation Check No monitoring schedules found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-14 SageMaker Model Repository Access Check No models found or all use default Platform access Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-15 SageMaker Feature Store Encryption Check No feature groups with offline stores found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-16 SageMaker Data Quality Job Encryption Check No data quality job definitions found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-17 SageMaker Processing Job Encryption Check No processing jobs found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-18 SageMaker Transform Job Encryption Check No transform jobs found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-19 SageMaker Hyperparameter Tuning Job Encryption Check No hyperparameter tuning jobs found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-20 SageMaker Compilation Job Encryption Check No compilation jobs found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-21 SageMaker AutoML Job Network Isolation Check No AutoML jobs found Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-22 Model Approval Workflow Check No model package groups found. Model Registry is not being used for model governance. Informational N/A
333333333333ap-southeast-2
111122223333us-west-2 SM-23 Model Drift Detection Check No InService endpoints found to monitor. Medium Passed
333333333333ap-southeast-2
111122223333us-west-2 SM-24 A/B Testing and Shadow Deployment Check No InService endpoints found. Low Passed
333333333333ap-southeast-2
111122223333us-west-2 SM-25 ML Lineage Tracking - Experiments Not Used No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized. Informational N/A
333333333333GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policy
111122223333sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check No action requiredHighPassed
333333333333GlobalBR-03Marketplace Subscription Access CheckRole 'ProwlerApp-EC2-Role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_7erx6' last accessed Bedrock on 2025-05-13You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AWSVAPTAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-333333333333-us-east-1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-333333333333-us-east-2' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailedInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-333333333333-us-west-2' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required MediumFailedPassed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required MediumFailedPassed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'Nova-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerApp-EC2-Role' last accessed Bedrock on 2026-03-29You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerScanRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'resco-aiml-security-mgmt-BedrockSecurityAssessmentF-espswsHIf9by' last accessed Bedrock on 2026-04-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
333333333333us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
111122223333sa-east-1SM-11SageMaker Model Network Isolation CheckNo models found No action required Informational N/A
333333333333us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
111122223333sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found No action required Informational N/A
333333333333us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
111122223333sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found No action required Informational N/A
333333333333us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
111122223333sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access No action required Informational N/A
333333333333us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
111122223333sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required Informational N/A
333333333333us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
111122223333sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found No action required Informational N/A
333333333333us-east-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
111122223333sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required Informational N/A
333333333333us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
111122223333sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required Informational N/A
333333333333us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
111122223333sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found No action required Informational N/A
333333333333us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
111122223333sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required Informational N/A
333333333333us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
111122223333sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found No action required Informational N/A
333333333333us-east-1FS-01AWS Shield Advanced Not EnabledAWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.1. Subscribe to AWS Shield Advanced for DDoS protection. -2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection. -3. Enable Shield Response Team (SRT) access and configure proactive engagement. -4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.LowFailed
111122223333sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
333333333333us-east-1FS-01No Regional WAF Web ACLs FoundNo AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP). -2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock. -3. Add AWS Managed Rules for known bad inputs.
111122223333sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action required MediumFailedPassed
333333333333us-east-1FS-02No API Gateway Usage Plans FoundNo usage plans configured. GenAI API endpoints may have no rate limits.Create API Gateway usage plans with throttle settings (rateLimit and burstLimit) for all Bedrock-facing APIs.
111122223333sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
333333333333us-east-1FS-03Bedrock Token Quotas At DefaultAll 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.1. Review current Bedrock TPM/TPD quotas in the Service Quotas console. -2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review. -3. Implement client-side token counting and pre-flight quota checks. -4. Use Bedrock cross-region inference profiles to distribute load.Medium
111122223333eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformational N/A
333333333333us-east-1FS-04No Cost Anomaly Detection MonitorsNo AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker. -2. Configure alert subscriptions (SNS/email) for anomalies above threshold. -3. Set daily spend budgets with AWS Budgets as a secondary control.
111122223333eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required MediumFailedPassed
333333333333us-east-1FS-05No Bedrock CloudWatch Alarms FoundNo CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Create CloudWatch alarms for: -- AWS/Bedrock InvocationThrottles (threshold > 0) -- AWS/Bedrock TokensProcessed (threshold based on quota) -- Custom application-level token counters via EMFMediumFailed
111122223333eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
333333333333us-east-1FS-06No AI/ML Service Budgets ConfiguredNo AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds. -2. Add SNS notifications to on-call channels. -3. Consider budget actions to apply IAM deny policies when thresholds are breached.
111122223333eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required MediumFailedPassed
111122223333eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
333333333333us-east-1FS-07Agent Action Boundary CheckNo Bedrock agents found.No action required.
111122223333eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production Informational N/A
333333333333us-east-1FS-08No AgentCore Runtimes FoundNo AgentCore runtimes found; policy engine check not applicable.If using AgentCore, configure the Policy Engine to authorize tool calls.
111122223333eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment Informational N/A
333333333333us-east-1FS-09Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-mgmt-FinServAssessment, aiml-security-aiml-security-mgmt-CleanupBucket, aiml-security-aiml-security-mgmt-SagemakerAssessment, aiml-security-aiml-security-mgmt-GenerateReport, resco-aiml-CleanupBucket, aiml-security-aiml-security-mgmt-IAMPermissionCaching, AIMLSecurity-Assessment-CodeBuildStartBuildLambda-Ul2QNob2S042, resco-aiml-BedrockAssessment, resco-aiml-AgentCoreAssessment, resco-aiml-GenerateReport. Unlimited concurrency allows runaway agent loops to exhaust account limits.1. Set reserved concurrency on agent Lambda functions. -2. Implement maximum iteration counts in agent orchestration logic. -3. Use Step Functions with MaxConcurrency and timeout states. -4. Add circuit-breaker patterns to agent tool invocations.MediumFailed
111122223333eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
333333333333us-east-1FS-10Human-in-the-Loop Check — No Agent Workflows FoundNo Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.
111122223333eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules Informational N/A
333333333333us-east-1FS-11No Agent Rate Alarms FoundNo CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.Create CloudWatch alarms on: -- Bedrock agent invocation counts (threshold based on expected max) -- Lambda invocation errors for agent functions -- Step Functions execution failures and timeoutsMediumFailed
111122223333eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
333333333333us-east-1FS-12No Bedrock-Scoped SCPs FoundNo Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list. -2. Use bedrock:ModelId condition key to allowlist approved models. -3. Maintain a model inventory and update the SCP when models are approved/retired.HighFailed
111122223333eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
333333333333us-east-1FS-13Model Provenance Tags PresentAll reviewed models have required provenance tags.No action required.MediumPassed
111122223333eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
333333333333us-east-1FS-14Model Governance Config Rules PresentFound 13 model-related Config rule(s).No action required.MediumPassed
111122223333eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
333333333333us-east-1FS-15No Bedrock Evaluation Jobs FoundNo Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.1. Run Bedrock Model Evaluation with adversarial/red-team datasets. -2. Use FMEval library for automated robustness testing. -3. Schedule periodic re-evaluation after model updates.MediumFailed
111122223333eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
333333333333us-east-1FS-16ECR Repositories Without Image Scanning1 ECR repo(s) without scan-on-push: cdk-hnb659fds-container-assets-333333333333-us-east-1.Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.HighFailed
111122223333eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
333333333333us-east-1FS-20No SageMaker Feature Groups FoundNo SageMaker Feature Store groups found.No action required.
111122223333eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required Informational N/A
333333333333us-east-1FS-21No Training Data Buckets IdentifiedNo S3 buckets with training/model naming found.Tag training data buckets and enable versioning.
111122223333eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required Informational N/A
333333333333us-east-1FS-22Overly Permissive Knowledge Base IAM Roles710 role(s) with wildcard KB permissions: -- Role 'Admin' allows '*' -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetModelInvocationLoggingConfiguration' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListPrompts' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetPrompt' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListAgents' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetAgent' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListCustomModels' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.HighFailed
111122223333eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
333333333333us-east-1FS-24ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredFound 1 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.1. Add metadata fields (tenantId, dataClassification) to KB data sources. -2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls. -3. Validate filters in integration tests to prevent cross-tenant data leakage.
111122223333eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required Informational N/A
333333333333us-east-1FS-25OpenSearch Serverless Encryption Policies PresentFound 1 encryption policy(ies); 1 use a customer-managed KMS key.Verify all vector store collections use customer-managed KMS keys.HighPassed
111122223333eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
333333333333us-east-1FS-26OpenSearch Serverless Collections Not VPC-RestrictedFound 1 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.HighFailed
111122223333eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
333333333333us-east-1FS-27No Guardrails — Contextual Grounding Not ApplicableNo Bedrock Guardrails configured. Configure guardrails first (see BR-05).Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).
111122223333eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required Informational N/A
333333333333us-east-1FS-27Automated Reasoning Policies — Access CheckAccess denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml. -2. Check for an Organizations SCP / permission boundary denying the action. -3. Confirm the assessed region supports Automated Reasoning checks. -4. Re-run the assessment after re-deploying.Low
111122223333eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformational N/A
333333333333us-east-1FS-28No Guardrails — Denied Topics Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with denied topics for regulated financial content.
111122223333eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment. Informational N/A
333333333333us-east-1FS-29ADVISORY: Compliance Disclaimer — Manual Review RequiredApplication-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.1. Implement post-processing to append required disclaimers to GenAI outputs. -2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures. -3. Document disclaimer requirements in the AI use case register. -4. Test disclaimer presence in QA/UAT before production deployment.
111122223333eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111122223333eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111122223333eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
333333333333us-east-1FS-30ADVISORY: Compliance Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with compliance-specific datasets: -- Fair lending test cases (ECOA, Fair Housing Act) -- UDAP/UDAAP unfair/deceptive practice scenarios -- AML/KYC edge cases
444455556666eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required Informational N/A
333333333333us-east-1FS-31Knowledge Base Data Sources Past Review Threshold1 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): -- KB 'knowledge-base-prowler-findings' source 'knowledge-base-quick-start-9lb68-data-source' last synced 403 days ago -Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. -2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. -3. Set CloudWatch alarms on sync job failures.
444455556666eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required MediumFailedPassed
333333333333us-east-1FS-32ADVISORY: Source Attribution — Manual Review RequiredSource attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.1. Use Bedrock RetrieveAndGenerate with citations enabled. -2. Include source document references in response post-processing. -3. Test citation accuracy in QA before production deployment. -4. Consider Bedrock Guardrails grounding checks to validate response accuracy.
444455556666eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required Informational N/A
333333333333us-east-1FS-33KB Data Source Buckets Have VersioningAll reviewed KB data source buckets have versioning enabled.No action required.
444455556666eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required Medium Passed
333333333333us-east-1FS-34Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). -2. Migrate active usage to current model versions. -3. Document training-data cutoff dates for all models in use. -4. Add data-currency disclaimers to outputs from models with old cutoffs.
444455556666eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
333333333333us-east-1FS-35ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation or FMEval with harmful content datasets: -- Toxicity detection -- Hate speech classification -- Violence/self-harm content
444455556666eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production Informational N/A
333333333333us-east-1FS-36No Guardrails — Content Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with content filters.
444455556666eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment Informational N/A
333333333333us-east-1FS-37ADVISORY: User Feedback Mechanism — Manual Review RequiredUser feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.1. Implement thumbs-up/down or flag-for-review UI in GenAI applications. -2. Route flagged outputs to human reviewers via SQS/SNS. -3. Log feedback to DynamoDB/S3 for model improvement. -4. Define SLAs for reviewing flagged content.
444455556666eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection Informational N/A
333333333333us-east-1FS-38No Guardrails — Word Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with word filters.
444455556666eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules Informational N/A
333333333333us-east-1FS-39No SageMaker Clarify Bias MonitoringNo SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions. -2. Define protected attributes (age, gender, race proxies). -3. Set bias metric thresholds and alert on violations. -4. Document bias testing results for regulatory examination.HighFailed
333333333333us-east-1FS-40ADVISORY: Bias Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with bias test datasets: -- Demographic parity test cases -- Equal opportunity scenarios -- Counterfactual fairness tests
444455556666eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows Informational N/A
333333333333us-east-1FS-41No SageMaker Clarify Explainability MonitoringNo SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).1. Configure SageMaker Clarify explainability for credit/lending models. -2. Generate SHAP values for feature importance. -3. Map top features to human-readable adverse action reason codes. -4. Store explanations for regulatory examination.HighFailed
333333333333us-east-1FS-42No SageMaker Model Cards FoundNo SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.1. Create SageMaker Model Cards for all production models. -2. Document: intended use, out-of-scope uses, training data, bias evaluations. -3. Include regulatory compliance attestations. -4. Review and update cards at each model version release.MediumFailed
333333333333us-east-1FS-43No CloudWatch Logs Data Protection PoliciesNo CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.1. Create CloudWatch Logs data protection policies to mask PII. -2. Enable masking for: SSN, credit card numbers, bank account numbers, email. -3. Apply policies to Bedrock invocation log groups. -4. Test masking with synthetic PII before production deployment.HighFailed
333333333333us-east-1FS-44Amazon Macie Not EnabledAmazon Macie is not enabled. S3 buckets containing training data and KB data sources are not being scanned for PII/sensitive data.1. Enable Amazon Macie in all regions where AI/ML data is stored. -2. Create Macie classification jobs for training data and KB buckets. -3. Configure Macie findings to route to Security Hub and SNS. -4. Remediate PII findings before using data for model training.HighFailed
444455556666eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
333333333333us-east-1FS-45No Guardrails — PII Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with PII/sensitive information filters.
444455556666eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required Informational N/A
333333333333us-east-1FS-46No AI/ML Data Buckets IdentifiedNo S3 buckets with AI/ML naming found.Tag AI/ML data buckets with data-classification labels.
444455556666eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required Informational N/A
333333333333us-east-1FS-47No Guardrails — Grounding Threshold Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with contextual grounding checks.
444455556666eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required Informational N/A
333333333333us-east-1FS-48Active Knowledge Bases for RAG PresentFound 1 active Knowledge Base(s) for RAG grounding.No action required.MediumPassed
333333333333us-east-1FS-49ADVISORY: Hallucination Disclaimer — Manual Review RequiredApplication-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.' -2. Implement post-processing to append disclaimers. -3. Test disclaimer presence in QA before production.
444455556666eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required Informational N/A
333333333333us-east-1FS-50No Guardrails With Relevance Grounding FiltersNo guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.MediumFailed
333333333333us-east-1FS-51No Guardrails — Prompt Attack Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with prompt attack filters.
444455556666eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required Informational N/A
333333333333us-east-1FS-52Bedrock Lambda Functions on Current RuntimesAll 16 Bedrock Lambda function(s) use current runtimes.No action required.MediumPassed
333333333333us-east-1FS-53No WAF Web ACLs — Injection Rules Not ApplicableNo regional WAF Web ACLs found.Create WAF Web ACLs with injection protection rules (see FS-01).
444455556666eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required Informational N/A
333333333333us-east-1FS-54ADVISORY: Penetration Testing — Manual Review RequiredPenetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.1. Conduct penetration testing of GenAI applications at least annually and before major releases. -2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts. -3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it. -4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail. -5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.
444455556666eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required Informational N/A
333333333333us-east-1FS-55No Output Validation Functions FoundNo Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.1. Implement output validation Lambda functions in GenAI pipelines. -2. Validate output schema, length, and content before downstream use. -3. Sanitize outputs before rendering in web UIs (XSS prevention). -4. Encode outputs appropriately for the target context (HTML, SQL, JSON).MediumFailed
333333333333us-east-1FS-56No WAF ACLs — XSS Prevention Not ApplicableNo regional WAF Web ACLs found.Create WAF ACLs with XSS prevention rules.
444455556666eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required Informational N/A
333333333333us-east-1FS-57ADVISORY: Output Encoding — Manual Review RequiredOutput encoding practices cannot be verified via AWS APIs. Manual code review required.1. HTML-encode GenAI outputs before rendering in web UIs. -2. Use parameterized queries when GenAI output is used in database operations. -3. JSON-encode outputs before embedding in JavaScript contexts. -4. Validate output length and format before passing to downstream APIs.
444455556666eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required Informational N/A
333333333333us-east-1FS-58ADVISORY: Output Schema Validation — Manual Review RequiredFound 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.1. Use Bedrock structured output (response schemas) where supported. -2. Implement JSON schema validation on Lambda output processors. -3. Reject malformed outputs and return safe error responses. -4. Log schema validation failures to CloudWatch for monitoring.
444455556666eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required Informational N/A
333333333333us-east-1FS-59No Guardrails — Topic Allowlist Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with topic policies to restrict off-topic responses.
444455556666eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required Informational N/A
333333333333us-east-1FS-60ADVISORY: Contextual Grounding for Off-Topic PreventionContextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.1. Include explicit scope instructions in system prompts. -2. Use Bedrock Guardrails relevance grounding filter. -3. Test with off-topic prompts in QA to verify rejection behavior.
444455556666eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required Informational N/A
333333333333us-east-1FS-61COULD NOT ASSESS: Knowledge Base Sync Schedule CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-FinServSecurityAssessmentFunctio-pwj9by1swQWa/aiml-security-aiml-security-mgmt-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:333333333333:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). -2. Confirm the service/feature is supported in the assessed region. -3. Ensure botocore meets the version floor in requirements.txt. -4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
333333333333us-east-1FS-62ADVISORY: Data Currency Disclaimer — Manual Review RequiredData currency disclaimers cannot be verified via AWS APIs. Manual review required.1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].' -2. Expose KB last sync timestamp in application responses. -3. Alert users when KB data is older than defined threshold.
444455556666eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment. Informational N/A
333333333333us-east-1FS-63Foundation Model Lifecycle ManagementNo legacy models detected. 11 lifecycle-related Config rule(s) found.No action required.
444455556666eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action required Medium Passed
333333333333us-east-1FS-65KB Data Source Buckets Missing S3 Event NotificationsThe following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: -- sat2-prowler-2025-prowlerfindingsbucket-wc1k0mza7lpk1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. -2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. -3. Integrate alerts into your security incident response workflow.MediumFailed
444455556666eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
333333333333us-east-1FS-66No AgentCore Runtimes FoundNo AgentCore runtimes found; identity propagation check not applicable.If using AgentCore, configure token propagation so end-user identities are forwarded to tool services.
444455556666eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
333333333333us-east-1FS-67Agent Action-Group Lambdas May Lack Transaction ThresholdsThe following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: -- aiml-security-aiml-security-mgmt-FinServAssessment -- resco-aiml-BedrockAssessment -- resco-aiml-AgentCoreAssessment -- aiml-security-aiml-security-mgmt-AgentCoreAssessment -- aiml-security-aiml-security-mgmt-BedrockAssessment1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. -2. Implement threshold enforcement logic in the Lambda handler. -3. Configure AgentCore Policy Engine rules to cap financial transaction amounts. -4. Route transactions exceeding thresholds to a human-in-the-loop approval step.
444455556666GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action required HighFailedPassed
333333333333
444455556666 us-east-1FS-68API Gateway Request Body Size Limits — Not ApplicableNo API Gateway REST APIs and no regional WAF Web ACLs were found in this region. There is no input-payload surface to assess for body-size limits.If GenAI endpoints are fronted by API Gateway or WAF in another region, run the assessment there. Otherwise no action is required.SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required Informational N/A
333333333333
444455556666 us-east-1FS-69Prompt Input Validation Functions PresentFound 2 Lambda function(s) with input validation/sanitization naming patterns: aiml-security-aiml-security-mgmt-CleanupBucket, resco-aiml-CleanupBucket.Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required Medium Passed
333333333333eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.
444455556666us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required Informational N/A
333333333333ap-southeast-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.
444455556666us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
333333333333ap-southeast-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action required
444455556666us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production Informational N/A
333333333333ap-southeast-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action required
444455556666us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment Informational N/A
333333333333ap-southeast-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action required
444455556666us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection Informational N/A
333333333333ap-southeast-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action required
444455556666us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules Informational N/A
333333333333ap-southeast-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows Informational N/A
333333333333ap-southeast-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances found No action required Informational N/A
333333333333ap-southeast-2BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required Informational N/A
333333333333ap-southeast-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
444455556666us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required Informational N/A
333333333333ap-southeast-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
444455556666us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found No action required Informational N/A
333333333333ap-southeast-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
444455556666us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required Informational N/A
333333333333ap-southeast-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
444455556666us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access No action required Informational N/A
333333333333eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
444455556666us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores found No action required Informational N/A
333333333333eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
444455556666us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found No action required Informational N/A
333333333333eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
444455556666us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs found No action required Informational N/A
333333333333eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
444455556666us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs found No action required Informational N/A
333333333333eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required Informational N/A
333333333333eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found No action required Informational N/A
333333333333eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required Informational N/A
333333333333eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
444455556666us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment. Informational N/A
333333333333eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
444455556666us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor. No action requiredInformationalN/AMediumPassed
333333333333eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
444455556666us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
333333333333eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
444455556666ap-south-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check No action required Informational N/A
333333333333GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access found
444455556666ap-south-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configured No action requiredHighMedium Passed
333333333333GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-mgmt-AgentCoreSecurityAssessmen-JrbYHkz9UslU' (62 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
444455556666ap-south-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
333333333333GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principle
444455556666ap-south-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required MediumFailedPassed
333333333333GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
444455556666ap-south-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
333333333333us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required
444455556666ap-south-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production Informational N/A
333333333333us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
444455556666ap-south-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment Informational N/A
333333333333us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
444455556666ap-south-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection Informational N/A
333333333333us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
444455556666ap-south-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules Informational N/A
333333333333us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources found
444455556666ap-south-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
444455556666ap-south-1SM-09SageMaker Notebook Root Access CheckNo notebook instances found No action required Informational N/A
333333333333us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found
444455556666ap-south-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found No action required Informational N/A
333333333333us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found
444455556666ap-south-1SM-11SageMaker Model Network Isolation CheckNo models found No action required Informational N/A
333333333333us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
444455556666ap-south-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found No action required Informational N/A
333333333333us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
444455556666ap-south-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found No action required Informational N/A
333333333333us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
444455556666ap-south-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access No action required Informational N/A
222222222222eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found
444455556666ap-south-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores found No action required Informational N/A
222222222222eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources found
444455556666ap-south-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found No action required Informational N/A
222222222222eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources found
444455556666ap-south-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs found No action required Informational N/A
222222222222eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration
444455556666ap-south-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs found No action required Informational N/A
222222222222eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources found
444455556666ap-south-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found No action required Informational N/A
222222222222eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found
444455556666ap-south-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found No action required Informational N/A
222222222222eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found
444455556666ap-south-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found No action required Informational N/A
222222222222eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
444455556666ap-south-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment. Informational N/A
222222222222eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
444455556666ap-south-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor. No action requiredInformationalN/AMediumPassed
222222222222eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
444455556666ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found. No action requiredLowPassed
444455556666ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-01 SageMaker Internet Access Check No SageMaker notebook instances or domains found to check Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-02 SageMaker SSO Configuration Check No SageMaker domains found, or all domains use SSO with IAM Identity Center configured Medium Passed
222222222222eu-west-1
444455556666sa-east-1 SM-03 Data Protection Check No SageMaker resources found to check for data protection Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-04 GuardDuty Enabled Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. Medium Passed
222222222222eu-west-1
444455556666sa-east-1 SM-05 SageMaker Model Registry Issue No model package groups found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-05 SageMaker Feature Store Issue No feature groups found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-05 SageMaker Pipelines Issue No ML pipelines found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-06 SageMaker Clarify No Clarify Usage No SageMaker Clarify jobs found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-07 SageMaker Model Monitor No Model Monitoring No Model Monitor schedules found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-08 Model Registry Registry Not Used Model Registry is not being utilized Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-09 SageMaker Notebook Root Access Check No notebook instances found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-10 SageMaker Notebook VPC Deployment Check No notebook instances found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-11 SageMaker Model Network Isolation Check No models found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-12 SageMaker Endpoint Instance Count Check No InService endpoints found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-13 SageMaker Monitoring Network Isolation Check No monitoring schedules found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-14 SageMaker Model Repository Access Check No models found or all use default Platform access Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-15 SageMaker Feature Store Encryption Check No feature groups with offline stores found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-16 SageMaker Data Quality Job Encryption Check No data quality job definitions found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-17 SageMaker Processing Job Encryption Check No processing jobs found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-18 SageMaker Transform Job Encryption Check No transform jobs found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-19 SageMaker Hyperparameter Tuning Job Encryption Check No hyperparameter tuning jobs found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-20 SageMaker Compilation Job Encryption Check No compilation jobs found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-21 SageMaker AutoML Job Network Isolation Check No AutoML jobs found Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-22 Model Approval Workflow Check No model package groups found. Model Registry is not being used for model governance. Informational N/A
222222222222eu-west-1
444455556666sa-east-1 SM-23 Model Drift Detection Check No InService endpoints found to monitor. Medium Passed
222222222222eu-west-1
444455556666sa-east-1 SM-24 A/B Testing and Shadow Deployment Check No InService endpoints found. Low Passed
222222222222eu-west-1
444455556666sa-east-1 SM-25 ML Lineage Tracking - Experiments Not Used No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized. Informational N/A
222222222222GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredHighPassed
222222222222us-east-1
444455556666us-west-2 SM-01 SageMaker Internet Access Check No SageMaker notebook instances or domains found to check Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-02 SageMaker SSO Configuration Check No SageMaker domains found, or all domains use SSO with IAM Identity Center configured Medium Passed
222222222222us-east-1
444455556666us-west-2 SM-03 Data Protection Check No SageMaker resources found to check for data protection Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-04 GuardDuty Enabled Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. Medium Passed
222222222222us-east-1
444455556666us-west-2 SM-05 SageMaker Model Registry Issue No model package groups found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-05 SageMaker Feature Store Issue No feature groups found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-05 SageMaker Pipelines Issue No ML pipelines found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-06 SageMaker Clarify No Clarify Usage No SageMaker Clarify jobs found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-07 SageMaker Model Monitor No Model Monitoring No Model Monitor schedules found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-08 Model Registry Registry Not Used Model Registry is not being utilized Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-09 SageMaker Notebook Root Access Check No notebook instances found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-10 SageMaker Notebook VPC Deployment Check No notebook instances found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-11 SageMaker Model Network Isolation Check No models found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-12 SageMaker Endpoint Instance Count Check No InService endpoints found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-13 SageMaker Monitoring Network Isolation Check No monitoring schedules found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-14 SageMaker Model Repository Access Check No models found or all use default Platform access Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-15 SageMaker Feature Store Encryption Check No feature groups with offline stores found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-16 SageMaker Data Quality Job Encryption Check No data quality job definitions found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-17 SageMaker Processing Job Encryption Check No processing jobs found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-18 SageMaker Transform Job Encryption Check No transform jobs found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-19 SageMaker Hyperparameter Tuning Job Encryption Check No hyperparameter tuning jobs found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-20 SageMaker Compilation Job Encryption Check No compilation jobs found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-21 SageMaker AutoML Job Network Isolation Check No AutoML jobs found Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-22 Model Approval Workflow Check No model package groups found. Model Registry is not being used for model governance. Informational N/A
222222222222us-east-1
444455556666us-west-2 SM-23 Model Drift Detection Check No InService endpoints found to monitor. Medium Passed
222222222222us-east-1
444455556666us-west-2 SM-24 A/B Testing and Shadow Deployment Check No InService endpoints found. Low Passed
222222222222us-east-1
444455556666us-west-2 SM-25 ML Lineage Tracking - Experiments Not Used No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized. Informational N/A
222222222222us-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
222222222222eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
222222222222ap-southeast-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
222222222222ap-southeast-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
222222222222ap-southeast-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
222222222222ap-southeast-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
222222222222ap-southeast-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
222222222222ap-southeast-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templatesInformationalN/A
222222222222ap-southeast-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
222222222222ap-southeast-2BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.InformationalN/A
222222222222ap-southeast-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
222222222222ap-southeast-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
222222222222ap-southeast-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
222222222222ap-southeast-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-01 SageMaker Internet Access Check No SageMaker notebook instances or domains found to check Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-02 SageMaker SSO Configuration Check No SageMaker domains found, or all domains use SSO with IAM Identity Center configured Medium Passed
222222222222ap-southeast-2
777788889999ap-south-1 SM-03 Data Protection Check No SageMaker resources found to check for data protection Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-04 GuardDuty Enabled Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. Medium Passed
222222222222ap-southeast-2
777788889999ap-south-1 SM-05 SageMaker Model Registry Issue No model package groups found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-05 SageMaker Feature Store Issue No feature groups found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-05 SageMaker Pipelines Issue No ML pipelines found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-06 SageMaker Clarify No Clarify Usage No SageMaker Clarify jobs found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-07 SageMaker Model Monitor No Model Monitoring No Model Monitor schedules found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-08 Model Registry Registry Not Used Model Registry is not being utilized Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-09 SageMaker Notebook Root Access Check No notebook instances found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-10 SageMaker Notebook VPC Deployment Check No notebook instances found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-11 SageMaker Model Network Isolation Check No models found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-12 SageMaker Endpoint Instance Count Check No InService endpoints found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-13 SageMaker Monitoring Network Isolation Check No monitoring schedules found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-14 SageMaker Model Repository Access Check No models found or all use default Platform access Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-15 SageMaker Feature Store Encryption Check No feature groups with offline stores found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-16 SageMaker Data Quality Job Encryption Check No data quality job definitions found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-17 SageMaker Processing Job Encryption Check No processing jobs found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-18 SageMaker Transform Job Encryption Check No transform jobs found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-19 SageMaker Hyperparameter Tuning Job Encryption Check No hyperparameter tuning jobs found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-20 SageMaker Compilation Job Encryption Check No compilation jobs found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-21 SageMaker AutoML Job Network Isolation Check No AutoML jobs found Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-22 Model Approval Workflow Check No model package groups found. Model Registry is not being used for model governance. Informational N/A
222222222222ap-southeast-2
777788889999ap-south-1 SM-23 Model Drift Detection Check No InService endpoints found to monitor. Medium Passed
222222222222ap-southeast-2
777788889999ap-south-1 SM-24 A/B Testing and Shadow Deployment Check No InService endpoints found. Low Passed
222222222222ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
222222222222GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
222222222222GlobalBR-03Marketplace Subscription Access CheckNo identities found with overly permissive marketplace subscription accessNo action requiredMediumPassed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
222222222222
777788889999 GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumSM-02SageMaker Full Access Policy UsedRole 'aiml-sec-test-resources-SageMakerFullAccessRole-ZREdSNCErx2S' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHigh Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
777788889999us-east-1SM-01Direct Internet Access EnabledSageMaker notebook instance 'aiml-sec-test-notebook-with-internet' has direct internet access enabledConfigure the notebook instance to use VPC connectivity and disable direct internet accessHigh Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
777788889999us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-ilmtsfeenavc' (aiml-sec-test-domain-fail-028e1010-52cbf970) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHigh Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
777788889999us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-cmz7ohkxxop3' (aiml-sec-test-domain-fail-fef4e7f0-bb429d11) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHigh Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on 2025-08-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-7zl8skw96ppk' (aiml-sec-test-domain-pass-028e1010-3dba8b08) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured. Medium Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-ilmtsfeenavc' (aiml-sec-test-domain-fail-028e1010-52cbf970) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured. Medium Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-uqjoi05f0zzp' (aiml-sec-test-domain-pass-fef4e7f0-51d1e898) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured. Medium Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-cmz7ohkxxop3' (aiml-sec-test-domain-fail-fef4e7f0-bb429d11) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured. Medium Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'resco-aiml-security-23026-BedrockSecurityAssessment-xNwSsmlzindY' last accessed Bedrock on 2026-04-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
777788889999us-east-1SM-03Missing Encryption ConfigurationNotebook Instance 'aiml-sec-test-notebook-with-internet' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHigh Failed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.Medium
777788889999us-east-1SM-03Missing Encryption ConfigurationDomain 'aiml-sec-test-domain-fail-028e1010-52cbf970' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHigh Failed
222222222222
777788889999 us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/ASM-03Missing Encryption ConfigurationDomain 'aiml-sec-test-domain-fail-fef4e7f0-bb429d11' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
222222222222
777788889999 us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/ASM-03Missing Encryption ConfigurationTraining Job 'aiml-sec-test-training-no-encryption-028e1010-e2fb8765' - No output encryption configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighFailed
222222222222
777788889999 us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/ASM-03Missing VPC EncryptionTraining Job 'aiml-sec-test-training-no-encryption-028e1010-e2fb8765' - Inter-container traffic encryption not enabledEnable encryption for inter-container traffic and VPC communicationMediumFailed
222222222222
777788889999 us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageSM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. No action requiredInformationalN/A
222222222222us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templatesInformationalN/AMediumPassed
222222222222
777788889999 us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/ASM-05SageMaker Model Registry IssueModel group 'aiml-sec-test-model-package-group' has minimal versioningImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentLowFailed
222222222222
777788889999 us-east-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment Informational N/A
222222222222
777788889999 us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesSM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection Informational N/A
222222222222
777788889999 us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredSM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules Informational N/A
222222222222
777788889999 us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/ASM-08Model Registry Empty Model GroupModel group aiml-sec-test-model-package-group has no registered modelsImplement proper model versioning and approval workflowsLowFailed
222222222222
777788889999 us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
222222222222GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access foundNo action requiredSM-09SageMaker Notebook Root Access EnabledNotebook instance 'aiml-sec-test-notebook-with-internet' has root access enabled. Root access allows users to install arbitrary software, modify system configurations, and potentially escalate privileges.Disable root access by updating the notebook instance with RootAccess=Disabled. Note: Lifecycle configurations will still run with root access. HighPassed
222222222222GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (62 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
222222222222GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMedium Failed
222222222222GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.Medium
777788889999us-east-1SM-10SageMaker Notebook Not in VPCNotebook instance 'aiml-sec-test-notebook-with-internet' is not deployed in a custom VPC. This uses SageMaker's service VPC with reduced network isolation.Create the notebook instance within a custom VPC by specifying SubnetId and SecurityGroupIds. This provides network isolation and allows use of VPC endpoints.High Failed
222222222222
777788889999 us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/ASM-11SageMaker Model Network Isolation DisabledModel 'SageMakerModelNoIsolation-yQ7EpJeL7pgI' does not have network isolation enabled. Model containers can make outbound network calls, potentially exfiltrating data.Enable network isolation by setting EnableNetworkIsolation=True when creating models. This prevents containers from making outbound network calls.HighFailed
222222222222
777788889999 us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundSM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found No action required Informational N/A
222222222222
777788889999 us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundSM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found No action required Informational N/A
222222222222
777788889999 us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/ASM-14SageMaker Model Platform Repository AccessModel 'SageMakerModelWithIsolation-JASFpUHjajdk' uses Platform repository access mode. Container images are pulled from public/external registries, exposing supply chain risks.Configure RepositoryAccessMode=Vpc in ImageConfig to pull images from private ECR repositories through VPC. This provides supply chain security.MediumFailed
222222222222
777788889999 us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/ASM-14SageMaker Model Platform Repository AccessModel 'SageMakerModelNoIsolation-yQ7EpJeL7pgI' uses Platform repository access mode. Container images are pulled from public/external registries, exposing supply chain risks.Configure RepositoryAccessMode=Vpc in ImageConfig to pull images from private ECR repositories through VPC. This provides supply chain security.MediumFailed
222222222222
777788889999 us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/ASM-15SageMaker Feature Store Offline Encryption MissingFeature group 'aiml-sec-test-feature-group' offline store does not have KMS encryption configured. Feature data in S3 may not be encrypted with customer-managed keys.Configure KmsKeyId in OfflineStoreConfig.S3StorageConfig when creating feature groups to encrypt offline store data with customer-managed KMS keys.MediumFailed
222222222222
777788889999 us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundSM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found No action required Informational N/A
222222222222
777788889999 us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesSM-17SageMaker Processing Job Encryption CheckAll 1 processing jobs have volume encryption configured No action requiredInformationalN/AMediumPassed
222222222222
777788889999 us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundSM-18SageMaker Transform Job Encryption CheckAll 1 transform jobs have volume encryption configured No action requiredInformationalN/AMediumPassed
222222222222
777788889999 us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
222222222222ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundSM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found No action required Informational N/A
222222222222ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources found
777788889999us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found No action required Informational N/A
222222222222ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources found
777788889999us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found No action required Informational N/A
222222222222ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration
777788889999us-east-1SM-22Model Approval Workflow CheckChecked 1 model package groups. Approval workflows appear to be properly configured. No action requiredInformationalN/AMediumPassed
222222222222ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources found
777788889999us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor. No action requiredInformationalN/AMediumPassed
222222222222ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources found
777788889999us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found. No action requiredInformationalN/ALowPassed
222222222222ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
777788889999us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
222222222222ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
777788889999eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check No action required Informational N/A
222222222222ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
777788889999eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configured No action requiredInformationalN/AMediumPassed
222222222222ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protection No action required Informational N/A
222222222222
777788889999 eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivitySM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads. No action requiredInformationalN/AMediumPassed
222222222222
777788889999 eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredSM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
222222222222
777788889999 eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredSM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production Informational N/A
222222222222
777788889999 eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredSM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment Informational N/A
222222222222
777788889999 eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templatesSM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection Informational N/A
222222222222
777788889999 eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredSM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules Informational N/A
222222222222
777788889999 eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows Informational N/A
222222222222
777788889999 eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesSM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required Informational N/A
222222222222
777788889999 eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountSM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found No action required Informational N/A
222222222222
777788889999 eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionSM-11SageMaker Model Network Isolation CheckNo models foundNo action required Informational N/A
222222222222
777788889999 eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountSM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found No action required Informational N/A
-
-
-
Risk Distribution
-

Pass Rate by Severity

-
-
HIGH
14.8%
9 of 61 checks passed
-
MEDIUM
20.5%
39 of 190 checks passed
-
LOW
52.9%
9 of 17 checks passed
-
Overall
21.3%
57 of 268 actionable checks
-
-

Risk by Account

-
111111111111
146
42 High · 101 Med · 3 Low
222222222222
14
0 High · 14 Med · 0 Low
333333333333
45
10 High · 34 Med · 1 Low
-

Risk by Region

-
ap-southeast-2
0
0 High · 0 Med · 0 Low
eu-west-1
0
0 High · 0 Med · 0 Low
us-east-1
80
28 High · 48 Med · 4 Low
-

Findings by Service

-
-
Bedrock
209
107 Failed · 3 Passed
-
SageMaker
252
10 Failed · 37 Passed
-
AgentCore
123
37 Failed · 2 Passed
-
Financial Services Risk
139
51 Failed · 15 Passed
-
-
-
-
Amazon Bedrock Findings
-
-
-
-
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111GlobalBR-01AmazonBedrockFullAccess role checkRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111111111111GlobalBR-01AmazonBedrockFullAccess role checkRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111111111111GlobalBR-01AmazonBedrockFullAccess role checkRole 'myAskMeAnything-role-kmsizqwf' has AmazonBedrockFullAccess policy attachedLimit the AmazonBedrockFullAccess policy only to required accessHighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-cdk_agent_core'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-neoCyan_Agent'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_knnc9'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_qxqw2'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'myAskMeAnything-role-kmsizqwf' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-20pp' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockAPIKey-yhc3' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-03Marketplace Subscription Access CheckUser 'BedrockClientUser' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole '111111111111-us-east-1-kb-bedrock-service-role' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole '111111111111-us-east-1-kb-setup-function-role' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'agentcore-wildrydes_gateway_role_ab3991f6-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' last accessed Bedrock on 2025-12-21You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D' last accessed Bedrock on 2024-06-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ' last accessed Bedrock on 2025-04-27You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_072pr' last accessed Bedrock on 2024-06-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_byjin' last accessed Bedrock on 2024-11-17You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_h9718' last accessed Bedrock on 2024-11-17You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' last accessed Bedrock on 2026-01-01You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' last accessed Bedrock on 2025-12-28You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_semicon' last accessed Bedrock on 2024-09-01You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_xtwwd' last accessed Bedrock on 2025-10-13You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_y9m7f' last accessed Bedrock on 2025-04-27You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonQInvestigationRole-DefaultInvestigationGroup-8vxyjh' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonSageMaker-ExecutionRole-20231014T200029' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonSageMaker-ExecutionRole-20250525T153161' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'aws-api-mcp-server-execution-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action required MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on 2024-11-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSVAPTAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-west-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'BedrockCognitoFederatedRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-111111111111-us-east-1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-west-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-111111111111-us-west-2' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cfn-contextualChatBot-usi-LambdaExecutionRoleForKno-aHg3J0xel6VU' last accessed Bedrock on 2024-03-25You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' last accessed Bedrock on 2025-12-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CustomerSupportStackInfra-CustomerSupportLambdaRole-ujGGiNU6KEnI' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
777788889999us-west-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'e2ebedrockrag-KbRoleStack-2YO19O2NS6FP-KbRole-OgMxcvrnZrHZ' last accessed Bedrock on 2025-11-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'fsi-genai-workshop-bedrock-kb-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'fsi-genai-workshop-lambda-execution-role' last accessed Bedrock on 2025-12-28You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'fsi-genai-workshop-websocket-lambda-role' last accessed Bedrock on 2025-12-28You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-BDASAMPLEPROJECT-SGJRDJI15S-LambdaExecutionRole-MCRJbTEDuyKt' last accessed Bedrock on 2025-08-24You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-ChatWithDocumentResolverFunctionRole-ATyH7GeR2ad1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-DOCUMENTBEDROCKKB-CY8-StartIngestionJobFunction-NjNLRuUn8qtp' last accessed Bedrock on 2025-08-24You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-EvaluationFunctionRole-LQdnEMAdwWPe' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-PATTERN1STACK-TNHNKPK-ProcessResultsFunctionRol-8z8mNwa6RahP' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-PATTERN1STACK-TNHNKPK-SummarizationFunctionRole-MY6sxSMvFNr4' last accessed Bedrock on 2025-10-07You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-PATTERN1STACK-TNHNKPKJY4Q-InvokeBDAFunctionRole-pLHufEKQ0Nu4' last accessed Bedrock on 2025-10-07You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDP-QueryKnowledgeBaseResolverFunctionRole-p9Mcpfk0BA6z' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999us-west-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action required MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' last accessed Bedrock on 2024-07-30You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999us-west-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'LLMEvaluationPromptfoo-Aurora-Bedrock-Role' last accessed Bedrock on 2025-12-30You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'LLMEvaluationPromptfoo-LambdaExecutionRole-umo63kVrhIoy' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' last accessed Bedrock on 2025-12-30You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
777788889999sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required MediumFailedPassed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'Meeting-Note-Bot-Role' last accessed Bedrock on 2025-10-22You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'myAskMeAnything-role-kmsizqwf' last accessed Bedrock on 2024-01-04You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
777788889999sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'resco-aiml-security-19304-BedrockSecurityAssessment-kgYUbi1MIbbb' last accessed Bedrock on 2026-04-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'SAT-PrereqTest-CodeBuildRole-SATv2Stack-PreReqs' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'threat-designer-role' last accessed Bedrock on 2025-07-02You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckUser 'BedrockAPIKey-yhc3' last accessed Bedrock on 2026-04-19You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckUser 'BedrockClientUser' last accessed Bedrock on 2025-04-06You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
777788889999sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
111111111111us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
777788889999sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found No action required Informational N/A
111111111111us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
777788889999sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access No action required Informational N/A
111111111111us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
777788889999sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores found No action required Informational N/A
111111111111us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
777788889999sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found No action required Informational N/A
111111111111us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
777788889999sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required Informational N/A
111111111111us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
777788889999sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs found No action required Informational N/A
111111111111us-east-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
777788889999sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required Informational N/A
111111111111us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
777788889999sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required Informational N/A
111111111111us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
777788889999sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found No action required Informational N/A
111111111111us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
777788889999sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment. Informational N/A
111111111111us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
777788889999sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor. No action requiredMediumPassed
777788889999sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
777788889999sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
111111111111ap-southeast-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
+
+
+
Amazon Bedrock AgentCore Findings
+
+
+
+
+
+
+ +
+
+ + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111122223333ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
111122223333ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
111122223333ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
111122223333ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
111111111111ap-southeast-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
111122223333ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required Informational N/A
111111111111ap-southeast-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
111122223333ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
111111111111ap-southeast-2BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
111122223333ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required Informational N/A
111111111111ap-southeast-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
111122223333ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required Informational N/A
111111111111ap-southeast-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
111122223333ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
111111111111ap-southeast-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
111122223333ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required Informational N/A
111111111111ap-southeast-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
111122223333us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
111111111111eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
111122223333us-west-2AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
111111111111eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
111122223333us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
111111111111eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
111122223333us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
111111111111eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
111122223333us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
111111111111eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
111122223333us-west-2AC-13AgentCore Gateway Configuration CheckFound 1 Gateway resourcesNo action requiredMediumPassed
111122223333us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required Informational N/A
111111111111eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
111122223333us-west-2AC-10AgentCore Resource-Based Policies MissingThe following AgentCore resources do not have resource-based policies: Gateway 'aws-news-mcp'. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to: +1. Implement defense-in-depth access control +2. Enable cross-account access control +3. Restrict access based on source VPC or IP +4. Implement hierarchical authorization for Agent RuntimesHighFailed
111122223333us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
111111111111eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
111122223333us-west-2AC-12AgentCore Gateway Encryption MissingThe following Gateways do not use customer-managed KMS encryption: 'aws-news-mcp'. Gateway configuration data uses AWS-managed keys.1. Create gateways with customer-managed KMS keys for additional control +2. AWS-managed keys are single-tenant and region-specific +3. Consider CMK for enhanced audit capabilities and key rotation controlLowFailed
111122223333GlobalAC-02AgentCore IAM Full Access PolicyThe following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161Replace with least-privilege policies scoped to specific AgentCore resources and actionsHighFailed
111122223333GlobalAC-02AgentCore IAM Wildcard PermissionsThe following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-roleScope permissions to specific AgentCore resources using resource ARNsHighFailed
111122223333GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (199 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (199 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (199 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (82 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
111122223333GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CloudSeerTrustedServiceRole', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW'Review and remove unused AgentCore permissions following least privilege principle Informational N/A
111111111111eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
111122223333GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
111122223333us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111122223333us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111122223333us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111122223333us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111122223333us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111111111111eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
111111111111eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
111111111111eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
111122223333us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
333333333333GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
111122223333us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
333333333333GlobalBR-03Marketplace Subscription Access CheckRole 'ProwlerApp-EC2-Role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.High
111122223333us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-customer_support_agent' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLow Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-origami_expeditions' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailed
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifacts Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AmazonBedrockExecutionRoleForKnowledgeBase_7erx6' last accessed Bedrock on 2025-05-13You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifacts Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifacts Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifacts Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifacts Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'AWSVAPTAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-07AgentCore Memory EncryptionMemory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keys Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-333333333333-us-east-1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-07AgentCore Memory EncryptionMemory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keys Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-333333333333-us-east-2' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-07AgentCore Memory EncryptionMemory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keys Medium Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-333333333333-us-west-2' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
111122223333us-east-1AC-13AgentCore Gateway Configuration CheckFound 2 Gateway resourcesNo action required MediumPassed
111122223333us-east-1AC-08AgentCore VPC Endpoints MissingNo AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.Create VPC interface endpoints for AgentCore services: +1. com.amazonaws.region.bedrock-agentcore +2. com.amazonaws.region.bedrock-agentcore-control +3. com.amazonaws.region.bedrock-agentcore-runtime +This enables private connectivity via AWS PrivateLinkHighFailed
111122223333us-east-1AC-10AgentCore Resource-Based Policies MissingThe following AgentCore resources do not have resource-based policies: Runtime 'origami_expeditions', Runtime 'neoCyan_Agent', Runtime 'customer_support_agent', Runtime 'cdk_agent_core', Runtime 'awsapimcpserver' and 2 more. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to: +1. Implement defense-in-depth access control +2. Enable cross-account access control +3. Restrict access based on source VPC or IP +4. Implement hierarchical authorization for Agent RuntimesHighFailed
111122223333us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
111122223333us-east-1AC-12AgentCore Gateway Encryption MissingThe following Gateways do not use customer-managed KMS encryption: 'customersupport-gw', 'wildrydes-gateway-ab3991f6'. Gateway configuration data uses AWS-managed keys.1. Create gateways with customer-managed KMS keys for additional control +2. AWS-managed keys are single-tenant and region-specific +3. Consider CMK for enhanced audit capabilities and key rotation controlLow Failed
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
111122223333sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
111122223333sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'Nova-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerApp-EC2-Role' last accessed Bedrock on 2026-03-29You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerScanRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'resco-aiml-security-mgmt-BedrockSecurityAssessmentF-espswsHIf9by' last accessed Bedrock on 2026-04-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
333333333333GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111122223333eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
333333333333us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
111122223333eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
333333333333us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
111122223333eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
333333333333us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
111122223333eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
333333333333us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
111122223333eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found No action required Informational N/A
333333333333us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required Informational N/A
333333333333us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
333333333333us-east-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required Informational N/A
333333333333us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
444455556666ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required Informational N/A
333333333333us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
444455556666ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
333333333333us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
444455556666ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required Informational N/A
333333333333us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
444455556666ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
333333333333ap-southeast-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
444455556666ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
333333333333ap-southeast-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
444455556666ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
444455556666ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
444455556666us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
333333333333ap-southeast-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
444455556666us-west-2AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
333333333333ap-southeast-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
444455556666us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
333333333333ap-southeast-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required Informational N/A
333333333333ap-southeast-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
333333333333ap-southeast-2BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666us-west-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required Informational N/A
333333333333ap-southeast-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
444455556666us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required Informational N/A
333333333333ap-southeast-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
444455556666us-west-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
333333333333ap-southeast-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
444455556666us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required Informational N/A
333333333333ap-southeast-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
444455556666us-west-2AC-12AgentCore Gateway Encryption CheckNo Gateways found No action required Informational N/A
333333333333eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
444455556666sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
333333333333eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
444455556666sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
333333333333eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
444455556666sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
333333333333eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
444455556666sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
333333333333eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required Informational N/A
333333333333eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
333333333333eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required Informational N/A
333333333333eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
444455556666sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required Informational N/A
333333333333eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
444455556666sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
333333333333eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
444455556666sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required Informational N/A
333333333333eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
444455556666GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access found No action requiredHighPassed
444455556666GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (82 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
444455556666GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Review and remove unused AgentCore permissions following least privilege principle Informational N/A
222222222222ap-southeast-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
444455556666GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
444455556666us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
222222222222ap-southeast-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
444455556666us-east-1AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
222222222222ap-southeast-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
444455556666us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
222222222222ap-southeast-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
444455556666us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
222222222222ap-southeast-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required Informational N/A
222222222222ap-southeast-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
222222222222ap-southeast-2BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required Informational N/A
222222222222ap-southeast-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
444455556666us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required Informational N/A
222222222222ap-southeast-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
444455556666us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
222222222222ap-southeast-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
444455556666us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required Informational N/A
222222222222ap-southeast-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
444455556666eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
222222222222GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policy
444455556666eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources found No action requiredHighPassedInformationalN/A
222222222222GlobalBR-03Marketplace Subscription Access CheckNo identities found with overly permissive marketplace subscription access
444455556666eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources found No action requiredMediumPassed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on 2025-08-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'resco-aiml-security-23026-BedrockSecurityAssessment-xNwSsmlzindY' last accessed Bedrock on 2026-04-18You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
222222222222GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailedInformationalN/A
222222222222us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
444455556666eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
222222222222us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
444455556666eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
222222222222us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
444455556666eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
222222222222us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
444455556666eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
222222222222us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
444455556666eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required Informational N/A
222222222222us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
444455556666eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
222222222222us-east-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
444455556666eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required Informational N/A
222222222222us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
777788889999ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required Informational N/A
222222222222us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
777788889999ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
222222222222us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
777788889999ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required Informational N/A
222222222222us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
777788889999ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
222222222222eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity
777788889999ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
222222222222eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging
777788889999ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
222222222222eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
777788889999ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
222222222222eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
777788889999ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
222222222222eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
777788889999ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required Informational N/A
222222222222eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
777788889999ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways found No action required Informational N/A
222222222222eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
777788889999us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required Informational N/A
222222222222eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
777788889999us-west-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required Informational N/A
222222222222eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
777788889999us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
222222222222eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
777788889999us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required Informational N/A
222222222222eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account
777788889999us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
-
-
-
Amazon SageMaker Findings
-
-
-
-
-
-
- -
-
- - - - - + + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - - - - - - - - - - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - - + + + + + + - - + + - - - + + + - - - - - - - - - - - - + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - + + + - + - - - - - - - +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check
777788889999us-west-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
111111111111ap-southeast-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configured
777788889999us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action requiredMediumPassedInformationalN/A
111111111111ap-southeast-2SM-03Data Protection CheckNo SageMaker resources found to check for data protection
777788889999us-west-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
111111111111ap-southeast-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
777788889999us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action requiredMediumPassed
111111111111ap-southeast-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
111111111111ap-southeast-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
777788889999us-west-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required Informational N/A
111111111111ap-southeast-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
777788889999sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required Informational N/A
111111111111ap-southeast-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
777788889999sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required Informational N/A
111111111111ap-southeast-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
777788889999sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required Informational N/A
111111111111ap-southeast-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
777788889999sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required Informational N/A
111111111111ap-southeast-2SM-09SageMaker Notebook Root Access CheckNo notebook instances found
777788889999sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
111111111111ap-southeast-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found
777788889999sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
111111111111ap-southeast-2SM-11SageMaker Model Network Isolation CheckNo models found
777788889999sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
777788889999sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
111111111111ap-southeast-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found
777788889999sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
111111111111ap-southeast-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access
777788889999sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways found No action required Informational N/A
111111111111ap-southeast-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores found
777788889999eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found
777788889999eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs found
777788889999eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs found
777788889999eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action required Informational N/A
111111111111ap-southeast-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found
777788889999eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources found No action required Informational N/A
111111111111ap-southeast-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found
777788889999eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
111111111111ap-southeast-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found
777788889999eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
777788889999eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required Informational N/A
111111111111ap-southeast-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.
777788889999eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action requiredMediumPassedInformationalN/A
111111111111ap-southeast-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.
777788889999eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found No action requiredLowPassed
111111111111ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20231014T200029' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMaker-ExecutionRole-20250525T153161' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'AmazonSageMakerServiceCatalogProductsExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111111111111GlobalSM-02SageMaker Full Access Policy UsedRole 'EMR_EC2_DefaultRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailed
111111111111
777788889999 GlobalSM-02SageMaker Full Access Policy UsedRole 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeAC-02AgentCore IAM Wildcard PermissionsThe following roles have wildcard AgentCore permissions on all resources: aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOVScope permissions to specific AgentCore resources using resource ARNs High Failed
111111111111
777788889999 GlobalSM-02SageMaker Full Access Policy UsedRole 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighFailedAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOV', role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Review and remove unused AgentCore permissions following least privilege principleInformationalN/A
111111111111
777788889999 GlobalSM-02SageMaker Full Access Policy UsedRole 'SageMaker-EMR-ExecutionRole' has AmazonSageMakerFullAccess policy attachedReplace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilegeHighAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.Medium Failed
111111111111
777788889999 us-east-1SM-01Non-VPC Only Network AccessSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is not configured for VPC-only accessConfigure the SageMaker domain to use VPC-only network access typeHighFailedAC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
111111111111
777788889999 us-east-1SM-02SSO Not Properly ConfiguredSageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is using authentication mode: IAMEnable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.MediumFailedAC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
111111111111
777788889999 us-east-1SM-03Missing Encryption ConfigurationDomain 'QuickSetupDomain-20250525T153160' - No KMS key configuredConfigure encryption using AWS KMS customer managed keys for enhanced securityHighAC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'aiml-sec-test-agentcore-no-encryption' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLow Failed
111111111111
777788889999 us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configuration No action requiredMediumPassed
111111111111us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
111111111111
777788889999 us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionAC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required Informational N/A
111111111111
777788889999 us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentAC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required Informational N/A
111111111111
777788889999 us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionAC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required Informational N/A
111111111111
777788889999 us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesAC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required Informational N/A
111111111111
777788889999 us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsAC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required Informational N/A
111111111111
777788889999 us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundAC-12AgentCore Gateway Encryption CheckNo Gateways found No action required Informational N/A
111111111111us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found
+
+
Agentic AI Security Findings
Scope: API-provable Agentic AI security controls mapped to the AWS Well-Architected Agentic AI Lens security guidance. Human-in-the-loop governance is referenced in methodology but not scored automatically unless an AWS API can prove the control.
+ + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - - + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - - - - - - - - - - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - + + + + + + + + + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - - - + + + - - - - - - + + + + + + - - - + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111122223333ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
111111111111us-east-1SM-11SageMaker Model Network Isolation CheckNo models found
111122223333ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
111111111111us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
111122223333ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
111111111111us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found
111122223333ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
111111111111us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
111122223333ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
111111111111us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
111122223333ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
111111111111us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
111122223333ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
111111111111us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
111122223333ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
111111111111us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
111122223333ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
111111111111us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found
111122223333ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333us-west-2AG-24Agentic AI Gateway Inbound AuthorizationGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) uses authorizerType CUSTOM_JWT. No action requiredHighPassed
111122223333us-west-2AG-25Agentic AI Gateway Tool Policy Enforcement MissingGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) does not have a policy engine configuration. Tool calls are not evaluated by AgentCore policy enforcement.Attach an AgentCore policy engine to the gateway and use ENFORCE mode for production tool authorization.HighFailed
111122223333us-west-2AG-26Agentic AI Gateway Error Detail ExposureGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) does not expose DEBUG-level exception detail.No action requiredMediumPassed
111122223333us-west-2AG-27Agentic AI Gateway WAF Protection MissingGateway 'aws-news-mcp' (aws-news-mcp-vx9kxwqv9p) is not associated with an AWS WAF web ACL.Associate an AWS WAF web ACL with internet-facing AgentCore gateways to add request filtering and abuse protection.LowFailed
111122223333us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
111122223333us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
111122223333us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
111122223333us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
111111111111
111122223333us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: The following AgentCore resources do not have resource-based policies: Gateway 'aws-news-mcp'. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.HighFailed
111122223333us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: The following Gateways do not use customer-managed KMS encryption: 'aws-news-mcp'. Gateway configuration data uses AWS-managed keys.Configure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.LowFailed
111122223333 us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredAG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: Model invocation logging is properly configured with delivery to: Amazon S3, CloudWatch LogsEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.MediumPassed
111122223333us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: CloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETEEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.MediumPassed
111122223333GlobalAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Check must run in AWS Organizations management account to evaluate organizational policiesUse IAM and organization controls to require approved guardrails for model and agent invocations where supported. Informational N/A
111111111111
111122223333 us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredAG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Configure model or application evaluations that include adversarial, safety, and security-relevant test cases.MediumFailed
111122223333us-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111
111122223333 us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111
111122223333 us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredAG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: 11 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Configure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.LowPassed
111122223333us-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: 1 guardrails have complete content filter coverage (hate, insults, sexual, violence)Configure guardrails with appropriate content filters and thresholds for all agent-facing workloads.LowPassed
111122223333us-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: Guardrail 'nist-ai-rmf-guardrail' (ID: do7xkmhadx7k) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure automated reasoning policies on guardrails where formal response validation is required. MediumFailed
111122223333us-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: 1 guardrails have sensitive-information (PII) filters configuredConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.Low Passed
111111111111
111122223333 us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredAG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: 1 guardrails have contextual grounding checks enabledEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Low Passed
111111111111
111122223333 us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required
111122223333us-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required
111122223333us-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Configure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. MediumPassedFailed
111111111111eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required
111122223333ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111122223333ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111122223333ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
111122223333ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111122223333ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111122223333ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
111122223333ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
111122223333ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
111111111111eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
111122223333ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
111122223333ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
111122223333ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
111122223333ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
111122223333ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
111122223333us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: Model invocation logging is not enabled. This limits your ability to track and audit model usage.Enable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.MediumFailed
111122223333us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: CloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETEEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.MediumPassed
111122223333us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Configure model or application evaluations that include adversarial, safety, and security-relevant test cases.MediumFailed
111122223333us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
111122223333us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
111122223333us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: 7 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Configure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.LowPassed
111122223333us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) is missing content filters: HATE, VIOLENCE, SEXUAL, INSULTS. Complete content filter coverage is essential for comprehensive content safety.Configure guardrails with appropriate content filters and thresholds for all agent-facing workloads.HighFailed
111122223333us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have an Automated Reasoning policy configured. Automated Reasoning provides formal verification of model responses against defined policies.Configure automated reasoning policies on guardrails where formal response validation is required.MediumFailed
111122223333us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) has no sensitive-information filters configured (no PII entities or regex patterns). Prompts and model responses are not screened for sensitive data such as PII.Configure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.HighFailed
111122223333us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: Guardrail 'Sample-Guardrail' (ID: mmi5rrre65gv) does not have contextual grounding checks enabled. Without grounding and relevance checks, the guardrail cannot detect hallucinated (ungrounded) or off-topic model responses.Enable contextual grounding checks on guardrails for RAG and tool-using agent workflows.MediumFailed
111122223333us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
111122223333us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
111122223333us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Configure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.MediumFailed
111122223333sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
111122223333sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
111122223333sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
111122223333sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
111122223333sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
111122223333sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
111122223333sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
111122223333sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
111122223333sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
111122223333sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
111122223333sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.
111122223333sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111122223333sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
111122223333us-east-1AG-24Agentic AI Gateway Inbound AuthorizationGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) uses authorizerType CUSTOM_JWT. No action requiredMediumHigh Passed
111111111111eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.
111122223333us-east-1AG-25Agentic AI Gateway Tool Policy Enforcement MissingGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) does not have a policy engine configuration. Tool calls are not evaluated by AgentCore policy enforcement.Attach an AgentCore policy engine to the gateway and use ENFORCE mode for production tool authorization.HighFailed
111122223333us-east-1AG-26Agentic AI Gateway Error Detail ExposureGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) does not expose DEBUG-level exception detail. No action requiredMediumPassed
111122223333us-east-1AG-27Agentic AI Gateway WAF Protection MissingGateway 'customersupport-gw' (customersupport-gw-oxqopzjxae) is not associated with an AWS WAF web ACL.Associate an AWS WAF web ACL with internet-facing AgentCore gateways to add request filtering and abuse protection. LowFailed
111122223333us-east-1AG-24Agentic AI Gateway Inbound AuthorizationGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) uses authorizerType CUSTOM_JWT.No action requiredHigh Passed
111111111111eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
111122223333us-east-1AG-25Agentic AI Gateway Tool Policy Enforcement MissingGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) does not have a policy engine configuration. Tool calls are not evaluated by AgentCore policy enforcement.Attach an AgentCore policy engine to the gateway and use ENFORCE mode for production tool authorization.HighFailed
111122223333us-east-1AG-26Agentic AI Gateway Error Detail ExposureGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) does not expose DEBUG-level exception detail.No action requiredMediumPassed
111122223333us-east-1AG-27Agentic AI Gateway WAF Protection MissingGateway 'wildrydes-gateway-ab3991f6' (wildrydes-gateway-ab3991f6-jrlh9ok6ya) is not associated with an AWS WAF web ACL.Associate an AWS WAF web ACL with internet-facing AgentCore gateways to add request filtering and abuse protection.LowFailed
111122223333GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: The following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161Replace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighFailed
111122223333GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: The following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-roleReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighFailed
111122223333GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (199 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (199 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (199 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (82 days)Remove or restrict stale AgentCore permissions for principals that no longer need access.MediumFailed
111122223333GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CloudSeerTrustedServiceRole', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW'Remove or restrict stale AgentCore permissions for principals that no longer need access. Informational N/A
333333333333eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.Configure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.HighFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
333333333333eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. MediumPassedFailed
333333333333eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configuredEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.MediumFailed
333333333333eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required
111122223333us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabledEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. MediumPassedFailed
333333333333eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
111122223333us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: Memory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configuredConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.MediumFailed
333333333333eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
111122223333us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: Memory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configuredConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.MediumFailed
333333333333eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
111122223333us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: Memory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configuredConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.MediumFailed
333333333333eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
111122223333us-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.Create required VPC endpoints for AgentCore services and validate endpoint availability.HighFailed
333333333333eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
111122223333us-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: The following AgentCore resources do not have resource-based policies: Runtime 'origami_expeditions', Runtime 'neoCyan_Agent', Runtime 'customer_support_agent', Runtime 'cdk_agent_core', Runtime 'awsapimcpserver' and 2 more. Without RBPs, access control relies solely on identity-based policies.Attach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.HighFailed
333333333333eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
111122223333us-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances found
111122223333us-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: The following Gateways do not use customer-managed KMS encryption: 'customersupport-gw', 'wildrydes-gateway-ab3991f6'. Gateway configuration data uses AWS-managed keys.Configure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.LowFailed
111122223333sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found
111122223333sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1SM-11SageMaker Model Network Isolation CheckNo models found
111122223333sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
111122223333sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
111122223333sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
333333333333eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
111122223333sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
333333333333eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
111122223333sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
333333333333eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
111122223333sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
333333333333eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
111122223333sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
333333333333eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
111122223333sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
111122223333sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333
111122223333 eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredAG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
333333333333
111122223333 eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredAG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
333333333333
111122223333 eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
333333333333eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
333333333333eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
333333333333
111122223333 eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
333333333333GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredHighPassed
333333333333us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required
111122223333eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
333333333333us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
333333333333us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required
111122223333eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
333333333333us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
333333333333us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
111122223333eu-west-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
111122223333eu-west-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
333333333333us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
111122223333eu-west-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
333333333333us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
111122223333eu-west-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
333333333333us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
111122223333eu-west-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
333333333333us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
111122223333eu-west-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
333333333333us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
111122223333eu-west-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
333333333333us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances found
111122223333eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found
111122223333eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-11SageMaker Model Network Isolation CheckNo models found
111122223333eu-west-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
111122223333eu-west-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
111122223333eu-west-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
333333333333us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
111122223333eu-west-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
333333333333us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
111122223333eu-west-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
333333333333us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
111122223333eu-west-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
333333333333us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
111122223333eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
333333333333us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs found
111122223333eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111122223333eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs found
444455556666ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found
444455556666ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found
444455556666ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
444455556666ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
333333333333us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
333333333333us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
333333333333us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
444455556666ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
333333333333ap-southeast-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required
444455556666ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
333333333333ap-southeast-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
333333333333ap-southeast-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required
444455556666ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333ap-southeast-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
333333333333ap-southeast-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
444455556666ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
333333333333ap-southeast-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
444455556666ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
333333333333ap-southeast-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
444455556666ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
333333333333ap-southeast-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
444455556666ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
333333333333ap-southeast-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
444455556666ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
333333333333ap-southeast-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
444455556666ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
333333333333ap-southeast-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
444455556666ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
333333333333ap-southeast-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
444455556666ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
333333333333ap-southeast-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
444455556666ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
333333333333ap-southeast-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
444455556666ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
333333333333ap-southeast-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
444455556666ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
333333333333ap-southeast-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
444455556666ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
444455556666us-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
444455556666us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
444455556666GlobalAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Check must run in AWS Organizations management account to evaluate organizational policiesUse IAM and organization controls to require approved guardrails for model and agent invocations where supported. Informational N/A
333333333333ap-southeast-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
444455556666us-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
333333333333ap-southeast-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
444455556666us-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
333333333333ap-southeast-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
444455556666us-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
333333333333ap-southeast-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
444455556666us-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
333333333333ap-southeast-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
444455556666us-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
333333333333ap-southeast-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
444455556666us-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
333333333333ap-southeast-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
444455556666us-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
333333333333ap-southeast-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
444455556666us-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
333333333333ap-southeast-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
444455556666us-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
333333333333ap-southeast-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666us-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
333333333333ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
444455556666us-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
222222222222eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to check
444455556666us-west-2AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configured
444455556666us-west-2AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action requiredMediumPassedInformationalN/A
222222222222eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protection
444455556666us-west-2AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
444455556666us-west-2AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action requiredMediumPassed
222222222222eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment Informational N/A
222222222222eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
444455556666us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
222222222222eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
444455556666us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
222222222222eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
444455556666us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
222222222222eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
444455556666us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
222222222222eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
444455556666us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
222222222222eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
444455556666us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
444455556666us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222eu-west-1SM-11SageMaker Model Network Isolation CheckNo models found
444455556666sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
444455556666sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found
444455556666sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform access
444455556666sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
444455556666sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
222222222222eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
444455556666sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
222222222222eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
444455556666sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
222222222222eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
444455556666sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
222222222222eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
444455556666sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
222222222222eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
444455556666sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
444455556666sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222
444455556666 eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
222222222222eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
222222222222eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
222222222222
444455556666 eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
222222222222GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredHighPassed
222222222222us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required
444455556666eu-west-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
222222222222us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666eu-west-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
222222222222us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required
444455556666eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
222222222222us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
222222222222us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
444455556666eu-west-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
222222222222us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
444455556666eu-west-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
222222222222us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
444455556666eu-west-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
222222222222us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
444455556666eu-west-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
222222222222us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
444455556666eu-west-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
222222222222us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
444455556666eu-west-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
222222222222us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
444455556666eu-west-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
222222222222
444455556666 us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundAG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
222222222222
444455556666 us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundAG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
222222222222
444455556666 us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundAG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
222222222222
444455556666 us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundAG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
222222222222us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
444455556666GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: No roles with overly permissive AgentCore access foundReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighPassed
444455556666GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (82 days)Remove or restrict stale AgentCore permissions for principals that no longer need access.MediumFailed
444455556666GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Remove or restrict stale AgentCore permissions for principals that no longer need access. Informational N/A
222222222222
444455556666 us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredAG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
222222222222
444455556666 us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredAG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
222222222222
444455556666 us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredAG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
222222222222
444455556666 us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredAG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
222222222222
444455556666 us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredAG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
222222222222
444455556666 us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredAG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222
444455556666 us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundAG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
444455556666eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
222222222222us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
444455556666eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action required Informational N/A
222222222222us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.
444455556666eu-west-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action requiredMediumPassedInformationalN/A
222222222222us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.
444455556666eu-west-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action requiredLowPassedInformationalN/A
222222222222us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
444455556666eu-west-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
222222222222ap-southeast-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action required
444455556666eu-west-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
222222222222ap-southeast-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
444455556666eu-west-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
222222222222ap-southeast-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action required
444455556666eu-west-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
222222222222ap-southeast-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
444455556666eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
222222222222ap-southeast-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
444455556666eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222ap-southeast-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
444455556666eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222ap-southeast-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
444455556666sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
222222222222ap-southeast-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
444455556666sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
222222222222ap-southeast-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
444455556666sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
222222222222ap-southeast-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
444455556666sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
222222222222ap-southeast-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
444455556666sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
222222222222ap-southeast-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
444455556666sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
222222222222ap-southeast-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
444455556666sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
222222222222ap-southeast-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
444455556666sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
222222222222ap-southeast-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
444455556666sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
222222222222ap-southeast-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
444455556666sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
222222222222ap-southeast-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
444455556666sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
222222222222ap-southeast-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
444455556666sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
222222222222ap-southeast-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
444455556666sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
222222222222ap-southeast-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
444455556666us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
222222222222ap-southeast-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
444455556666us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
222222222222ap-southeast-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
444455556666us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
222222222222ap-southeast-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
444455556666us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
222222222222ap-southeast-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
444455556666us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
222222222222ap-southeast-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
222222222222ap-southeast-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
444455556666us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
222222222222ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
444455556666us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
-
-
-
Amazon Bedrock AgentCore Findings
-
-
-
-
-
-
- -
-
- - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - - - + + + - - + + - - - - - - + + + + + + - - + + - - - - - - - + + + + + + + - - - - - - - - - - + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required
444455556666us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
444455556666us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
444455556666us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
444455556666us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required
444455556666us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
444455556666us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found
777788889999ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
777788889999ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
777788889999ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
111111111111GlobalAC-02AgentCore IAM Full Access PolicyThe following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161Replace with least-privilege policies scoped to specific AgentCore resources and actionsHighFailed
111111111111GlobalAC-02AgentCore IAM Wildcard PermissionsThe following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-roleScope permissions to specific AgentCore resources using resource ARNsHighFailed
111111111111GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (179 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (179 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (179 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (62 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
111111111111GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMediumFailed
111111111111GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
111111111111us-east-1AC-01AgentCore Runtime VPC ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)HighFailed
777788889999ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
777788889999ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
777788889999ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
777788889999ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
777788889999ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
777788889999ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
777788889999ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
777788889999sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
777788889999sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime CloudWatch LogsRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configuredEnable CloudWatch Logs for monitoring and troubleshootingMediumFailed
777788889999sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
111111111111us-east-1AC-04AgentCore Runtime X-Ray TracingRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabledEnable X-Ray tracing for distributed tracing and performance analysisMediumFailed
777788889999sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111111111111us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-customer_support_agent' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailed
777788889999sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111111111111us-east-1AC-05AgentCore ECR Repository AWS-Managed KeysECR repository 'bedrock-agentcore-origami_expeditions' uses AWS-managed keys instead of customer-managed KMS keysConsider using customer-managed KMS keys for better control and audit capabilitiesLowFailed
777788889999sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
111111111111us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
777788889999sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
111111111111us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
777788889999sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
111111111111us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
777788889999sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
111111111111us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
777788889999sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
111111111111us-east-1AC-06AgentCore Runtime Storage ConfigurationRuntime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have storage configuration for browser toolsConfigure S3 storage for browser tool session recordings and artifactsMediumFailed
777788889999sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
111111111111us-east-1AC-07AgentCore Memory EncryptionMemory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysMediumFailed
777788889999sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111111111111us-east-1AC-07AgentCore Memory EncryptionMemory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysMediumFailed
777788889999sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
111111111111us-east-1AC-07AgentCore Memory EncryptionMemory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configuredEnable encryption with customer-managed KMS keysMediumFailed
777788889999eu-west-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
777788889999eu-west-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111us-east-1AC-08AgentCore VPC Endpoints MissingNo AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.Create VPC interface endpoints for AgentCore services: -1. com.amazonaws.region.bedrock-agentcore -2. com.amazonaws.region.bedrock-agentcore-control -3. com.amazonaws.region.bedrock-agentcore-runtime -This enables private connectivity via AWS PrivateLinkHighFailed
777788889999eu-west-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
111111111111us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
777788889999eu-west-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required
777788889999eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required
777788889999eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111
777788889999 eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredAG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111
777788889999 eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredAG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111
777788889999 eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredAG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111
777788889999 eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredAG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111
777788889999 eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredAG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111
777788889999 eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredAG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
777788889999eu-west-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
777788889999ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
777788889999ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
777788889999ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
777788889999ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required
777788889999ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required
777788889999ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
333333333333ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required
777788889999ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
333333333333ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
777788889999ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
333333333333ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
777788889999ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
333333333333ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
777788889999ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
333333333333ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required
777788889999ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
333333333333ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
777788889999ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
333333333333ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
777788889999ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
333333333333ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
777788889999us-west-2AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
333333333333ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
777788889999us-west-2AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
333333333333ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999us-west-2AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found
777788889999us-west-2AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
777788889999us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
333333333333eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
777788889999us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
333333333333eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
777788889999us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
333333333333eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required
777788889999us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
333333333333eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
777788889999us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
333333333333eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
777788889999us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
777788889999us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
777788889999sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
333333333333eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
333333333333GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access found
777788889999sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action requiredHighPassed
333333333333GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-mgmt-AgentCoreSecurityAssessmen-JrbYHkz9UslU' (62 days)Review and remove unused AgentCore permissions following least privilege principleMediumFailed
333333333333GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMediumFailed
333333333333GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailedInformationalN/A
333333333333us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources found
777788889999sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
777788889999sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
333333333333us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
777788889999sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
333333333333us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
777788889999sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
333333333333us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required
777788889999sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
333333333333us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
777788889999sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
333333333333us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
777788889999sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
777788889999sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
333333333333us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
777788889999eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
333333333333us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
222222222222
777788889999 eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundAG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
222222222222
777788889999 eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundAG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
222222222222
777788889999 eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredAG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
222222222222
777788889999 eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredAG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
222222222222
777788889999 eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredAG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
222222222222
777788889999 eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredAG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
777788889999eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
777788889999eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222
777788889999 eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredAG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
777788889999us-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found
777788889999us-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
222222222222eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways found
777788889999us-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
222222222222GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access found
777788889999us-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action requiredHighPassedInformationalN/A
222222222222
777788889999 GlobalAC-03AgentCore Stale AccessThe following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (62 days)Review and remove unused AgentCore permissions following least privilege principleMediumAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: The following roles have wildcard AgentCore permissions on all resources: aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOVReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.High Failed
222222222222
777788889999 GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMediumFailedAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'aiml-sec-test-resources-AgentCoreOverlyPermissiveRo-IQso7VQN0jOV', role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Remove or restrict stale AgentCore permissions for principals that no longer need access.InformationalN/A
222222222222GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
777788889999us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
222222222222
777788889999 us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredAG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
222222222222
777788889999 us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredAG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
222222222222
777788889999 us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredAG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
222222222222
777788889999 us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredAG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
222222222222
777788889999 us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredAG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222
777788889999 us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredAG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
222222222222
777788889999 us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredAG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: Model invocation logging is not enabled. This limits your ability to track and audit model usage.Enable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.MediumFailed
777788889999us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: CloudTrail is properly configured to log Bedrock API activity in trails: IsengardTrail-DO-NOT-DELETEEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.MediumPassed
777788889999GlobalAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Check must run in AWS Organizations management account to evaluate organizational policiesUse IAM and organization controls to require approved guardrails for model and agent invocations where supported. Informational N/A
222222222222
777788889999 us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredAG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No Bedrock model evaluation jobs found. Model evaluation helps assess toxicity, accuracy, semantic robustness, and other safety metrics before production deployment.Configure model or application evaluations that include adversarial, safety, and security-relevant test cases.MediumFailed
777788889999us-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
222222222222
777788889999 us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredAG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: 9 custom throttling quotas are configured. Regular quota review helps maintain appropriate rate limits.Configure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.LowPassed
777788889999us-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: Guardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Configure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
222222222222
777788889999 us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredAG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: Guardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Configure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
222222222222ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action required
777788889999us-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: Guardrail 'aiml-sec-test-test-guardrail' (ID: jkceg2tprvwh) could not be assessed because GetGuardrail returned AccessDeniedException.Enable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
222222222222ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required
777788889999us-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: 1 agents have an associated guardrailAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.LowPassed
777788889999us-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No CloudWatch alarms are configured on Amazon Bedrock runtime metrics (AWS/Bedrock namespace). Without alarms, abuse, denial-of-wallet, sustained throttling, and content-filter spikes can go undetected.Configure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.MediumFailed
777788889999us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
222222222222ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required
777788889999us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
222222222222ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
777788889999us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
222222222222ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required
777788889999us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
222222222222ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
777788889999us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
222222222222ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
777788889999us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
222222222222ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
777788889999us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
222222222222ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required
777788889999us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
222222222222ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required
777788889999us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
-
-
Financial Services GenAI Risk Findings
Scope: this assessment records findings against each resolved CloudFormation TargetRegions entry. These checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption. Severities follow a documented Likelihood × Impact methodology (see docs).
- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111
777788889999us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
777788889999us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
777788889999us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
777788889999us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
+
Financial Services GenAI Risk Findings
Scope: this assessment records findings against each resolved CloudFormation TargetRegions entry. These checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption. Severities follow a documented Likelihood × Impact methodology (see docs).
+ @@ -15063,8 +35378,22 @@

Low

- - + + + + + + + + + + + + + @@ -15076,8 +35405,21 @@

Medium

- - + + + + + + + + + + + + + @@ -15087,22 +35429,41 @@

Medium

- - + + + + + + + + + + + + + - - - + + + - + + + + + + + + + + + + - - + + @@ -15114,9 +35475,36 @@

Medium

- - - + + + + + + + + + + + + + + + + + + + + + + + + + @@ -15128,8 +35516,8 @@

Medium

- - + + @@ -15141,8 +35529,21 @@

Medium

- - + + + + + + + + + + + + + @@ -15152,8 +35553,19 @@

Informational

- - + + + + + + + + + + + + + @@ -15163,12 +35575,37 @@

High

- - + + + + + + + + + + + + + - + + + + + + + + + + + + - - + + @@ -15188,8 +35625,19 @@

Informational

- - + + + + + + + + + + + + + @@ -15202,8 +35650,22 @@

Medium

- - + + + + + + + + + + + + + @@ -15215,8 +35677,21 @@

High

- - + + + + + + + + + + + + + @@ -15226,8 +35701,19 @@

Medium

- - + + + + + + + + + + + + + @@ -15237,8 +35723,19 @@

Medium

- - + + + + + + + + + + + + + @@ -15250,19 +35747,43 @@

Medium

- - + + + + + + + + + + + + + - + + + + + + + + + + + + - - + + @@ -15272,25 +35793,68 @@

Informational

- - + + + + + + + + + + + + + - + + + + + + + + + + + + - - + + - + + + + + + + + + + + +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocationJobs' on Resource '*' (no ARN scoping to specific Knowledge Bases) + - - + + @@ -15317,8 +35881,21 @@

Informational

- - + + + + + + + + + + + + + @@ -15328,8 +35905,19 @@

High

- - + + + + + + + + + + + + + @@ -15339,45 +35927,108 @@

High

- - + + + + + + + + + + + + + - - - + + + - - + + + + + + + + + + + + + - - + + - - - - - - + + + + + + - - + + + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + @@ -15389,8 +36040,8 @@

Informational

- - + + @@ -15403,14 +36054,44 @@

Informational

- - + + + + + + + + + + + + + + + + + + + + + + + + - - + + @@ -15433,23 +36114,62 @@

Informational

- - + + + + + + + + + + + + + - + + + + + + + + + + + + - - + + - + + + + + + + + + + + + - - + + @@ -15472,20 +36192,59 @@

Informational

- - + + + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + @@ -15497,19 +36256,36 @@

Informational

- - + + - - - + + + - - + + + + + + + + + + + + + - - + + @@ -15522,8 +36298,22 @@

High

- - + + + + + + + + + + + + + @@ -15536,8 +36326,22 @@

Informational

- - + + + + + + + + + + + + + @@ -15550,8 +36354,22 @@

High

- - + + + + + + + + + + + + + @@ -15564,8 +36382,22 @@

Medium

- - + + + + + + + + + + + + + @@ -15578,8 +36410,22 @@

High

- - + + + + + + + + + + + + + @@ -15589,41 +36435,85 @@

High

- - + + + + + + + + + + + + + - - - + + + - - + + + + + + + + + + + + + - - + + - + - - + + + + + + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - - + + @@ -15633,8 +36523,19 @@

Medium

- - + + + + + + + + + + + + + @@ -15646,30 +36547,73 @@

Informational

- - + + + + + + + + + + + + + - - - + + + - + + + + + + + + + + + + - - + + - - - - - - + + + + + + + + + + + + + + + + + - - + + @@ -15682,8 +36626,22 @@

Medium

- - + + + + + + + + + + + + + @@ -15693,8 +36651,19 @@

Informational

- - + + + + + + + + + + + + + @@ -15708,8 +36677,23 @@

Informational

- - + + + + + + + + + + + + + @@ -15722,8 +36706,22 @@

Medium

- - + + + + + + + + + + + + + @@ -15733,8 +36731,19 @@

Informational

- - + + + + + + + + + + + + + @@ -15747,8 +36756,22 @@

Informational

- - + + + + + + + + + + + + + @@ -15761,20 +36784,58 @@

Informational

- - + + + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + @@ -15785,23 +36846,50 @@

Informational

- - + + - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + @@ -15812,8 +36900,8 @@

Informational

- - + + @@ -15823,14 +36911,40 @@

Medium

- - + + + + + + + + + + + + + +- 111122223333-us-east-1-kb-data-bucket + + + + + + + + + + + @@ -15838,8 +36952,8 @@

Medium

- - + + @@ -15857,16 +36971,56 @@

High

- - + + + + + + + + + + + + + + + + + + + + + + + + @@ -15878,8 +37032,8 @@

High

- - + + @@ -15892,19 +37046,99 @@

Medium

- - + + + + + + + + + + + + + - + + + + + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -15914,19 +37148,30 @@

Informational

- - - + + + + + + + + + + + + + + - + - - + + @@ -15939,8 +37184,8 @@

Low

- - + + @@ -15952,8 +37197,8 @@

Medium

- - + + @@ -15963,22 +37208,19 @@

Informational

- - + + - - - + + + - + - - + + @@ -15990,8 +37232,8 @@

Medium

- - + + @@ -16004,8 +37246,8 @@

Medium

- - + + @@ -16017,19 +37259,19 @@

Medium

- - + + - - + + - - + + - - + + @@ -16039,12 +37281,12 @@

Informational

- - + + - + - - + + @@ -16064,8 +37306,8 @@

Informational

- - + + @@ -16078,8 +37320,8 @@

Medium

- - + + @@ -16091,19 +37333,21 @@

High

- - + + - - - + + + - + - - + + @@ -16113,8 +37357,8 @@

Medium

- - + + @@ -16126,62 +37370,64 @@

Medium

- - + + - + - - + + - - - - - - + + + + + + - - + + - - - + + + - - + + - - + + - - +- Role 'aiml-sec-test-resources-BedrockAgentRole-RScmoTZfp2sC' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockAgentRole-RScmoTZfp2sC' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockAgentRoleWithoutGuar-Z3kN5ANhP89G' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockAgentRoleWithoutGuar-Z3kN5ANhP89G' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-sec-test-resources-BedrockFullAccessRole-zAFkGLkWQ61a' allows 'bedrock:*' +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:ListModelInvocationJobs' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-a7GKJ6O4151K' allows 'bedrock:GetModelInvocationLoggingConfiguration' on Resource '*' (no ARN scoping to specific Knowledge Bases) + - - + + @@ -16193,8 +37439,8 @@

Informational

- - + + @@ -16204,8 +37450,8 @@

High

- - + + @@ -16215,44 +37461,51 @@

High

- - + + - - - - - + + + + + - - + + - - - - - - + + + + + + - - + + - - - - - + + + + + - - + + @@ -16265,8 +37518,8 @@

Informational

- - + + @@ -16279,13 +37532,13 @@

Informational

- - + + - - + + @@ -16308,8 +37561,8 @@

Informational

- - + + @@ -16319,12 +37572,12 @@

Medium

- - + + - + - - + + @@ -16347,19 +37600,22 @@

Informational

- - + + - - - - - + + + + + - - + + @@ -16372,19 +37628,22 @@

Informational

- - + + - - - - - + + + + + - - + + @@ -16397,8 +37656,8 @@

High

- - + + @@ -16411,8 +37670,8 @@

Informational

- - + + @@ -16425,8 +37684,8 @@

High

- - + + @@ -16439,8 +37698,8 @@

Medium

- - + + @@ -16453,8 +37712,8 @@

High

- - + + @@ -16467,41 +37726,47 @@

High

- - + + - - - - - + + + + + - - + + - - - + + + - - + + - - + + - - - - - + + + + + - - + + @@ -16511,8 +37776,8 @@

Medium

- - + + @@ -16524,41 +37789,47 @@

Informational

- - + + - - - - - - + + + + + + - - + + - - - - - + + + + + - - + + - + - - + + @@ -16568,8 +37839,8 @@

Informational

- - + + @@ -16583,8 +37854,8 @@

Informational

- - + + @@ -16597,8 +37868,8 @@

Medium

- - + + @@ -16608,8 +37879,8 @@

Informational

- - + + @@ -16622,8 +37893,8 @@

Informational

- - + + @@ -16636,19 +37907,22 @@

Informational

- - + + - - - - - + + + + + - - + + @@ -16660,22 +37934,22 @@

Informational

- - + + - - - - - - + + + + + + - - + + @@ -16687,8 +37961,8 @@

Informational

- - + + @@ -16698,8 +37972,8 @@

Medium

- - + + @@ -16712,8 +37986,8 @@

Medium

- - + + @@ -16723,15 +37997,13 @@

Informational

- - + + - - + + @@ -16753,67 +38025,56 @@

Informational

- - + + - + - - - - - - - - - - - - - - + + + - + - - - + + + - + - - - + + + - + - - - + + + - + @@ -16824,7 +38085,7 @@

Severity Levels & Status Values

Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111122223333 us-east-1 FS-01 AWS Shield Advanced Not EnabledFailed
111111111111
111122223333us-west-2FS-01AWS Shield Advanced Not EnabledAWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.1. Subscribe to AWS Shield Advanced for DDoS protection. +2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection. +3. Enable Shield Response Team (SRT) access and configure proactive engagement. +4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.LowFailed
111122223333 us-east-1 FS-01 No Regional WAF Web ACLs FoundFailed
111111111111
111122223333us-west-2FS-01No Regional WAF Web ACLs FoundNo AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP). +2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock. +3. Add AWS Managed Rules for known bad inputs.MediumFailed
111122223333 us-east-1 FS-02 API Gateway Usage Plans Missing ThrottleFailed
111111111111
111122223333us-west-2FS-02API Gateway Usage Plans Missing ThrottleUsage plans without throttling: myAskMeAnything-UsagePlan. Unbounded API calls can exhaust Bedrock token quotas and inflate costs.Set rateLimit and burstLimit on all usage plans associated with GenAI API stages. Consider per-consumer API keys with individual quotas.MediumFailed
111122223333 us-east-1 FS-03Bedrock Token Quotas At DefaultAll 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.1. Review current Bedrock TPM/TPD quotas in the Service Quotas console. -2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review. -3. Implement client-side token counting and pre-flight quota checks. -4. Use Bedrock cross-region inference profiles to distribute load.Bedrock Token Quotas CustomizedFound 236 Bedrock token-based quota(s); at least one applied value exceeds the AWS default, indicating quotas have been reviewed and raised.No action required. Periodically re-review quotas against expected peak load. MediumN/APassed
111122223333us-west-2FS-03Bedrock Token Quotas CustomizedFound 236 Bedrock token-based quota(s); at least one applied value exceeds the AWS default, indicating quotas have been reviewed and raised.No action required. Periodically re-review quotas against expected peak load.MediumPassed
111111111111
111122223333 us-east-1 FS-04 No Cost Anomaly Detection MonitorsFailed
111111111111us-east-1
111122223333us-west-2FS-04No Cost Anomaly Detection MonitorsNo AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker. +2. Configure alert subscriptions (SNS/email) for anomalies above threshold. +3. Set daily spend budgets with AWS Budgets as a secondary control.MediumFailed
111122223333us-east-1FS-05No Bedrock CloudWatch Alarms FoundNo CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Create CloudWatch alarms for: +- AWS/Bedrock InvocationThrottles (threshold > 0) +- AWS/Bedrock TokensProcessed (threshold based on quota) +- Custom application-level token counters via EMFMediumFailed
111122223333us-west-2 FS-05 No Bedrock CloudWatch Alarms Found No CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.Failed
111111111111
111122223333 us-east-1 FS-06 No AI/ML Service Budgets ConfiguredFailed
111111111111
111122223333us-west-2FS-06No AI/ML Service Budgets ConfiguredNo AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds. +2. Add SNS notifications to on-call channels. +3. Consider budget actions to apply IAM deny policies when thresholds are breached.MediumFailed
111122223333 us-east-1 FS-07 Agent Action Boundary CheckN/A
111111111111
111122223333us-west-2FS-07Agent Action Boundary CheckNo Bedrock agents found.No action required.InformationalN/A
111122223333 us-east-1 FS-08 AgentCore Runtimes Missing Policy EngineFailed
111111111111
111122223333us-west-2FS-08AgentCore Runtimes Missing Policy EngineRuntimes without authorizer configuration: origami_expeditions, neoCyan_Agent, customer_support_agent, cdk_agent_core, awsapimcpserver. Without a policy engine, agents can invoke any registered tool without authorization checks.Configure an authorizer (Lambda or Cedar policy store) on each AgentCore runtime to enforce fine-grained tool-call authorization.HighFailed
111122223333 us-east-1 FS-09 Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-111111111111-FinServAssessment, resco-aiml-IAMPermissionCaching, aiml-security-aiml-security-111111111111-SagemakerAssessment, resco-aiml-CleanupBucket, aiml-security-aiml-security-111111111111-BedrockAssessment, resco-aiml-BedrockAssessment, aiml-security-aiml-security-111111111111-CleanupBucket, aiml-security-aiml-security-111111111111-AgentCoreAssessment, e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Unlimited concurrency allows runaway agent loops to exhaust account limits.Agent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-111122223333-FinServAssessment, resco-aiml-IAMPermissionCaching, aiml-security-aiml-security-111122223333-SagemakerAssessment, resco-aiml-CleanupBucket, aiml-security-aiml-security-111122223333-BedrockAssessment, resco-aiml-BedrockAssessment, aiml-security-aiml-security-111122223333-CleanupBucket, aiml-security-aiml-security-111122223333-AgentCoreAssessment, e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Unlimited concurrency allows runaway agent loops to exhaust account limits.1. Set reserved concurrency on agent Lambda functions. +2. Implement maximum iteration counts in agent orchestration logic. +3. Use Step Functions with MaxConcurrency and timeout states. +4. Add circuit-breaker patterns to agent tool invocations.MediumFailed
111122223333us-west-2FS-09Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-111122223333-FinServAssessment, resco-aiml-IAMPermissionCaching, aiml-security-aiml-security-111122223333-SagemakerAssessment, resco-aiml-CleanupBucket, aiml-security-aiml-security-111122223333-BedrockAssessment, resco-aiml-BedrockAssessment, aiml-security-aiml-security-111122223333-CleanupBucket, aiml-security-aiml-security-111122223333-AgentCoreAssessment, e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Unlimited concurrency allows runaway agent loops to exhaust account limits. 1. Set reserved concurrency on agent Lambda functions. 2. Implement maximum iteration counts in agent orchestration logic. 3. Use Step Functions with MaxConcurrency and timeout states. @@ -15177,8 +35614,8 @@

Medium

Failed
111111111111
111122223333 us-east-1 FS-10 Human-in-the-Loop Check — No Agent Workflows FoundN/A
111111111111
111122223333us-west-2FS-10Human-in-the-Loop Check — No Agent Workflows FoundNo Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.InformationalN/A
111122223333 us-east-1 FS-11 No Agent Rate Alarms FoundFailed
111111111111
111122223333us-west-2FS-11No Agent Rate Alarms FoundNo CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.Create CloudWatch alarms on: +- Bedrock agent invocation counts (threshold based on expected max) +- Lambda invocation errors for agent functions +- Step Functions execution failures and timeoutsMediumFailed
111122223333 us-east-1 FS-12 No Bedrock-Scoped SCPs FoundFailed
111111111111
111122223333us-west-2FS-12No Bedrock-Scoped SCPs FoundNo Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list. +2. Use bedrock:ModelId condition key to allowlist approved models. +3. Maintain a model inventory and update the SCP when models are approved/retired.HighFailed
111122223333 us-east-1 FS-13 Model Provenance Tags PresentPassed
111111111111
111122223333us-west-2FS-13Model Provenance Tags PresentAll reviewed models have required provenance tags.No action required.MediumPassed
111122223333 us-east-1 FS-14 Model Governance Config Rules PresentPassed
111111111111
111122223333us-west-2FS-14Model Governance Config Rules PresentFound 11 model-related Config rule(s).No action required.MediumPassed
111122223333 us-east-1 FS-15 No Bedrock Evaluation Jobs FoundFailed
111111111111
111122223333us-west-2FS-15No Bedrock Evaluation Jobs FoundNo Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.1. Run Bedrock Model Evaluation with adversarial/red-team datasets. +2. Use FMEval library for automated robustness testing. +3. Schedule periodic re-evaluation after model updates.MediumFailed
111122223333 us-east-1 FS-16 ECR Repositories Without Image Scanning4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111111111111-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111122223333-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.HighFailed
111122223333us-west-2FS-16ECR Repositories Without Image Scanning4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111122223333-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions. Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection. High Failed
111111111111
111122223333 us-east-1 FS-20 No SageMaker Feature Groups FoundN/A
111111111111
111122223333us-west-2FS-20No SageMaker Feature Groups FoundNo SageMaker Feature Store groups found.No action required.InformationalN/A
111122223333 us-east-1 FS-21 Training Data Buckets Without Versioning13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111111111111-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111111111111-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111111111111-huo1mvme4t.13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111122223333-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111122223333-huo1mvme4t.Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning.HighFailed
111122223333us-west-2FS-21Training Data Buckets Without Versioning13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111122223333-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111122223333-huo1mvme4t. Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning. High Failed
111111111111
111122223333 us-east-1 FS-22 Overly Permissive Knowledge Base IAM Roles722 role(s) with wildcard KB permissions: -- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases) + 827 role(s) with wildcard KB permissions: +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'Admin' allows '*' +- Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*' +- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'Agentic-AI-MCP-Strands-SDK-Works-VSCodeInstanceRole-NCTUnlnRBFO6' allows '*' +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocationJobs' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock:* with specific actions such as bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.HighFailed
111122223333us-west-2FS-22Overly Permissive Knowledge Base IAM Roles827 role(s) with wildcard KB permissions: +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases) +- Role '111122223333-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases) - Role 'Admin' allows '*' - Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*' - Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases) @@ -15298,14 +35862,14 @@

Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.

Replace wildcard bedrock:* with specific actions such as bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs. High Failed
111111111111
111122223333 us-east-1 FS-24 ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-24ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredFound 3 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.1. Add metadata fields (tenantId, dataClassification) to KB data sources. +2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls. +3. Validate filters in integration tests to prevent cross-tenant data leakage.InformationalN/A
111122223333 us-east-1 FS-25 OpenSearch Serverless Encryption Policies PresentPassed
111111111111
111122223333us-west-2FS-25OpenSearch Serverless Encryption Policies PresentFound 5 encryption policy(ies); 5 use a customer-managed KMS key.Verify all vector store collections use customer-managed KMS keys.HighPassed
111122223333 us-east-1 FS-26 OpenSearch Serverless Collections Not VPC-RestrictedFailed
111111111111
111122223333us-west-2FS-26OpenSearch Serverless Collections Not VPC-RestrictedFound 5 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.HighFailed
111122223333 us-east-1 FS-27No Guardrails — Contextual Grounding Not ApplicableNo Bedrock Guardrails configured. Configure guardrails first (see BR-05).Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).Contextual Grounding Enabled on GuardrailsGuardrails with contextual grounding: nist-ai-rmf-guardrail.No action required for contextual grounding. Also consider enabling Automated Reasoning checks for formal policy verification. InformationalN/AHighPassed
111122223333us-west-2FS-27Contextual Grounding Enabled on GuardrailsGuardrails with contextual grounding: nist-ai-rmf-guardrail.No action required for contextual grounding. Also consider enabling Automated Reasoning checks for formal policy verification.HighPassed
111111111111
111122223333 us-east-1 FS-27Automated Reasoning Policies — Access CheckAccess denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml. -2. Check for an Organizations SCP / permission boundary denying the action. -3. Confirm the assessed region supports Automated Reasoning checks. -4. Re-run the assessment after re-deploying.LowN/ANo Automated Reasoning Policies FoundNo Bedrock Automated Reasoning policies have been created. ARC (GA August 2025) uses formal verification to guarantee that GenAI outputs comply with authored business rules — e.g., loan criteria, regulatory thresholds, policy constraints. Without ARC policies, factual accuracy of outputs is not formally verified, only heuristically filtered by contextual grounding thresholds.1. In the Amazon Bedrock console → Guardrails → Automated Reasoning, create a policy document encoding your FinServ business rules (e.g., eligibility criteria, rate limits, regulatory thresholds). +2. Associate the ARC policy with your guardrail (automatedReasoningPolicy.policies field in CreateGuardrail/UpdateGuardrail). +3. Set confidenceThreshold on the policy to control strictness. +4. ARC requires cross-Region inference — ensure your guardrail has a guardrailProfileArn configured (crossRegionDetails in GetGuardrail response). +5. Reference: AWS Announcement — Automated Reasoning checks GA (August 2025).MediumFailed
111111111111
111122223333us-west-2FS-27No Automated Reasoning Policies FoundNo Bedrock Automated Reasoning policies have been created. ARC (GA August 2025) uses formal verification to guarantee that GenAI outputs comply with authored business rules — e.g., loan criteria, regulatory thresholds, policy constraints. Without ARC policies, factual accuracy of outputs is not formally verified, only heuristically filtered by contextual grounding thresholds.1. In the Amazon Bedrock console → Guardrails → Automated Reasoning, create a policy document encoding your FinServ business rules (e.g., eligibility criteria, rate limits, regulatory thresholds). +2. Associate the ARC policy with your guardrail (automatedReasoningPolicy.policies field in CreateGuardrail/UpdateGuardrail). +3. Set confidenceThreshold on the policy to control strictness. +4. ARC requires cross-Region inference — ensure your guardrail has a guardrailProfileArn configured (crossRegionDetails in GetGuardrail response). +5. Reference: AWS Announcement — Automated Reasoning checks GA (August 2025).MediumFailed
111122223333 us-east-1 FS-28No Guardrails — Denied Topics Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with denied topics for regulated financial content.Denied Topics Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides broader language support and improved detection for denied topics.Verify topics cover regulated financial advice categories. For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (set topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile on the guardrail). When authoring denied-topic policies, use existing compliance materials as the source: employee policies, training materials, procedure documents, and incident reports (PDF §1.2.1 Practical guidance).HighPassed
111122223333us-west-2FS-28Denied Topics Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides broader language support and improved detection for denied topics.Verify topics cover regulated financial advice categories. For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (set topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile on the guardrail). When authoring denied-topic policies, use existing compliance materials as the source: employee policies, training materials, procedure documents, and incident reports (PDF §1.2.1 Practical guidance).HighPassed
111122223333us-east-1FS-29ADVISORY: Compliance Disclaimer — Manual Review RequiredApplication-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.1. Implement post-processing to append required disclaimers to GenAI outputs. +2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures. +3. Document disclaimer requirements in the AI use case register. +4. Test disclaimer presence in QA/UAT before production deployment. Informational N/A
111111111111us-east-1
111122223333us-west-2 FS-29 ADVISORY: Compliance Disclaimer — Manual Review Required Application-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.N/A
111111111111
111122223333 us-east-1 FS-30 ADVISORY: Compliance Dataset Coverage — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-30ADVISORY: Compliance Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with compliance-specific datasets: +- Fair lending test cases (ECOA, Fair Housing Act) +- UDAP/UDAAP unfair/deceptive practice scenarios +- AML/KYC edge casesInformationalN/A
111122223333 us-east-1 FS-31 Knowledge Base Data Sources Past Review Threshold 2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): -- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 702 days ago -- KB '111111111111-us-east-1-kb' source '111111111111-us-east-1-kb-datasource' last synced 180 days ago +- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 722 days ago +- KB '111122223333-us-east-1-kb' source '111122223333-us-east-1-kb-datasource' last synced 199 days ago +Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. +2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. +3. Set CloudWatch alarms on sync job failures.MediumFailed
111122223333us-west-2FS-31Knowledge Base Data Sources Past Review Threshold2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): +- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 722 days ago +- KB '111122223333-us-east-1-kb' source '111122223333-us-east-1-kb-datasource' last synced 199 days ago Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently. 1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. 2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. @@ -15419,8 +36100,8 @@

Medium

Failed
111111111111
111122223333 us-east-1 FS-32 ADVISORY: Source Attribution — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-32ADVISORY: Source Attribution — Manual Review RequiredSource attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.1. Use Bedrock RetrieveAndGenerate with citations enabled. +2. Include source document references in response post-processing. +3. Test citation accuracy in QA before production deployment. +4. Consider Bedrock Guardrails grounding checks to validate response accuracy.InformationalN/A
111122223333 us-east-1 FS-33 KB Data Source Buckets Without VersioningKB data source S3 buckets without versioning: 111111111111-us-east-1-kb-data-bucket.KB data source S3 buckets without versioning: 111122223333-us-east-1-kb-data-bucket.Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection.MediumFailed
111122223333us-west-2FS-33KB Data Source Buckets Without VersioningKB data source S3 buckets without versioning: 111122223333-us-east-1-kb-data-bucket. Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection. Medium Failed
111111111111
111122223333 us-east-1 FS-34 Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.Legacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, anthropic.claude-opus-4-1-20250805-v1:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). +2. Migrate active usage to current model versions. +3. Document training-data cutoff dates for all models in use. +4. Add data-currency disclaimers to outputs from models with old cutoffs.InformationalN/A
111122223333us-west-2FS-34Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, anthropic.claude-opus-4-1-20250805-v1:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use. 1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). 2. Migrate active usage to current model versions. 3. Document training-data cutoff dates for all models in use. @@ -15458,8 +36178,8 @@

Informational

N/A
111111111111
111122223333 us-east-1 FS-35 ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-35ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation or FMEval with harmful content datasets: +- Toxicity detection +- Hate speech classification +- Violence/self-harm contentInformationalN/A
111122223333 us-east-1 FS-36No Guardrails — Content Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with content filters.Guardrail Content Filters on CLASSIC TierGuardrails with content filters: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides improved contextual understanding, typographical error detection, 60+ language support, and better prompt-attack classification (distinguishes jailbreaks from prompt injection).Consider upgrading to STANDARD tier content filters for FinServ workloads that handle multiple languages or require higher detection accuracy. STANDARD tier requires cross-region inference (crossRegionDetails.guardrailProfileArn on the guardrail). To upgrade: update the guardrail's contentPolicy.filtersConfig.contentFiltersTierConfig with tierName=STANDARD and configure a guardrail cross-region profile.HighPassed
111122223333us-west-2FS-36Guardrail Content Filters on CLASSIC TierGuardrails with content filters: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only. The STANDARD tier (GA June 2025) provides improved contextual understanding, typographical error detection, 60+ language support, and better prompt-attack classification (distinguishes jailbreaks from prompt injection).Consider upgrading to STANDARD tier content filters for FinServ workloads that handle multiple languages or require higher detection accuracy. STANDARD tier requires cross-region inference (crossRegionDetails.guardrailProfileArn on the guardrail). To upgrade: update the guardrail's contentPolicy.filtersConfig.contentFiltersTierConfig with tierName=STANDARD and configure a guardrail cross-region profile. HighPassed
111122223333us-east-1FS-37ADVISORY: User Feedback Mechanism — Manual Review RequiredUser feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.1. Implement thumbs-up/down or flag-for-review UI in GenAI applications. +2. Route flagged outputs to human reviewers via SQS/SNS. +3. Log feedback to DynamoDB/S3 for model improvement. +4. Define SLAs for reviewing flagged content. Informational N/A
111111111111us-east-1
111122223333us-west-2 FS-37 ADVISORY: User Feedback Mechanism — Manual Review Required User feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.N/A
111111111111
111122223333 us-east-1 FS-38No Guardrails — Word Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with word filters.No Guardrails With Word FiltersFound 1 guardrail(s) but none have word/phrase filters. Profanity and prohibited financial terms may appear in outputs.Add word filters to guardrails: +- Enable AWS managed profanity list +- Add custom denylist for prohibited financial terms +- Add allowlist for required regulatory language InformationalN/AMediumFailed
111122223333us-west-2FS-38No Guardrails With Word FiltersFound 1 guardrail(s) but none have word/phrase filters. Profanity and prohibited financial terms may appear in outputs.Add word filters to guardrails: +- Enable AWS managed profanity list +- Add custom denylist for prohibited financial terms +- Add allowlist for required regulatory languageMediumFailed
111111111111
111122223333 us-east-1 FS-39 No SageMaker Clarify Bias MonitoringFailed
111111111111
111122223333us-west-2FS-39No SageMaker Clarify Bias MonitoringNo SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions. +2. Define protected attributes (age, gender, race proxies). +3. Set bias metric thresholds and alert on violations. +4. Document bias testing results for regulatory examination.HighFailed
111122223333 us-east-1 FS-40 ADVISORY: Bias Dataset Coverage — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-40ADVISORY: Bias Dataset Coverage — Manual Review RequiredBedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.Run Bedrock Model Evaluation with bias test datasets: +- Demographic parity test cases +- Equal opportunity scenarios +- Counterfactual fairness testsInformationalN/A
111122223333 us-east-1 FS-41 No SageMaker Clarify Explainability MonitoringFailed
111111111111
111122223333us-west-2FS-41No SageMaker Clarify Explainability MonitoringNo SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).1. Configure SageMaker Clarify explainability for credit/lending models. +2. Generate SHAP values for feature importance. +3. Map top features to human-readable adverse action reason codes. +4. Store explanations for regulatory examination.HighFailed
111122223333 us-east-1 FS-42 No SageMaker Model Cards FoundFailed
111111111111
111122223333us-west-2FS-42No SageMaker Model Cards FoundNo SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.1. Create SageMaker Model Cards for all production models. +2. Document: intended use, out-of-scope uses, training data, bias evaluations. +3. Include regulatory compliance attestations. +4. Review and update cards at each model version release.MediumFailed
111122223333 us-east-1 FS-43 No CloudWatch Logs Data Protection PoliciesFailed
111111111111
111122223333us-west-2FS-43No CloudWatch Logs Data Protection PoliciesNo CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.1. Create CloudWatch Logs data protection policies to mask PII. +2. Enable masking for: SSN, credit card numbers, bank account numbers, email. +3. Apply policies to Bedrock invocation log groups. +4. Test masking with synthetic PII before production deployment.HighFailed
111122223333 us-east-1 FS-44 Amazon Macie EnabledPassed
111111111111
111122223333us-west-2FS-44Amazon Macie EnabledAmazon Macie is enabled and scanning S3 buckets.Verify Macie jobs cover training data and KB data source buckets.HighPassed
111122223333 us-east-1 FS-45No Guardrails — PII Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with PII/sensitive information filters.Guardrail PII Filters ConfiguredGuardrails with PII filters: nist-ai-rmf-guardrail.No action required. InformationalN/AHighPassed
111122223333us-west-2FS-45Guardrail PII Filters ConfiguredGuardrails with PII filters: nist-ai-rmf-guardrail.No action required.HighPassed
111111111111
111122223333 us-east-1 FS-46 AI/ML Buckets Without Data Classification Tags18 AI/ML bucket(s) without data-classification tags: 111111111111-us-east-1-kb-data-bucket, ancbedrocklogging, ancknowledgebase, aws-streaming-data-solut-outputaccesslogsbucket8b-1o7m0kb4bafm4, bedrock-agentcore-codebuild-sources-111111111111-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, create-customer-resources-kb-bucket-111111111111.18 AI/ML bucket(s) without data-classification tags: 111122223333-us-east-1-kb-data-bucket, ancbedrocklogging, ancknowledgebase, aws-streaming-data-solut-outputaccesslogsbucket8b-1o7m0kb4bafm4, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, create-customer-resources-kb-bucket-111122223333. Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule. Medium Failed
111111111111
111122223333us-west-2FS-46AI/ML Buckets Without Data Classification Tags18 AI/ML bucket(s) without data-classification tags: 111122223333-us-east-1-kb-data-bucket, ancbedrocklogging, ancknowledgebase, aws-streaming-data-solut-outputaccesslogsbucket8b-1o7m0kb4bafm4, bedrock-agentcore-codebuild-sources-111122223333-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, create-customer-resources-kb-bucket-111122223333.Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule.MediumFailed
111122223333 us-east-1 FS-47No Guardrails — Grounding Threshold Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with contextual grounding checks.InformationalN/AGuardrail Grounding Thresholds AppropriateAll 1 guardrail(s) with a GROUNDING filter have thresholds ≥0.7.No action required.HighPassed
111122223333us-west-2FS-47Guardrail Grounding Thresholds AppropriateAll 1 guardrail(s) with a GROUNDING filter have thresholds ≥0.7.No action required.HighPassed
111111111111
111122223333 us-east-1 FS-48 Active Knowledge Bases for RAG PresentPassed
111111111111
111122223333us-west-2FS-48Active Knowledge Bases for RAG PresentFound 3 active Knowledge Base(s) for RAG grounding.No action required.MediumPassed
111122223333 us-east-1 FS-49 ADVISORY: Hallucination Disclaimer — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-49ADVISORY: Hallucination Disclaimer — Manual Review RequiredApplication-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.' +2. Implement post-processing to append disclaimers. +3. Test disclaimer presence in QA before production.InformationalN/A
111122223333 us-east-1 FS-50No Guardrails With Relevance Grounding FiltersNo guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.Relevance Grounding Filters PresentGuardrails with RELEVANCE grounding filters: nist-ai-rmf-guardrail.No action required. MediumFailedPassed
111122223333us-west-2FS-50Relevance Grounding Filters PresentGuardrails with RELEVANCE grounding filters: nist-ai-rmf-guardrail.No action required.MediumPassed
111111111111
111122223333 us-east-1 FS-51No Guardrails — Prompt Attack Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with prompt attack filters.InformationalN/ANo Guardrails With Prompt Attack FiltersFound 1 guardrail(s) but none have PROMPT_ATTACK filters. Prompt injection attacks may bypass system prompts and access controls.1. Enable PROMPT_ATTACK content filter in Bedrock Guardrails. +2. Set input filter strength to HIGH. +3. Use input tags () to differentiate user inputs from developer-provided prompts — required for PROMPT_ATTACK filters to work correctly with InvokeModel/InvokeModelWithResponseStream. +4. Consider STANDARD tier (GA June 2025) for better jailbreak vs. injection classification and broader language support. +5. Implement application-level input sanitization as defense-in-depth.HighFailed
111122223333us-west-2FS-51No Guardrails With Prompt Attack FiltersFound 1 guardrail(s) but none have PROMPT_ATTACK filters. Prompt injection attacks may bypass system prompts and access controls.1. Enable PROMPT_ATTACK content filter in Bedrock Guardrails. +2. Set input filter strength to HIGH. +3. Use input tags () to differentiate user inputs from developer-provided prompts — required for PROMPT_ATTACK filters to work correctly with InvokeModel/InvokeModelWithResponseStream. +4. Consider STANDARD tier (GA June 2025) for better jailbreak vs. injection classification and broader language support. +5. Implement application-level input sanitization as defense-in-depth.HighFailed
111111111111
111122223333 us-east-1 FS-52 Bedrock Lambda Functions on Deprecated RuntimesFailed
111111111111
111122223333us-west-2FS-52Bedrock Lambda Functions on Deprecated RuntimesFunctions on deprecated runtimes: e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Deprecated runtimes may use outdated boto3/SDK versions lacking security patches.1. Upgrade Lambda functions to a supported runtime — Python 3.12+, Node.js 22.x or 24.x, Java 21+, or .NET 8+. +2. Update boto3 to the latest version in Lambda layers (pin the version in requirements.txt and redeploy). +3. Enable Lambda runtime management controls for automatic minor-version updates (runtimeManagementConfig.updateRuntimeOn = 'Auto'). +4. Refer to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html for the authoritative list of supported and deprecated runtimes.MediumFailed
111122223333 us-east-1 FS-53 No WAF Web ACLs — Injection Rules Not ApplicableN/A
111111111111
111122223333us-west-2FS-53No WAF Web ACLs — Injection Rules Not ApplicableNo regional WAF Web ACLs found.Create WAF Web ACLs with injection protection rules (see FS-01).InformationalN/A
111122223333 us-east-1 FS-54 ADVISORY: Penetration Testing — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-54ADVISORY: Penetration Testing — Manual Review RequiredPenetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.1. Conduct penetration testing of GenAI applications at least annually and before major releases. +2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts. +3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it. +4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail. +5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.InformationalN/A
111122223333 us-east-1 FS-55 No Output Validation Functions FoundFailed
111111111111
111122223333us-west-2FS-55No Output Validation Functions FoundNo Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.1. Implement output validation Lambda functions in GenAI pipelines. +2. Validate output schema, length, and content before downstream use. +3. Sanitize outputs before rendering in web UIs (XSS prevention). +4. Encode outputs appropriately for the target context (HTML, SQL, JSON).MediumFailed
111122223333 us-east-1 FS-56 No WAF ACLs — XSS Prevention Not ApplicableN/A
111111111111
111122223333us-west-2FS-56No WAF ACLs — XSS Prevention Not ApplicableNo regional WAF Web ACLs found.Create WAF ACLs with XSS prevention rules.InformationalN/A
111122223333 us-east-1 FS-57 ADVISORY: Output Encoding — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-57ADVISORY: Output Encoding — Manual Review RequiredOutput encoding practices cannot be verified via AWS APIs. Manual code review required.1. HTML-encode GenAI outputs before rendering in web UIs. +2. Use parameterized queries when GenAI output is used in database operations. +3. JSON-encode outputs before embedding in JavaScript contexts. +4. Validate output length and format before passing to downstream APIs.InformationalN/A
111122223333 us-east-1 FS-58 ADVISORY: Output Schema Validation — Manual Review RequiredN/A
111111111111
111122223333us-west-2FS-58ADVISORY: Output Schema Validation — Manual Review RequiredFound 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.1. Use Bedrock structured output (response schemas) where supported. +2. Implement JSON schema validation on Lambda output processors. +3. Reject malformed outputs and return safe error responses. +4. Log schema validation failures to CloudWatch for monitoring.InformationalN/A
111122223333 us-east-1 FS-59No Guardrails — Topic Allowlist Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with topic policies to restrict off-topic responses.Topic Restrictions Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only; the STANDARD tier (GA June 2025) adds broader language support for off-topic detection.For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile).MediumPassed
111122223333us-west-2FS-59Topic Restrictions Configured on CLASSIC TierGuardrails with topic policies: nist-ai-rmf-guardrail. The following use the CLASSIC tier: nist-ai-rmf-guardrail. CLASSIC tier supports English, French, and Spanish only; the STANDARD tier (GA June 2025) adds broader language support for off-topic detection.For multilingual FinServ deployments, consider upgrading denied topics to the STANDARD tier (topicsTierConfig.tierName=STANDARD via UpdateGuardrail; requires a cross-region inference profile). MediumPassed
111122223333us-east-1FS-60ADVISORY: Contextual Grounding for Off-Topic PreventionContextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.1. Include explicit scope instructions in system prompts. +2. Use Bedrock Guardrails relevance grounding filter. +3. Test with off-topic prompts in QA to verify rejection behavior. Informational N/A
111111111111us-east-1
111122223333us-west-2 FS-60 ADVISORY: Contextual Grounding for Off-Topic Prevention Contextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.N/A
111111111111
111122223333 us-east-1 FS-61COULD NOT ASSESS: Knowledge Base Sync Schedule CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-FinServSecurityAssessment-G8d5dEiMJsZB/aiml-security-aiml-security-111111111111-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:111111111111:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). -2. Confirm the service/feature is supported in the assessed region. -3. Ensure botocore meets the version floor in requirements.txt. -4. Re-run the assessment; assess this control manually until it succeeds.LowNo Automated KB Sync Schedules DetectedFound 3 Knowledge Base(s) but no EventBridge Scheduler schedules or EventBridge rules with 'bedrock'/'knowledge' naming were found. Note: this check uses a name/target heuristic — sync automation with other naming conventions, AWS Step Functions-based orchestration, or native Bedrock API-triggered syncs (StartIngestionJob called directly) will not be detected. Verify sync automation manually if applicable.1. Use EventBridge Scheduler (the AWS-recommended approach) to create a recurring schedule (e.g., rate(1 day) or a cron expression) that triggers a Lambda function calling the Bedrock StartIngestionJob API for each data source. Classic EventBridge scheduled rules also work but are a legacy feature. +2. As of December 2024, Bedrock Knowledge Bases supports custom connectors and streaming data ingestion — use direct document ingestion (KnowledgeBaseDocuments API) for real-time updates without a full S3 sync. +3. Set sync frequency based on data currency requirements (e.g., hourly for market data, daily for regulatory guidance). +4. Configure CloudWatch alarms or SNS notifications on IngestionJob FAILED status for sync failure alerting.MediumFailed
111122223333us-west-2FS-61No Automated KB Sync Schedules DetectedFound 3 Knowledge Base(s) but no EventBridge Scheduler schedules or EventBridge rules with 'bedrock'/'knowledge' naming were found. Note: this check uses a name/target heuristic — sync automation with other naming conventions, AWS Step Functions-based orchestration, or native Bedrock API-triggered syncs (StartIngestionJob called directly) will not be detected. Verify sync automation manually if applicable.1. Use EventBridge Scheduler (the AWS-recommended approach) to create a recurring schedule (e.g., rate(1 day) or a cron expression) that triggers a Lambda function calling the Bedrock StartIngestionJob API for each data source. Classic EventBridge scheduled rules also work but are a legacy feature. +2. As of December 2024, Bedrock Knowledge Bases supports custom connectors and streaming data ingestion — use direct document ingestion (KnowledgeBaseDocuments API) for real-time updates without a full S3 sync. +3. Set sync frequency based on data currency requirements (e.g., hourly for market data, daily for regulatory guidance). +4. Configure CloudWatch alarms or SNS notifications on IngestionJob FAILED status for sync failure alerting.MediumFailed
111122223333us-east-1FS-62ADVISORY: Data Currency Disclaimer — Manual Review RequiredData currency disclaimers cannot be verified via AWS APIs. Manual review required.1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].' +2. Expose KB last sync timestamp in application responses. +3. Alert users when KB data is older than defined threshold.Informational N/A
111111111111us-east-1
111122223333us-west-2 FS-62 ADVISORY: Data Currency Disclaimer — Manual Review Required Data currency disclaimers cannot be verified via AWS APIs. Manual review required.N/A
111111111111
111122223333 us-east-1 FS-63 Foundation Model Lifecycle ManagementPassed
111111111111
111122223333us-west-2FS-63Foundation Model Lifecycle ManagementNo legacy models detected. 10 lifecycle-related Config rule(s) found.No action required.MediumPassed
111122223333 us-east-1 FS-65 KB Data Source Buckets Missing S3 Event Notifications The following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: - semiconductor-demo-9999 -- 111111111111-us-east-1-kb-data-bucket1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. +2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. +3. Integrate alerts into your security incident response workflow.MediumFailed
111122223333us-west-2FS-65KB Data Source Buckets Missing S3 Event NotificationsThe following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time: +- semiconductor-demo-9999 +- 111122223333-us-east-1-kb-data-bucket 1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket. 2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting. 3. Integrate alerts into your security incident response workflow.Failed
111111111111
111122223333 us-east-1 FS-66 AgentCore Runtimes Missing End-User Identity PropagationFailed
111111111111
111122223333us-west-2FS-66AgentCore Runtimes Missing End-User Identity PropagationThe following runtimes have no JWT or IAM authorizer configured for end-user identity propagation. Tool calls are authorized only by the agent execution role, not the originating user: +- origami_expeditions +- neoCyan_Agent +- customer_support_agent +- cdk_agent_core +- awsapimcpserver1. Configure a custom JWT authorizer or IAM authorizer on each AgentCore runtime. +2. Propagate the end-user's identity token to downstream tool services. +3. Ensure tool services validate the propagated identity before executing actions. +4. Do not expose propagated identity tokens to unauthorized third parties.HighFailed
111122223333 us-east-1 FS-67 Agent Action-Group Lambdas May Lack Transaction Thresholds The following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: -- aiml-security-aiml-security-111111111111-FinServAssessment -- aiml-security-aiml-security-111111111111-BedrockAssessment +- aiml-security-aiml-security-111122223333-FinServAssessment +- aiml-security-aiml-security-111122223333-BedrockAssessment +- resco-aiml-BedrockAssessment +- aiml-security-aiml-security-111122223333-AgentCoreAssessment +- e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk +- e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII +- resco-aiml-AgentCoreAssessment1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. +2. Implement threshold enforcement logic in the Lambda handler. +3. Configure AgentCore Policy Engine rules to cap financial transaction amounts. +4. Route transactions exceeding thresholds to a human-in-the-loop approval step.HighFailed
111122223333us-west-2FS-67Agent Action-Group Lambdas May Lack Transaction ThresholdsThe following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: +- aiml-security-aiml-security-111122223333-FinServAssessment +- aiml-security-aiml-security-111122223333-BedrockAssessment - resco-aiml-BedrockAssessment -- aiml-security-aiml-security-111111111111-AgentCoreAssessment +- aiml-security-aiml-security-111122223333-AgentCoreAssessment - e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk - e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII - resco-aiml-AgentCoreAssessmentFailed
111111111111
111122223333 us-east-1 FS-68 API Gateway Request Body Size Limits Not EnforcedFailed
111111111111
111122223333us-west-2FS-68API Gateway Request Body Size Limits Not EnforcedFound 3 REST API(s) and 0 regional WAF Web ACL(s), but none enforce a maximum request-body size. Note: an API Gateway request validator does NOT cap body size (it validates the schema and required params; the REST limit is a fixed 10 MB), and a WAF body SizeConstraint only inspects the first ~16 KB of the body by default. Oversized prompts can exhaust Bedrock token quotas and inflate costs.1. Add a maxLength (or maxItems/maxProperties) bound to the request-body JSON-Schema model used by your request validator, so oversized prompts are rejected with a 400. +2. Add a WAF SizeConstraintStatement on the request Body sized within WAF's body-inspection window (default 16 KB; raise via the web ACL AssociationConfig, or set OversizeHandling=MATCH to block bodies beyond the window), and associate the ACL with the API stage. +3. Set the max_tokens parameter in Bedrock API calls to cap output length. +4. Implement client-side token counting before submitting requests.MediumFailed
111122223333 us-east-1 FS-69 Prompt Input Validation Functions PresentFound 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111111111111-CleanupBucket.Found 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111122223333-CleanupBucket.Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.MediumPassed
111122223333us-west-2FS-69Prompt Input Validation Functions PresentFound 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111122223333-CleanupBucket. Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection. Medium Passed
111111111111
111122223333eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
111122223333ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
111122223333sa-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666us-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666us-west-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-west-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666 eu-west-1 FS-00 FinServ Regional Scope Not ApplicableN/A
111111111111ap-southeast-2
444455556666ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
444455556666sa-east-1 FS-00 FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region. No action required unless GenAI workloads are expected in this region. Informational N/A
333333333333
777788889999 us-east-1 FS-01 AWS Shield Advanced Not EnabledFailed
333333333333
777788889999 us-east-1 FS-01 No Regional WAF Web ACLs FoundFailed
333333333333
777788889999 us-east-1 FS-02 No API Gateway Usage Plans FoundN/A
333333333333
777788889999 us-east-1 FS-03Bedrock Token Quotas At DefaultAll 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.1. Review current Bedrock TPM/TPD quotas in the Service Quotas console. -2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review. -3. Implement client-side token counting and pre-flight quota checks. -4. Use Bedrock cross-region inference profiles to distribute load.Bedrock Token Quotas CustomizedFound 236 Bedrock token-based quota(s); at least one applied value exceeds the AWS default, indicating quotas have been reviewed and raised.No action required. Periodically re-review quotas against expected peak load. MediumN/APassed
333333333333
777788889999 us-east-1 FS-04 No Cost Anomaly Detection MonitorsFailed
333333333333
777788889999 us-east-1 FS-05 No Bedrock CloudWatch Alarms FoundFailed
333333333333
777788889999 us-east-1 FS-06 No AI/ML Service Budgets ConfiguredFailed
333333333333
777788889999 us-east-1 FS-07Agent Action Boundary CheckNo Bedrock agents found.Agent Action Boundaries Look AppropriateReviewed 1 agent(s); no wildcard sensitive actions found. No action required. InformationalN/AHighPassed
333333333333
777788889999 us-east-1 FS-08 No AgentCore Runtimes FoundN/A
333333333333
777788889999 us-east-1 FS-09 Agent Lambda Functions Without Concurrency LimitsAgent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-mgmt-FinServAssessment, aiml-security-aiml-security-mgmt-CleanupBucket, aiml-security-aiml-security-mgmt-SagemakerAssessment, aiml-security-aiml-security-mgmt-GenerateReport, resco-aiml-CleanupBucket, aiml-security-aiml-security-mgmt-IAMPermissionCaching, AIMLSecurity-Assessment-CodeBuildStartBuildLambda-Ul2QNob2S042, resco-aiml-BedrockAssessment, resco-aiml-AgentCoreAssessment, resco-aiml-GenerateReport. Unlimited concurrency allows runaway agent loops to exhaust account limits.Agent-related Lambda functions without reserved concurrency: aiml-security-aiml-security-mgmt-FinServAssessment, aiml-sec-test-resources-SageMakerJobCustomResource-ZA5QCAi0pN3d, AIMLSecurityAssessment-CodeBuildStartBuildLambda-VYOqtzWoNo3m, aiml-security-aiml-security-mgmt-CleanupBucket, aiml-security-aiml-security-mgmt-SagemakerAssessment, aiml-security-aiml-security-mgmt-GenerateReport, aiml-security-aiml-security-mgmt-IAMPermissionCaching, aiml-security-aiml-security-mgmt-AgentCoreAssessment, aiml-security-aiml-security-mgmt-BedrockAssessment, aiml-security-aiml-security-mgmt-ResolveRegions. Unlimited concurrency allows runaway agent loops to exhaust account limits. 1. Set reserved concurrency on agent Lambda functions. 2. Implement maximum iteration counts in agent orchestration logic. 3. Use Step Functions with MaxConcurrency and timeout states. @@ -16053,8 +37295,8 @@

Medium

Failed
333333333333
777788889999 us-east-1 FS-10 Human-in-the-Loop Check — No Agent Workflows FoundN/A
333333333333
777788889999 us-east-1 FS-11 No Agent Rate Alarms FoundFailed
333333333333
777788889999 us-east-1 FS-12 No Bedrock-Scoped SCPs FoundFailed
333333333333
777788889999 us-east-1 FS-13Model Provenance Tags PresentAll reviewed models have required provenance tags.No action required.Models Missing Provenance Tags2 model(s) missing required provenance tags: +- SageMaker model 'SageMakerModelWithIsolation-JASFpUHjajdk' missing tags: {'version', 'approval-date', 'source'} +- SageMaker model 'SageMakerModelNoIsolation-yQ7EpJeL7pgI' missing tags: {'version', 'approval-date', 'source'}Tag all models with: source (e.g., 'aws-marketplace', 'internal'), version, and approval-date. Enforce tagging via SCP or AWS Config rule. MediumPassedFailed
333333333333
777788889999 us-east-1 FS-14 Model Governance Config Rules PresentPassed
333333333333
777788889999 us-east-1 FS-15 No Bedrock Evaluation Jobs FoundFailed
333333333333
777788889999 us-east-1 FS-16 ECR Repositories Without Image Scanning1 ECR repo(s) without scan-on-push: cdk-hnb659fds-container-assets-333333333333-us-east-1.2 ECR repo(s) without scan-on-push: cdk-hnb659fds-container-assets-777788889999-us-east-1, aiml-sec-test-agentcore-no-encryption. Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection. High Failed
333333333333
777788889999 us-east-1 FS-20No SageMaker Feature Groups FoundNo SageMaker Feature Store groups found.No action required.InformationalN/AFeature Groups Without Offline Store1 feature group(s) lack an active offline store: aiml-sec-test-feature-group. Without offline store, historical feature data cannot be used for rollback.1. Enable offline store (S3-backed) for all production feature groups. +2. Enable S3 versioning on the offline store bucket. +3. Document rollback procedures for poisoned feature data.MediumFailed
333333333333
777788889999 us-east-1 FS-21No Training Data Buckets IdentifiedNo S3 buckets with training/model naming found.Tag training data buckets and enable versioning.Training Data Buckets Have VersioningAll 2 training bucket(s) have versioning enabled.No action required. InformationalN/AHighPassed
333333333333
777788889999 us-east-1 FS-22 Overly Permissive Knowledge Base IAM Roles710 role(s) with wildcard KB permissions: + 823 role(s) with wildcard KB permissions: - Role 'Admin' allows '*' -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetModelInvocationLoggingConfiguration' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListPrompts' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetPrompt' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListAgents' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetAgent' on Resource '*' (no ARN scoping to specific Knowledge Bases) -- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListCustomModels' on Resource '*' (no ARN scoping to specific Knowledge Bases)Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.Replace wildcard bedrock:* with specific actions such as bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs. High Failed
333333333333
777788889999 us-east-1 FS-24 ADVISORY: Knowledge Base Metadata Filtering — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-25 OpenSearch Serverless Encryption Policies PresentPassed
333333333333
777788889999 us-east-1 FS-26 OpenSearch Serverless Collections Not VPC-RestrictedFailed
333333333333
777788889999 us-east-1 FS-27No Guardrails — Contextual Grounding Not ApplicableNo Bedrock Guardrails configured. Configure guardrails first (see BR-05).Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).InformationalCOULD NOT ASSESS: Guardrail Contextual Grounding CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-27Automated Reasoning Policies — Access CheckAccess denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml. -2. Check for an Organizations SCP / permission boundary denying the action. -3. Confirm the assessed region supports Automated Reasoning checks. -4. Re-run the assessment after re-deploying.LowN/ANo Automated Reasoning Policies FoundNo Bedrock Automated Reasoning policies have been created. ARC (GA August 2025) uses formal verification to guarantee that GenAI outputs comply with authored business rules — e.g., loan criteria, regulatory thresholds, policy constraints. Without ARC policies, factual accuracy of outputs is not formally verified, only heuristically filtered by contextual grounding thresholds.1. In the Amazon Bedrock console → Guardrails → Automated Reasoning, create a policy document encoding your FinServ business rules (e.g., eligibility criteria, rate limits, regulatory thresholds). +2. Associate the ARC policy with your guardrail (automatedReasoningPolicy.policies field in CreateGuardrail/UpdateGuardrail). +3. Set confidenceThreshold on the policy to control strictness. +4. ARC requires cross-Region inference — ensure your guardrail has a guardrailProfileArn configured (crossRegionDetails in GetGuardrail response). +5. Reference: AWS Announcement — Automated Reasoning checks GA (August 2025).MediumFailed
333333333333
777788889999 us-east-1 FS-28No Guardrails — Denied Topics Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with denied topics for regulated financial content.InformationalCOULD NOT ASSESS: Financial Denied Topics CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-29 ADVISORY: Compliance Disclaimer — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-30 ADVISORY: Compliance Dataset Coverage — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-31 Knowledge Base Data Sources Past Review Threshold 1 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit): -- KB 'knowledge-base-prowler-findings' source 'knowledge-base-quick-start-9lb68-data-source' last synced 403 days ago +- KB 'knowledge-base-prowler-findings' source 'knowledge-base-quick-start-9lb68-data-source' last synced 423 days ago Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently. 1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match. 2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61. @@ -16294,8 +37547,8 @@

Medium

Failed
333333333333
777788889999 us-east-1 FS-32 ADVISORY: Source Attribution — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-33 KB Data Source Buckets Have VersioningPassed
333333333333
777788889999 us-east-1 FS-34 Legacy Foundation Models Available in RegionLegacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.Legacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, anthropic.claude-opus-4-1-20250805-v1:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use. 1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config). 2. Migrate active usage to current model versions. 3. Document training-data cutoff dates for all models in use. @@ -16333,8 +37586,8 @@

Informational

N/A
333333333333
777788889999 us-east-1 FS-35 ADVISORY: Harmful-Content Test Coverage — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-36No Guardrails — Content Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with content filters.InformationalCOULD NOT ASSESS: Guardrail Content Filters CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-37 ADVISORY: User Feedback Mechanism — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-38No Guardrails — Word Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with word filters.InformationalCOULD NOT ASSESS: Guardrail Word Filters CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-39 No SageMaker Clarify Bias MonitoringFailed
333333333333
777788889999 us-east-1 FS-40 ADVISORY: Bias Dataset Coverage — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-41 No SageMaker Clarify Explainability MonitoringFailed
333333333333
777788889999 us-east-1 FS-42 No SageMaker Model Cards FoundFailed
333333333333
777788889999 us-east-1 FS-43 No CloudWatch Logs Data Protection PoliciesFailed
333333333333
777788889999 us-east-1 FS-44 Amazon Macie Not EnabledFailed
333333333333
777788889999 us-east-1 FS-45No Guardrails — PII Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with PII/sensitive information filters.InformationalCOULD NOT ASSESS: Guardrail PII Filters CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-46No AI/ML Data Buckets IdentifiedNo S3 buckets with AI/ML naming found.Tag AI/ML data buckets with data-classification labels.AI/ML Buckets Without Data Classification Tags3 AI/ML bucket(s) without data-classification tags: aiml-sec-test-resources-bedrockloggingbucket-wtuvpinrlpmd, aiml-sec-test-resources-sagemakerbucket-6zzmxxaxco6g, aiml-security-mgmt-aimlassessmentbucket-kbitsdgexylv.Tag all AI/ML data buckets with 'data-classification' key. Values: Public, Internal, Confidential, Restricted. Enforce via SCP or AWS Config rule. InformationalN/AMediumFailed
333333333333
777788889999 us-east-1 FS-47No Guardrails — Grounding Threshold Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with contextual grounding checks.InformationalCOULD NOT ASSESS: Guardrail Grounding Threshold CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-48 Active Knowledge Bases for RAG PresentPassed
333333333333
777788889999 us-east-1 FS-49 ADVISORY: Hallucination Disclaimer — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-50No Guardrails With Relevance Grounding FiltersNo guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.MediumFailedCOULD NOT ASSESS: Guardrail Relevance Grounding CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.LowN/A
333333333333
777788889999 us-east-1 FS-51No Guardrails — Prompt Attack Filters Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with prompt attack filters.InformationalCOULD NOT ASSESS: Prompt Injection Input Validation CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-52 Bedrock Lambda Functions on Current RuntimesAll 16 Bedrock Lambda function(s) use current runtimes.All 10 Bedrock Lambda function(s) use current runtimes. No action required. Medium Passed
333333333333
777788889999 us-east-1 FS-53 No WAF Web ACLs — Injection Rules Not ApplicableN/A
333333333333
777788889999 us-east-1 FS-54 ADVISORY: Penetration Testing — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-55 No Output Validation Functions FoundFailed
333333333333
777788889999 us-east-1 FS-56 No WAF ACLs — XSS Prevention Not ApplicableN/A
333333333333
777788889999 us-east-1 FS-57 ADVISORY: Output Encoding — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-58 ADVISORY: Output Schema Validation — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-59No Guardrails — Topic Allowlist Not ApplicableNo Bedrock Guardrails configured.Configure guardrails with topic policies to restrict off-topic responses.InformationalCOULD NOT ASSESS: Guardrail Topic Allowlist CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the GetGuardrail operation: You don't have sufficient permissions to access this guardrail.). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). +2. Confirm the service/feature is supported in the assessed region. +3. Ensure botocore meets the version floor in requirements.txt. +4. Re-run the assessment; assess this control manually until it succeeds.Low N/A
333333333333
777788889999 us-east-1 FS-60 ADVISORY: Contextual Grounding for Off-Topic PreventionN/A
333333333333
777788889999 us-east-1 FS-61COULD NOT ASSESS: Knowledge Base Sync Schedule CheckThis check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-FinServSecurityAssessmentFunctio-pwj9by1swQWa/aiml-security-aiml-security-mgmt-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:333333333333:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README). -2. Confirm the service/feature is supported in the assessed region. -3. Ensure botocore meets the version floor in requirements.txt. -4. Re-run the assessment; assess this control manually until it succeeds.LowN/ANo Automated KB Sync Schedules DetectedFound 1 Knowledge Base(s) but no EventBridge Scheduler schedules or EventBridge rules with 'bedrock'/'knowledge' naming were found. Note: this check uses a name/target heuristic — sync automation with other naming conventions, AWS Step Functions-based orchestration, or native Bedrock API-triggered syncs (StartIngestionJob called directly) will not be detected. Verify sync automation manually if applicable.1. Use EventBridge Scheduler (the AWS-recommended approach) to create a recurring schedule (e.g., rate(1 day) or a cron expression) that triggers a Lambda function calling the Bedrock StartIngestionJob API for each data source. Classic EventBridge scheduled rules also work but are a legacy feature. +2. As of December 2024, Bedrock Knowledge Bases supports custom connectors and streaming data ingestion — use direct document ingestion (KnowledgeBaseDocuments API) for real-time updates without a full S3 sync. +3. Set sync frequency based on data currency requirements (e.g., hourly for market data, daily for regulatory guidance). +4. Configure CloudWatch alarms or SNS notifications on IngestionJob FAILED status for sync failure alerting.MediumFailed
333333333333
777788889999 us-east-1 FS-62 ADVISORY: Data Currency Disclaimer — Manual Review RequiredN/A
333333333333
777788889999 us-east-1 FS-63 Foundation Model Lifecycle ManagementPassed
333333333333
777788889999 us-east-1 FS-65 KB Data Source Buckets Missing S3 Event NotificationsFailed
333333333333
777788889999 us-east-1 FS-66 No AgentCore Runtimes FoundN/A
333333333333
777788889999 us-east-1 FS-67 Agent Action-Group Lambdas May Lack Transaction Thresholds The following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions: - aiml-security-aiml-security-mgmt-FinServAssessment -- resco-aiml-BedrockAssessment -- resco-aiml-AgentCoreAssessment - aiml-security-aiml-security-mgmt-AgentCoreAssessment - aiml-security-aiml-security-mgmt-BedrockAssessment 1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda. @@ -16742,8 +38014,8 @@

High

Failed
333333333333
777788889999 us-east-1 FS-68 API Gateway Request Body Size Limits — Not ApplicableN/A
333333333333
777788889999 us-east-1 FS-69 Prompt Input Validation Functions PresentFound 2 Lambda function(s) with input validation/sanitization naming patterns: aiml-security-aiml-security-mgmt-CleanupBucket, resco-aiml-CleanupBucket.Found 1 Lambda function(s) with input validation/sanitization naming patterns: aiml-security-aiml-security-mgmt-CleanupBucket. Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection. Medium Passed
333333333333eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
333333333333ap-southeast-2
777788889999us-west-2 FS-00 FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No regional Bedrock, AgentCore, or SageMaker resources were found in us-west-2; FinServ GenAI risk checks were not applied to this region. No action required unless GenAI workloads are expected in this region. Informational N/A
222222222222us-east-1
777788889999eu-west-1 FS-00 FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region. No action required unless GenAI workloads are expected in this region. Informational N/A
222222222222eu-west-1
777788889999ap-south-1 FS-00 FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region. No action required unless GenAI workloads are expected in this region. Informational N/A
222222222222ap-southeast-2
777788889999sa-east-1 FS-00 FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region. No action required unless GenAI workloads are expected in this region. Informational
HighDirect security riskFailedRemediation needed
MediumDefense-in-depth gapPassedMeets requirements
LowBest practiceN/ANot applicable
InformationalNo action required

Remediation Guidance

High7 daysAddress immediately; block deployment if unresolved
Medium30 daysSchedule in next sprint; may require change window
Low90 daysInclude in backlog; address during regular maintenance

Assessment Notes

Point-in-time: Security posture changes as resources are modified. Scope limited: Passed checks verify tested controls only. Context matters: Adjust severity for compliance requirements and environment type.
-

Assessment Scope

Amazon Bedrock
Amazon SageMaker
Amazon Bedrock AgentCore
Industry
Financial Services GenAI Risk

Bedrock, SageMaker, and AgentCore checks are based on the AWS Well-Architected Framework Generative AI Lens. Financial Services GenAI Risk checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption.

+

Assessment Scope

Amazon Bedrock
Amazon SageMaker
Amazon Bedrock AgentCore
Agentic AI Security
Agentic AI Security Lens Mapping
Industry
Financial Services GenAI Risk

Bedrock, SageMaker, and AgentCore checks are based on the AWS Well-Architected Framework Generative AI Lens. Agentic AI Security references the AWS Well-Architected Agentic AI Lens. Controls that cannot be proven using AWS APIs, including semantic human-in-the-loop workflow quality, are not automatically scored. Financial Services GenAI Risk checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption.

@@ -17004,6 +38265,7 @@

By Service

-
Security Checks
53
Evaluated across 3 regions
-
Total Findings
172
Across 3 regions
-
Actionable Findings
37
High, Medium, and Low severity
-
High Severity
3/6
50.0% passed · Immediate action required
-
Medium Severity
9/28
32.1% passed · Should be addressed
-
Low Severity
3/3
100.0% passed · Best practices
+
Security Checks
97
Evaluated across 5 regions
+
Total Findings
462
Across 5 regions
+
Actionable Findings
100
High, Medium, and Low severity
+
High Severity
4/41
9.8% passed · Immediate action required
+
Medium Severity
15/41
36.6% passed · Should be addressed
+
Low Severity
5/18
27.8% passed · Best practices

Priority Recommendations

3
@@ -241,12 +247,18 @@

Security Assessment Overview

Marketplace Subscription Access Check
Bedrock
-
+
1
-
Stale Bedrock Access Check
+
Cross-Account Guardrails Enforcement Check
Bedrock
+
+
1
+
+
AgentCore Service-Linked Role Missing
+
AgentCore
+

Severity Legend

View full methodology
@@ -267,16 +279,16 @@

Security Assessment Overview

All Security Findings
- -
-
+ +
+
-
- - +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2
+ + @@ -285,9 +297,9 @@

Security Assessment Overview

- - - + + + @@ -296,9 +308,9 @@

Security Assessment Overview

- - - + + + @@ -307,9 +319,9 @@

Security Assessment Overview

- - - + + + @@ -318,9 +330,9 @@

Security Assessment Overview

- - - + + + @@ -333,9 +345,9 @@

Security Assessment Overview

- - - + + + @@ -344,20 +356,20 @@

Security Assessment Overview

- - - + + + - - + + - - - + + + @@ -366,9 +378,9 @@

Security Assessment Overview

- - - + + + @@ -377,9 +389,9 @@

Security Assessment Overview

- - - + + + @@ -388,9 +400,9 @@

Security Assessment Overview

- - - + + + @@ -399,366 +411,339 @@

Security Assessment Overview

- - - - - - - - - - - - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - - - - - - - - - - - - + - - - - - - - - - + + + + + + + + + - - - - - - - + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - + + + @@ -767,9 +752,9 @@

Security Assessment Overview

- - - + + + @@ -778,9 +763,9 @@

Security Assessment Overview

- - - + + + @@ -789,9 +774,9 @@

Security Assessment Overview

- - - + + + @@ -800,9 +785,9 @@

Security Assessment Overview

- - - + + + @@ -815,9 +800,9 @@

Security Assessment Overview

- - - + + + @@ -826,20 +811,20 @@

Security Assessment Overview

- - - + + + - - + + - - - + + + @@ -848,9 +833,9 @@

Security Assessment Overview

- - - + + + @@ -859,9 +844,9 @@

Security Assessment Overview

- - - + + + @@ -870,9 +855,9 @@

Security Assessment Overview

- - - + + + @@ -881,1338 +866,1316 @@

Security Assessment Overview

- - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - - - - - - - - - - - - - + + - - - - - + + + + + - - - - - - - - - - - - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - + - - - - - - - - + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - + + + - - - + + + - - - - - - - - - - + + + + + + + + + + - - + + - - - - - - + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
123456789012ap-south-1 BR-02 Amazon Bedrock private connectivity check No regional Bedrock resources found to assess private connectivity Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-04 Bedrock Model Invocation Logging Check No regional Bedrock resources found to monitor with invocation logging Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-05 Bedrock Guardrails Check No regional Bedrock resources found to protect with guardrails Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-06 Bedrock CloudTrail Logging Check No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-07 Bedrock Prompt Management Check Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses. Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-08 Bedrock Agent IAM Roles Check No Bedrock agents found in the account Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-09 Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-sec-111111111111-BedrockSecurityAssessmentFunc-188U9EAkRKkw/aiml-security-aiml-sec-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.No Knowledge Bases found in the accountNo action required Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-10 Bedrock Guardrail IAM Enforcement Check No guardrails configured - IAM enforcement check not applicable Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-11 Bedrock Custom Model Encryption Check No custom/fine-tuned models found in the account Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-12 Bedrock Invocation Log Encryption Check Model invocation logging to S3 is not configured Informational N/A
111111111111ap-southeast-2
123456789012ap-south-1 BR-13 Bedrock Flows Guardrails Check No Bedrock Flows found in the account Informational N/A
111111111111eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
111111111111eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformational
123456789012ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMedium N/A
111111111111eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformational
123456789012ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
123456789012ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action requiredInformationalN/A
111111111111eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates Informational N/A
111111111111eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformational
123456789012ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMedium N/A
111111111111eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-sec-111111111111-BedrockSecurityAssessmentFunc-188U9EAkRKkw/aiml-security-aiml-sec-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
123456789012ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryption InformationalHigh N/A
111111111111eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformational
123456789012ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHigh N/A
111111111111eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account
123456789012ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotas No action required Informational N/A
111111111111eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformational
123456789012ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
111111111111eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformational
123456789012ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMedium N/A
111111111111GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
123456789012ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'aws-elasticbeanstalk-ec2-role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
123456789012ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responses HighFailedN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'RescoAppStack-Ec2Role2FD9A272-UB7xzDXt03Lg' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'xray-sample-SampleInstanceProfileRole-1WB21O2X8T7ZV' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
123456789012ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topics HighFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonQInvestigationRole-DefaultInvestigationGroup-ma74at' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'aws-elasticbeanstalk-ec2-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
123456789012ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-111111111111-us-east-1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'Nova-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'RescoAppStack-Ec2Role2FD9A272-UB7xzDXt03Lg' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ScoutSuiteRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'SecurityHubGenAISummary-IAMRolefnCreateSummary-ulVA50wgXCG3' last accessed Bedrock on 2024-09-06You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'xray-sample-SampleInstanceProfileRole-1WB21O2X8T7ZV' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
111111111111us-east-1
123456789012eu-west-1 BR-02 Amazon Bedrock private connectivity check No regional Bedrock resources found to assess private connectivity Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-04 Bedrock Model Invocation Logging Check No regional Bedrock resources found to monitor with invocation logging Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-05 Bedrock Guardrails Check No regional Bedrock resources found to protect with guardrails Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-06 Bedrock CloudTrail Logging Check No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-07 Bedrock Prompt Management Check Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses. Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-08 Bedrock Agent IAM Roles Check No Bedrock agents found in the account Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-09 Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-sec-111111111111-BedrockSecurityAssessmentFunc-188U9EAkRKkw/aiml-security-aiml-sec-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.No Knowledge Bases found in the accountNo action required Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-10 Bedrock Guardrail IAM Enforcement Check No guardrails configured - IAM enforcement check not applicable Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-11 Bedrock Custom Model Encryption Check No custom/fine-tuned models found in the account Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-12 Bedrock Invocation Log Encryption Check Model invocation logging to S3 is not configured Informational N/A
111111111111us-east-1
123456789012eu-west-1 BR-13 Bedrock Flows Guardrails Check No Bedrock Flows found in the account Informational N/A
111111111111ap-southeast-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformational
123456789012eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMedium N/A
111111111111ap-southeast-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
111111111111ap-southeast-2SM-03Data Protection CheckNo SageMaker resources found to check for data protection
123456789012eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
111111111111ap-southeast-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action required
123456789012eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deployment MediumPassed
111111111111ap-southeast-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformational N/A
111111111111ap-southeast-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformational
123456789012eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHigh N/A
111111111111ap-southeast-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformational
123456789012eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHigh N/A
111111111111ap-southeast-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
123456789012eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action required Informational N/A
111111111111ap-southeast-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformational
123456789012eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
111111111111ap-southeast-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformational
123456789012eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMedium N/A
111111111111ap-southeast-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformational
123456789012eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
111111111111ap-southeast-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformational
123456789012eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHigh N/A
111111111111ap-southeast-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformational
123456789012eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMedium N/A
111111111111ap-southeast-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformational
123456789012eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHigh N/A
111111111111ap-southeast-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformational
123456789012eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLow N/A
111111111111ap-southeast-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformational
123456789012eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.Low N/A
111111111111ap-southeast-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformational
123456789012eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMedium N/A
111111111111ap-southeast-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions found
123456789012eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarms No action required Informational N/A
111111111111ap-southeast-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
123456789012eu-west-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111ap-southeast-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
123456789012eu-west-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111ap-southeast-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
123456789012eu-west-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111ap-southeast-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
123456789012eu-west-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111ap-southeast-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
123456789012eu-west-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111ap-southeast-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
123456789012eu-west-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111ap-southeast-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111111111111ap-southeast-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
111111111111ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
123456789012eu-west-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111
123456789012 eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredAG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
111111111111
123456789012 eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredAG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
111111111111
123456789012 eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentAG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111
123456789012 eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionAG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111
123456789012 eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentAG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111
123456789012 eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionAG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
123456789012sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action required Informational N/A
111111111111eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
123456789012sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action required Informational N/A
111111111111eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances found
123456789012sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails No action required Informational N/A
111111111111eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found
123456789012sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage No action required Informational N/A
111111111111eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
123456789012sa-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templates Informational N/A
111111111111eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
123456789012sa-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account No action required Informational N/A
111111111111eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found
123456789012sa-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the account No action required Informational N/A
111111111111eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
123456789012sa-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies Informational N/A
111111111111eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores found
123456789012sa-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account No action required Informational N/A
111111111111eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
123456789012sa-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption Informational N/A
111111111111eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs found
123456789012sa-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account No action required Informational N/A
111111111111eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformational
123456789012sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMedium N/A
111111111111eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformational
123456789012sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs found
123456789012sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
111111111111eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs found
123456789012sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
123456789012sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
123456789012sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotas No action required Informational N/A
111111111111eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.Informational
123456789012sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
111111111111eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action required
123456789012sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responses MediumPassedN/A
111111111111eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action required
123456789012sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinations LowPassedN/A
111111111111eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.Informational
123456789012sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHigh N/A
111111111111GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action required
123456789012sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
123456789012sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topics HighPassedN/A
111111111111us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformational
123456789012sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLow N/A
111111111111us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action required
123456789012sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
123456789012sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumPassedN/A
111111111111us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protection
123456789012sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarms No action required Informational N/A
111111111111us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
123456789012sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
123456789012sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
123456789012sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
123456789012sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
123456789012sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
123456789012sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action required
123456789012sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action required
123456789012sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
123456789012sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
123456789012sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
123456789012sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
123456789012sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111
123456789012GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
123456789012GlobalBR-03Marketplace Subscription Access CheckRole 'aws-elasticbeanstalk-ec2-role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012GlobalBR-03Marketplace Subscription Access CheckRole 'RescoAppStack-Ec2Role2FD9A272-UB7xzDXt03Lg' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012GlobalBR-03Marketplace Subscription Access CheckRole 'xray-sample-SampleInstanceProfileRole-1WB21O2X8T7ZV' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012 us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundBR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivity No action required Informational N/A
111111111111
123456789012 us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessBR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation logging No action required Informational N/A
111111111111
123456789012 us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundBR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails No action required Informational N/A
111111111111
123456789012 us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundBR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage No action required Informational N/A
111111111111
123456789012 us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredBR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templates Informational N/A
111111111111
123456789012 us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundBR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account No action required Informational N/A
111111111111
123456789012 us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundBR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the account No action required Informational N/A
111111111111
123456789012 us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredBR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies Informational N/A
111111111111
123456789012 us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundBR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the account No action required Informational N/A
111111111111
123456789012 us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption Informational N/A
111111111111
123456789012 us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the account No action requiredMediumPassedInformationalN/A
111111111111us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012GlobalBR-15Cross-Account Guardrails Enforcement CheckBedrock Guardrails policy type is not enabled at the organization level. Cross-account guardrails cannot be enforced without enabling this policy type.Enable Bedrock Guardrails policy type in AWS Organizations to enforce consistent safety controls across all accounts. Use AWS Organizations console or CLI to enable the policy type.HighFailed
111111111111
123456789012 us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalBR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMedium N/A
111111111111ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformational
123456789012us-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources found
123456789012us-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
111111111111ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformational
123456789012us-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMedium N/A
111111111111ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformational
123456789012us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHigh N/A
111111111111ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformational
123456789012us-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHigh N/A
111111111111ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources found
123456789012us-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotas No action required Informational N/A
111111111111ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformational
123456789012us-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
111111111111ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformational
123456789012us-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMedium N/A
111111111111ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformational
123456789012us-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
111111111111ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformational
123456789012us-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHigh N/A
111111111111eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
111111111111eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
111111111111eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformational
123456789012us-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMedium N/A
111111111111eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformational
123456789012us-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHigh N/A
111111111111eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformational
123456789012us-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLow N/A
111111111111eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformational
123456789012us-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformational
123456789012us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMedium N/A
111111111111eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies
123456789012us-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarms No action required Informational N/A
111111111111eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required
123456789012us-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required
123456789012us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111
123456789012 GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access foundNo action requiredAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Bedrock Guardrails policy type is not enabled at the organization level. Cross-account guardrails cannot be enforced without enabling this policy type.Use IAM and organization controls to require approved guardrails for model and agent invocations where supported. HighPassed
111111111111GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMedium Failed
111111111111GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
111111111111
123456789012 us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredAG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111
123456789012 us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredAG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111
123456789012 us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredAG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111
123456789012 us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredAG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111
123456789012 us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredAG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111
123456789012 us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredAG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111
123456789012 us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredAG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111
123456789012 us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredAG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111
123456789012 us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredAG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111
123456789012 us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredAG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111
123456789012 us-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
111111111111ap-southeast-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
- -
-
Risk Distribution
-

Pass Rate by Severity

-
-
HIGH
50.0%
3 of 6 checks passed
-
MEDIUM
32.1%
9 of 28 checks passed
-
LOW
100.0%
3 of 3 checks passed
-
Overall
40.5%
15 of 37 actionable checks
-
- -

Risk by Region

-
ap-southeast-2
0
0 High · 0 Med · 0 Low
eu-west-1
0
0 High · 0 Med · 0 Low
us-east-1
0
0 High · 0 Med · 0 Low
-

Findings by Service

-
-
Bedrock
54
20 Failed · 1 Passed
-
SageMaker
82
0 Failed · 13 Passed
-
AgentCore
33
2 Failed · 1 Passed
-
Financial Services Risk
3
0 Failed · 0 Passed
-
-
-
-
Amazon Bedrock Findings
-
-
- -
-
-
- -
-
- - + + + @@ -2221,9 +2184,9 @@

Informational

- - - + + + @@ -2232,9 +2195,9 @@

Informational

- - - + + + @@ -2243,9 +2206,9 @@

Informational

- - - + + + @@ -2254,9 +2217,9 @@

Informational

- - - + + + @@ -2269,9 +2232,9 @@

Informational

- - - + + + @@ -2280,20 +2243,20 @@

Informational

- - - + + + - - + + - - - + + + @@ -2302,9 +2265,9 @@

Informational

- - - + + + @@ -2313,9 +2276,9 @@

Informational

- - - + + + @@ -2324,9 +2287,9 @@

Informational

- - - + + + @@ -2335,502 +2298,339 @@

Informational

- - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - + + + + + + + + + + + + + + + + + - + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - + + + + + + + + - + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2
123456789012us-west-2 BR-02 Amazon Bedrock private connectivity check No regional Bedrock resources found to assess private connectivityN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-04 Bedrock Model Invocation Logging Check No regional Bedrock resources found to monitor with invocation loggingN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-05 Bedrock Guardrails Check No regional Bedrock resources found to protect with guardrailsN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-06 Bedrock CloudTrail Logging Check No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-07 Bedrock Prompt Management Check Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.N/A
111111111111ap-southeast-2
123456789012us-west-2 BR-08 Bedrock Agent IAM Roles Check No Bedrock agents found in the accountN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-09 Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-sec-111111111111-BedrockSecurityAssessmentFunc-188U9EAkRKkw/aiml-security-aiml-sec-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.No Knowledge Bases found in the accountNo action required Informational N/A
111111111111ap-southeast-2
123456789012us-west-2 BR-10 Bedrock Guardrail IAM Enforcement Check No guardrails configured - IAM enforcement check not applicableN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-11 Bedrock Custom Model Encryption Check No custom/fine-tuned models found in the accountN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-12 Bedrock Invocation Log Encryption Check Model invocation logging to S3 is not configuredN/A
111111111111ap-southeast-2
123456789012us-west-2 BR-13 Bedrock Flows Guardrails Check No Bedrock Flows found in the accountN/A
111111111111eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformational
123456789012us-west-2BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMedium N/A
111111111111eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformational
123456789012us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHigh N/A
111111111111eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrails
123456789012us-west-2BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobs No action required Informational N/A
111111111111eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformational
123456789012us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMedium N/A
111111111111eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templatesInformational
123456789012us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHigh N/A
111111111111eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the account
123456789012us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012us-west-2BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotas No action required Informational N/A
111111111111eu-west-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-sec-111111111111-BedrockSecurityAssessmentFunc-188U9EAkRKkw/aiml-security-aiml-sec-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.Informational
123456789012us-west-2BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHigh N/A
111111111111eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformational
123456789012us-west-2BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMedium N/A
111111111111eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformational
123456789012us-west-2BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLow N/A
111111111111eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformational
123456789012us-west-2BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHigh N/A
111111111111eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformational
123456789012us-west-2BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMedium N/A
111111111111GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'aws-elasticbeanstalk-ec2-role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
123456789012us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topics HighFailedN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'RescoAppStack-Ec2Role2FD9A272-UB7xzDXt03Lg' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
111111111111GlobalBR-03Marketplace Subscription Access CheckRole 'xray-sample-SampleInstanceProfileRole-1WB21O2X8T7ZV' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
123456789012us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keys HighFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AIMLSecurityMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AmazonQInvestigationRole-DefaultInvestigationGroup-ma74at' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'aws-elasticbeanstalk-ec2-role' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AwsSecurityAudit' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForAuditManager' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'AWSServiceRoleForSupport' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'cdk-hnb659fds-lookup-role-111111111111-us-east-1' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSecAuditRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'CloudSeerTrustedServiceRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'InternalAuditInternal' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'Nova-DO-NOT-DELETE' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ReSCOAIMLMemberRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'RescoAppStack-Ec2Role2FD9A272-UB7xzDXt03Lg' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
123456789012us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job output MediumFailedN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'ScoutSuiteRole' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012us-west-2BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'SecurityHubGenAISummary-IAMRolefnCreateSummary-ulVA50wgXCG3' last accessed Bedrock on 2024-09-06You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111GlobalBR-14Stale Bedrock Access CheckRole 'xray-sample-SampleInstanceProfileRole-1WB21O2X8T7ZV' last accessed Bedrock on neverYou can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.MediumFailed
123456789012us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111111111111us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action required
123456789012us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action required
123456789012us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action required
123456789012us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action required
123456789012us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: -1. Create and version your prompts -2. Test different prompt variants -3. Share prompts across your organization -4. Maintain consistent prompt templates
123456789012us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action required
123456789012us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111us-east-1BR-09Bedrock Knowledge Base Encryption CheckUnable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-sec-111111111111-BedrockSecurityAssessmentFunc-188U9EAkRKkw/aiml-security-aiml-sec-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases actionVerify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
123456789012us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policies
123456789012us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action required
123456789012us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
123456789012us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action required
123456789012us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
-
-
-
Amazon SageMaker Findings
-
-
- -
-
-
- -
-
- - + + + + @@ -2839,9 +2639,9 @@

Informational

- - - + + + @@ -2850,9 +2650,9 @@

Medium

- - - + + + @@ -2861,9 +2661,9 @@

Informational

- - - + + + @@ -2872,9 +2672,9 @@

Medium

- - - + + + @@ -2883,9 +2683,9 @@

Informational

- - - + + + @@ -2894,1219 +2694,7806 @@

Informational

- - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2
123456789012ap-south-1 SM-01 SageMaker Internet Access Check No SageMaker notebook instances or domains found to checkN/A
111111111111ap-southeast-2
123456789012ap-south-1 SM-02 SageMaker SSO Configuration Check No SageMaker domains found, or all domains use SSO with IAM Identity Center configuredPassed
111111111111ap-southeast-2
123456789012ap-south-1 SM-03 Data Protection Check No SageMaker resources found to check for data protectionN/A
111111111111ap-southeast-2
123456789012ap-south-1 SM-04 GuardDuty Enabled Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.Passed
111111111111ap-southeast-2
123456789012ap-south-1 SM-05 SageMaker Model Registry Issue No model package groups foundN/A
111111111111ap-southeast-2
123456789012ap-south-1 SM-05 SageMaker Feature Store Issue No feature groups foundN/A
111111111111ap-southeast-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
123456789012ap-south-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012ap-south-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012ap-south-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012ap-south-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012ap-south-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012ap-south-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012ap-south-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012ap-south-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012ap-south-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012ap-south-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012ap-south-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012ap-south-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012ap-south-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012ap-south-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012sa-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredHighPassed
123456789012us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012us-west-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012us-west-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012us-west-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012us-west-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012us-west-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012us-west-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012us-west-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012us-west-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012us-west-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012us-west-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012us-west-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-west-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-west-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012us-west-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012us-west-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012us-west-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012us-west-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012us-west-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012us-west-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012us-west-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012us-west-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012us-west-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
123456789012ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012eu-west-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012eu-west-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012eu-west-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012eu-west-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012eu-west-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
123456789012eu-west-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012eu-west-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012eu-west-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012eu-west-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012eu-west-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
123456789012sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access foundNo action requiredHighPassed
123456789012GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Review and remove unused AgentCore permissions following least privilege principleInformationalN/A
123456789012GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
123456789012us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012us-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: No roles with overly permissive AgentCore access foundReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighPassed
123456789012GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Remove or restrict stale AgentCore permissions for principals that no longer need access.InformationalN/A
123456789012us-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
123456789012us-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012us-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012us-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012us-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012us-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012us-west-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
123456789012us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
123456789012us-west-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-west-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
123456789012eu-west-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
123456789012ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
123456789012sa-east-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
+
+
+
Risk Distribution
+

Pass Rate by Severity

+
+
HIGH
9.8%
4 of 41 checks passed
+
MEDIUM
36.6%
15 of 41 checks passed
+
LOW
27.8%
5 of 18 checks passed
+
Overall
24.0%
24 of 100 actionable checks
+
+ +

Risk by Region

+
ap-south-1
0
0 High · 0 Med · 0 Low
eu-west-1
0
0 High · 0 Med · 0 Low
sa-east-1
0
0 High · 0 Med · 0 Low
us-east-1
0
0 High · 0 Med · 0 Low
us-west-2
0
0 High · 0 Med · 0 Low
+

Findings by Assessment Area

+
+
Bedrock
145
4 Failed · 1 Passed
+
SageMaker
136
0 Failed · 21 Passed
+
AgentCore
53
1 Failed · 1 Passed
+
Agentic AI Security
123
1 Failed · 1 Passed
+
Financial Services Risk
5
0 Failed · 0 Passed
+
+
+
+
Amazon Bedrock Findings
+
+
+ +
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
123456789012ap-south-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
123456789012ap-south-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
123456789012ap-south-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
123456789012ap-south-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
123456789012ap-south-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
123456789012ap-south-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
123456789012ap-south-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
123456789012ap-south-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
123456789012ap-south-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
123456789012ap-south-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
123456789012ap-south-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
123456789012ap-south-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
123456789012ap-south-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012ap-south-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
123456789012ap-south-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
123456789012ap-south-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
123456789012ap-south-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012ap-south-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
123456789012ap-south-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
123456789012ap-south-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
123456789012ap-south-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
123456789012ap-south-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
123456789012ap-south-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
123456789012ap-south-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
123456789012ap-south-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
123456789012ap-south-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
123456789012ap-south-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
123456789012ap-south-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
123456789012eu-west-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
123456789012eu-west-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
123456789012eu-west-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
123456789012eu-west-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
123456789012eu-west-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
123456789012eu-west-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
123456789012eu-west-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
123456789012eu-west-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
123456789012eu-west-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
123456789012eu-west-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
123456789012eu-west-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
123456789012eu-west-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
123456789012eu-west-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012eu-west-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
123456789012eu-west-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
123456789012eu-west-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
123456789012eu-west-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012eu-west-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
123456789012eu-west-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
123456789012eu-west-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
123456789012eu-west-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
123456789012eu-west-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
123456789012eu-west-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
123456789012eu-west-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
123456789012eu-west-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
123456789012eu-west-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
123456789012eu-west-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
123456789012eu-west-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
123456789012sa-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
123456789012sa-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
123456789012sa-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
123456789012sa-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
123456789012sa-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
123456789012sa-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
123456789012sa-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
123456789012sa-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
123456789012sa-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
123456789012sa-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
123456789012sa-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
123456789012sa-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
123456789012sa-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012sa-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
123456789012sa-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
123456789012sa-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
123456789012sa-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012sa-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
123456789012sa-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
123456789012sa-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
123456789012sa-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
123456789012sa-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
123456789012sa-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
123456789012sa-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
123456789012sa-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
123456789012sa-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckUnable to check Imported model encryption check: An error occurred (AccessDeniedException) when calling the ListImportedModels operation: Your account is not authorized to invoke this API operation.Amazon Bedrock Custom Model Import is not enabled or available for this account in this region. No IAM change is required; the check applies only once model import is in use.LowN/A
123456789012sa-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
123456789012sa-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
123456789012GlobalBR-01AmazonBedrockFullAccess role checkNo roles found with AmazonBedrockFullAccess policyNo action requiredHighPassed
123456789012GlobalBR-03Marketplace Subscription Access CheckRole 'aws-elasticbeanstalk-ec2-role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012GlobalBR-03Marketplace Subscription Access CheckRole 'RescoAppStack-Ec2Role2FD9A272-UB7xzDXt03Lg' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012GlobalBR-03Marketplace Subscription Access CheckRole 'xray-sample-SampleInstanceProfileRole-1WB21O2X8T7ZV' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkWebTier'Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.HighFailed
123456789012us-east-1BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
123456789012us-east-1BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
123456789012us-east-1BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
123456789012us-east-1BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
123456789012us-east-1BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
123456789012us-east-1BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
123456789012us-east-1BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
123456789012us-east-1BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
123456789012us-east-1BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
123456789012us-east-1BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
123456789012us-east-1BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
123456789012GlobalBR-15Cross-Account Guardrails Enforcement CheckBedrock Guardrails policy type is not enabled at the organization level. Cross-account guardrails cannot be enforced without enabling this policy type.Enable Bedrock Guardrails policy type in AWS Organizations to enforce consistent safety controls across all accounts. Use AWS Organizations console or CLI to enable the policy type.HighFailed
123456789012us-east-1BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
123456789012us-east-1BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012us-east-1BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
123456789012us-east-1BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
123456789012us-east-1BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
123456789012us-east-1BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012us-east-1BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
123456789012us-east-1BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
123456789012us-east-1BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
123456789012us-east-1BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
123456789012us-east-1BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
123456789012us-east-1BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
123456789012us-east-1BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
123456789012us-east-1BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
123456789012us-east-1BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012us-east-1BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
123456789012us-east-1BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
123456789012us-west-2BR-02Amazon Bedrock private connectivity checkNo regional Bedrock resources found to assess private connectivityNo action requiredInformationalN/A
123456789012us-west-2BR-04Bedrock Model Invocation Logging CheckNo regional Bedrock resources found to monitor with invocation loggingNo action requiredInformationalN/A
123456789012us-west-2BR-05Bedrock Guardrails CheckNo regional Bedrock resources found to protect with guardrailsNo action requiredInformationalN/A
123456789012us-west-2BR-06Bedrock CloudTrail Logging CheckNo regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageNo action requiredInformationalN/A
123456789012us-west-2BR-07Bedrock Prompt Management CheckPrompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.Implement Prompt Management to: +1. Create and version your prompts +2. Test different prompt variants +3. Share prompts across your organization +4. Maintain consistent prompt templatesInformationalN/A
123456789012us-west-2BR-08Bedrock Agent IAM Roles CheckNo Bedrock agents found in the accountNo action requiredInformationalN/A
123456789012us-west-2BR-09Bedrock Knowledge Base Encryption CheckNo Knowledge Bases found in the accountNo action requiredInformationalN/A
123456789012us-west-2BR-10Bedrock Guardrail IAM Enforcement CheckNo guardrails configured - IAM enforcement check not applicableConfigure Bedrock Guardrails first, then enforce their use via IAM policiesInformationalN/A
123456789012us-west-2BR-11Bedrock Custom Model Encryption CheckNo custom/fine-tuned models found in the accountNo action requiredInformationalN/A
123456789012us-west-2BR-12Bedrock Invocation Log Encryption CheckModel invocation logging to S3 is not configuredIf logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryptionInformationalN/A
123456789012us-west-2BR-13Bedrock Flows Guardrails CheckNo Bedrock Flows found in the accountNo action requiredInformationalN/A
123456789012us-west-2BR-16Guardrail Tier Validation CheckNo Bedrock guardrails configured in this regionCreate Bedrock guardrails with Standard tier for enhanced content filtering and protectionMediumN/A
123456789012us-west-2BR-17Custom Model Customer-Managed KMS Encryption CheckNo custom (fine-tuned) Bedrock models found in this regionWhen creating custom models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012us-west-2BR-18Model Evaluation Implementation CheckNo regional Bedrock resources found to assess with model evaluation jobsNo action requiredInformationalN/A
123456789012us-west-2BR-19Prompt Flow Validation CheckNo Bedrock prompt flows configured in this regionWhen creating prompt flows, use the ValidateFlowDefinition API to validate flow definitions before deploymentMediumN/A
123456789012us-west-2BR-20Knowledge Base Customer-Managed KMS Encryption CheckNo Bedrock knowledge bases found in this regionWhen creating knowledge bases, specify customer-managed KMS keys for both vector store and data source encryptionHighN/A
123456789012us-west-2BR-21Agent Action Group IAM Least Privilege CheckNo Bedrock agents configured in this regionWhen creating agents with action groups, ensure Lambda execution roles follow least privilege principlesHighN/A
123456789012us-west-2BR-22Model Invocation Throttling Limits CheckNo regional Bedrock resources found to assess model invocation throttling quotasNo action requiredInformationalN/A
123456789012us-west-2BR-23Guardrail Content Filter Coverage CheckNo Bedrock guardrails configured in this regionCreate guardrails with all content filters enabled (hate, insults, sexual, violence) with appropriate thresholdsHighN/A
123456789012us-west-2BR-24Automated Reasoning Policy Implementation CheckNo Bedrock guardrails configured in this regionCreate guardrails with Automated Reasoning policies for formal verification of model responsesMediumN/A
123456789012us-west-2BR-25RAG Evaluation Jobs CheckNo Bedrock knowledge bases found in this regionWhen implementing RAG applications, configure evaluation jobs to assess context relevance, response correctness, and prevent hallucinationsLowN/A
123456789012us-west-2BR-26Guardrail Sensitive Information Filter CheckNo Bedrock guardrails configured in this regionCreate guardrails with sensitive-information filters (PII entities and/or regex patterns) to detect and redact sensitive data in prompts and model responsesHighN/A
123456789012us-west-2BR-27Guardrail Contextual Grounding CheckNo Bedrock guardrails configured in this regionCreate guardrails with contextual grounding checks to detect hallucinations (ungrounded responses) and irrelevant answers, especially for RAG applicationsMediumN/A
123456789012us-west-2BR-28Agent Guardrail Association CheckNo Bedrock agents configured in this regionWhen creating agents, associate a Bedrock guardrail so agent inputs and responses are filtered for harmful content, PII, and denied topicsHighN/A
123456789012us-west-2BR-29Agent Idle Session TTL CheckNo Bedrock agents configured in this regionWhen creating agents, set a conservative idleSessionTTLInSeconds to limit how long an idle session remains resumableLowN/A
123456789012us-west-2BR-30Imported Model Customer-Managed KMS Encryption CheckNo imported custom Bedrock models found in this regionWhen importing models, specify a customer-managed KMS key for encryption to maintain control over encryption keysHighN/A
123456789012us-west-2BR-31Batch Inference Output Encryption CheckNo Bedrock batch inference (model invocation) jobs found in this regionWhen creating batch inference jobs, set outputDataConfig.s3OutputDataConfig.s3EncryptionKeyId to a customer-managed KMS key to encrypt the job outputMediumN/A
123456789012us-west-2BR-32Bedrock CloudWatch Alarm CheckNo regional Bedrock resources found to monitor with CloudWatch alarmsNo action requiredInformationalN/A
+
+
+
Amazon SageMaker Findings
+
+
+ +
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
123456789012ap-south-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012ap-south-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012ap-south-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012ap-south-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012ap-south-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012ap-south-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012ap-south-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012ap-south-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012ap-south-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012ap-south-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012ap-south-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012ap-south-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012ap-south-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012ap-south-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012ap-south-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012ap-south-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012ap-south-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012ap-south-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012ap-south-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012ap-south-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012ap-south-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012ap-south-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012ap-south-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012sa-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012sa-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012sa-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012sa-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012sa-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012sa-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012sa-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012sa-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012sa-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012sa-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012sa-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012sa-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012sa-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012sa-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012sa-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012sa-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012sa-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012sa-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012sa-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012sa-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012sa-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012sa-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012sa-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredHighPassed
123456789012us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
123456789012us-west-2SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredInformationalN/A
123456789012us-west-2SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
123456789012us-west-2SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredInformationalN/A
123456789012us-west-2SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassed
123456789012us-west-2SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentInformationalN/A
123456789012us-west-2SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionInformationalN/A
123456789012us-west-2SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentInformationalN/A
123456789012us-west-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionInformationalN/A
123456789012us-west-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesInformationalN/A
123456789012us-west-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsInformationalN/A
123456789012us-west-2SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-west-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredInformationalN/A
123456789012us-west-2SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredInformationalN/A
123456789012us-west-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action requiredInformationalN/A
123456789012us-west-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action requiredInformationalN/A
123456789012us-west-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action requiredInformationalN/A
123456789012us-west-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action requiredInformationalN/A
123456789012us-west-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action requiredInformationalN/A
123456789012us-west-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action requiredInformationalN/A
123456789012us-west-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.InformationalN/A
123456789012us-west-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012us-west-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012us-west-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.InformationalN/A
+
+
+
Amazon Bedrock AgentCore Findings
+
+
+ +
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
123456789012ap-south-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012ap-south-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012ap-south-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012ap-south-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012ap-south-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012sa-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012sa-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012sa-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012sa-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access foundNo action requiredHighPassed
123456789012GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Review and remove unused AgentCore permissions following least privilege principleInformationalN/A
123456789012GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
123456789012us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action requiredInformationalN/A
123456789012us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredInformationalN/A
123456789012us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredInformationalN/A
123456789012us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundNo action requiredInformationalN/A
123456789012us-west-2AC-04AgentCore Observability CheckNo AgentCore resources foundNo action required Informational N/A
111111111111ap-southeast-2SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detection
123456789012us-west-2AC-05AgentCore Encryption CheckNo AgentCore resources foundNo action required Informational N/A
111111111111ap-southeast-2SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedules
123456789012us-west-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required Informational N/A
111111111111ap-southeast-2SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflows
123456789012us-west-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required Informational N/A
111111111111ap-southeast-2SM-09SageMaker Notebook Root Access CheckNo notebook instances found
123456789012us-west-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources found No action required Informational N/A
111111111111ap-southeast-2SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances found
123456789012us-west-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources found No action required Informational N/A
111111111111ap-southeast-2SM-11SageMaker Model Network Isolation CheckNo models found
123456789012us-west-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policies No action required Informational N/A
111111111111ap-southeast-2SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints found
123456789012us-west-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines found No action required Informational N/A
111111111111ap-southeast-2SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules found
123456789012us-west-2AC-12AgentCore Gateway Encryption CheckNo Gateways found No action requiredInformationalN/A
+
+
Agentic AI Security Findings
Scope: API-provable Agentic AI security controls mapped to the AWS Well-Architected Agentic AI Lens security guidance. Human-in-the-loop governance is referenced in methodology but not scored automatically unless an AWS API can prove the control.
+ + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - - - + + + + + - + - - + + - - - - - + + + + + - - - - - - - - - - - - - + + - - - - - + + + + + - - + + - - - - - - - + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - + + + + + + - - - - - - - - - - - - + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
123456789012ap-south-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111ap-southeast-2SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
123456789012ap-south-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111ap-southeast-2SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
123456789012ap-south-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111ap-southeast-2SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
123456789012ap-south-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111ap-southeast-2SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
123456789012ap-south-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111ap-southeast-2SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
123456789012ap-south-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111ap-southeast-2SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
123456789012ap-south-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111ap-southeast-2SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
123456789012ap-south-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111ap-southeast-2SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
123456789012ap-south-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111ap-southeast-2SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
123456789012ap-south-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111ap-southeast-2SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012ap-south-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating.InformationalN/A
111111111111ap-southeast-2SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012ap-south-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements.InformationalN/A
111111111111ap-southeast-2SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
123456789012ap-south-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111
123456789012 eu-west-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredAG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111
123456789012 eu-west-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassedAG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured.InformationalN/A
111111111111
123456789012 eu-west-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredAG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111
123456789012 eu-west-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassedAG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
111111111111
123456789012 eu-west-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentAG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111
123456789012 eu-west-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionAG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111
123456789012 eu-west-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentAG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111
123456789012 eu-west-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionAG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111
123456789012 eu-west-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesAG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111
123456789012 eu-west-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsAG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111
123456789012 eu-west-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredAG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111
123456789012 eu-west-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredAG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111
123456789012 eu-west-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action requiredAG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111eu-west-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
123456789012sa-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111eu-west-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
123456789012sa-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111eu-west-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
123456789012sa-east-1AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111eu-west-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
123456789012sa-east-1AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions.InformationalN/A
123456789012sa-east-1AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
123456789012sa-east-1AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111eu-west-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
123456789012sa-east-1AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111eu-west-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
123456789012sa-east-1AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111eu-west-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
123456789012sa-east-1AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111eu-west-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
123456789012sa-east-1AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111eu-west-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
123456789012sa-east-1AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111eu-west-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
123456789012sa-east-1AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111eu-west-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
123456789012sa-east-1AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111eu-west-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
111111111111eu-west-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.No action requiredLowPassed
123456789012us-east-1AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements.InformationalN/A
111111111111eu-west-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
123456789012us-east-1AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111
123456789012 GlobalSM-02SageMaker IAM Permissions CheckNo issues found with IAM permissions and no stale access detectedNo action requiredAG-09Agentic AI Guardrail Enforcement BoundaryAgentic AI security domain: Guardrail Enforcement. Organization-level guardrail enforcement helps prevent agents from bypassing required safety controls across accounts. Source check BR-15: Bedrock Guardrails policy type is not enabled at the organization level. Cross-account guardrails cannot be enforced without enabling this policy type.Use IAM and organization controls to require approved guardrails for model and agent invocations where supported. HighPassedFailed
111111111111
123456789012 us-east-1SM-01SageMaker Internet Access CheckNo SageMaker notebook instances or domains found to checkNo action requiredAG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111us-east-1SM-02SageMaker SSO Configuration CheckNo SageMaker domains found, or all domains use SSO with IAM Identity Center configuredNo action requiredMediumPassed
111111111111
123456789012 us-east-1SM-03Data Protection CheckNo SageMaker resources found to check for data protectionNo action requiredAG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111
123456789012 us-east-1SM-04GuardDuty EnabledAmazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.No action requiredMediumPassedAG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required.InformationalN/A
111111111111
123456789012 us-east-1SM-05SageMaker Model Registry IssueNo model package groups foundImplement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deploymentAG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111
123456789012 us-east-1SM-05SageMaker Feature Store IssueNo feature groups foundUtilize SageMaker Feature Store to create, share, and manage features for machine learning development and productionAG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111
123456789012 us-east-1SM-05SageMaker Pipelines IssueNo ML pipelines foundImplement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deploymentAG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111
123456789012 us-east-1SM-06SageMaker Clarify No Clarify UsageNo SageMaker Clarify jobs foundImplement SageMaker Clarify for model explainability and bias detectionAG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111
123456789012 us-east-1SM-07SageMaker Model Monitor No Model MonitoringNo Model Monitor schedules foundConfigure comprehensive model monitoring schedulesAG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111
123456789012 us-east-1SM-08Model Registry Registry Not UsedModel Registry is not being utilizedImplement proper model versioning and approval workflowsAG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111
123456789012 us-east-1SM-09SageMaker Notebook Root Access CheckNo notebook instances foundNo action requiredAG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111
123456789012 us-east-1SM-10SageMaker Notebook VPC Deployment CheckNo notebook instances foundNo action requiredAG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available. Informational N/A
111111111111us-east-1SM-11SageMaker Model Network Isolation CheckNo models foundNo action required
123456789012us-west-2AG-07Agentic AI Model Invocation LoggingAgentic AI security domain: Auditability & Observability. Agents can take multi-step actions, so prompt, response, and guardrail traces need to be available for investigation. Source check BR-04: No regional Bedrock resources found to monitor with invocation loggingEnable Amazon Bedrock model invocation logging and retain logs according to your incident response and data governance requirements. Informational N/A
111111111111us-east-1SM-12SageMaker Endpoint Instance Count CheckNo InService endpoints foundNo action required
123456789012us-west-2AG-08Agentic AI API Audit TrailAgentic AI security domain: Auditability & Observability. Agent activity must be attributable through CloudTrail events for Bedrock control plane and runtime operations. Source check BR-06: No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverageEnable CloudTrail trails with management event logging and validate that Bedrock API activity is captured. Informational N/A
111111111111us-east-1SM-13SageMaker Monitoring Network Isolation CheckNo monitoring schedules foundNo action required
123456789012us-west-2AG-10Agentic AI Adversarial Evaluation CoverageAgentic AI security domain: Prompt & Input Protection. Agentic applications should be tested for adversarial prompts and unsafe behaviors before production use. Source check BR-18: No regional Bedrock resources found to assess with model evaluation jobsConfigure model or application evaluations that include adversarial, safety, and security-relevant test cases. Informational N/A
111111111111us-east-1SM-14SageMaker Model Repository Access CheckNo models found or all use default Platform accessNo action required
123456789012us-west-2AG-11Agentic AI Prompt Flow ValidationAgentic AI security domain: Prompt & Input Protection. Validated prompt flows reduce the risk that malformed orchestration logic causes unsafe agent behavior. Source check BR-19: No Bedrock prompt flows configured in this regionValidate Bedrock flow definitions before deployment and remediate validation findings before publishing new versions. Informational N/A
111111111111us-east-1SM-15SageMaker Feature Store Encryption CheckNo feature groups with offline stores foundNo action required
123456789012us-west-2AG-06Agentic AI Tool Execution Least PrivilegeAgentic AI security domain: Tool Authorization. Agent action groups are tool execution boundaries; over-permissive roles can let an agent perform unintended operations. Source check BR-21: No Bedrock agents configured in this regionRestrict action group Lambda roles and referenced IAM permissions to the specific tools, resources, and actions required. Informational N/A
111111111111us-east-1SM-16SageMaker Data Quality Job Encryption CheckNo data quality job definitions foundNo action required
123456789012us-west-2AG-12Agentic AI Invocation Abuse ControlsAgentic AI security domain: Abuse & Cost Protection. Autonomous agents can amplify token usage through retries, loops, or high-volume tool workflows. Source check BR-22: No regional Bedrock resources found to assess model invocation throttling quotasConfigure service quotas, throttling limits, and alerting to detect and limit abnormal model invocation patterns. Informational N/A
111111111111us-east-1SM-17SageMaker Processing Job Encryption CheckNo processing jobs foundNo action required
123456789012us-west-2AG-02Agentic AI Harmful Content Guardrail CoverageAgentic AI security domain: Guardrail Enforcement. Agents should use guardrails that filter harmful content in both intermediate and final responses. Source check BR-23: No Bedrock guardrails configured in this regionConfigure guardrails with appropriate content filters and thresholds for all agent-facing workloads. Informational N/A
111111111111us-east-1SM-18SageMaker Transform Job Encryption CheckNo transform jobs foundNo action required
123456789012us-west-2AG-04Agentic AI Automated Reasoning GuardrailsAgentic AI security domain: Guardrail Enforcement. Automated reasoning policies help verify agent responses against deterministic business or safety rules. Source check BR-24: No Bedrock guardrails configured in this regionConfigure automated reasoning policies on guardrails where formal response validation is required. Informational N/A
111111111111us-east-1SM-19SageMaker Hyperparameter Tuning Job Encryption CheckNo hyperparameter tuning jobs foundNo action required
123456789012us-west-2AG-03Agentic AI Sensitive Information ProtectionAgentic AI security domain: Memory & Data Privacy. Agents can receive and produce sensitive data across conversations, tool calls, and retrieved context. Source check BR-26: No Bedrock guardrails configured in this regionConfigure guardrail sensitive-information filters for PII entities and custom sensitive-data patterns. Informational N/A
111111111111us-east-1SM-20SageMaker Compilation Job Encryption CheckNo compilation jobs foundNo action required
123456789012us-west-2AG-05Agentic AI Grounding ControlsAgentic AI security domain: Prompt & Input Protection. Grounding checks reduce the chance that an agent acts on hallucinated or irrelevant context. Source check BR-27: No Bedrock guardrails configured in this regionEnable contextual grounding checks on guardrails for RAG and tool-using agent workflows. Informational N/A
111111111111us-east-1SM-21SageMaker AutoML Job Network Isolation CheckNo AutoML jobs foundNo action required
123456789012us-west-2AG-01Agentic AI Agent Guardrail AssociationAgentic AI security domain: Guardrail Enforcement. Bedrock agents should have guardrails associated so autonomous interactions are filtered consistently. Source check BR-28: No Bedrock agents configured in this regionAssociate an approved Bedrock guardrail with each Bedrock agent and prepare the agent after updating. Informational N/A
111111111111us-east-1SM-22Model Approval Workflow CheckNo model package groups found. Model Registry is not being used for model governance.Implement Model Registry to track model versions and enforce approval workflows before production deployment.
123456789012us-west-2AG-13Agentic AI Session BoundaryAgentic AI security domain: Bounded Autonomy. Long-lived idle sessions widen the window for session reuse and unintended continuation of agent context. Source check BR-29: No Bedrock agents configured in this regionSet a conservative idleSessionTTLInSeconds value for agents based on application session requirements. Informational N/A
111111111111us-east-1SM-23Model Drift Detection CheckNo InService endpoints found to monitor.No action requiredMediumPassed
123456789012us-west-2AG-14Agentic AI Operational Abuse AlarmsAgentic AI security domain: Abuse & Cost Protection. CloudWatch alarms help detect anomalous invocation errors, throttling, or volume caused by autonomous workflows. Source check BR-32: No regional Bedrock resources found to monitor with CloudWatch alarmsConfigure CloudWatch alarms for Bedrock invocation errors, throttles, latency, and token or request volume where metrics are available.InformationalN/A
111111111111us-east-1SM-24A/B Testing and Shadow Deployment CheckNo InService endpoints found.
123456789012ap-south-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action requiredLowPassed
111111111111us-east-1SM-25ML Lineage Tracking - Experiments Not UsedNo SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability. Informational N/A
-
-
-
Amazon Bedrock AgentCore Findings
-
-
- -
-
-
- -
-
- - - - - + + + + + + + - + - - - - - - + + + + + + - + - - - - - - + + + + + + - + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - - - + + + + + + - - - + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + - - + + - - - + + + - + + + + + + + + + + + + + + + + + + + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - - - + + + + + - - + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + - + -
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111ap-southeast-2AC-01AgentCore VPC Configuration CheckNo AgentCore resources found
123456789012ap-south-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2AC-04AgentCore Observability CheckNo AgentCore resources found
123456789012ap-south-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2AC-05AgentCore Encryption CheckNo AgentCore resources found
123456789012ap-south-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
111111111111ap-southeast-2AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationNo action required
123456789012ap-south-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
111111111111ap-southeast-2AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action required
123456789012ap-south-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
111111111111ap-southeast-2AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action required
123456789012ap-south-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
111111111111ap-southeast-2AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action required
123456789012ap-south-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
111111111111ap-southeast-2AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action required
123456789012ap-south-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
111111111111ap-southeast-2AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action required
123456789012ap-south-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required. Informational N/A
111111111111ap-southeast-2AC-12AgentCore Gateway Encryption CheckNo Gateways foundNo action required
123456789012ap-south-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required. Informational N/A
111111111111
123456789012 eu-west-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundAG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 eu-west-1AC-04AgentCore Observability CheckNo AgentCore resources foundAG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 eu-west-1AC-05AgentCore Encryption CheckNo AgentCore resources foundAG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 eu-west-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationAG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 eu-west-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredAG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
111111111111
123456789012 eu-west-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredAG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
111111111111
123456789012 eu-west-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredAG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
111111111111
123456789012 eu-west-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredAG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
111111111111
123456789012 eu-west-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredAG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
111111111111
123456789012 eu-west-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundAG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012eu-west-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012sa-east-1AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
111111111111GlobalAC-02AgentCore IAM Full Access CheckNo roles with overly permissive AgentCore access found
123456789012sa-east-1AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action requiredHighPassedInformationalN/A
111111111111GlobalAC-03AgentCore Unused PermissionsThe following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'Review and remove unused AgentCore permissions following least privilege principleMediumFailed
123456789012sa-east-1AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
111111111111GlobalAC-09AgentCore Service-Linked Role MissingService-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.MediumFailed
123456789012sa-east-1AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012sa-east-1AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
111111111111
123456789012sa-east-1AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012sa-east-1AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012sa-east-1AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012sa-east-1AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012sa-east-1AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012sa-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012 us-east-1AC-01AgentCore VPC Configuration CheckNo AgentCore resources foundAG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 us-east-1AC-04AgentCore Observability CheckNo AgentCore resources foundAG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 us-east-1AC-05AgentCore Encryption CheckNo AgentCore resources foundAG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways found No action required Informational N/A
111111111111
123456789012 us-east-1AC-06AgentCore Browser Tool Recording CheckNo AgentCore Runtimes found to check browser tool configurationAG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways found No action requiredInformationalN/A
123456789012GlobalAG-16Agentic AI AgentCore Least PrivilegeAgentic AI security domain: Agent Identity & Access. Over-permissive AgentCore principals can let agents or operators bypass intended autonomy and tool boundaries. Source check AC-02: No roles with overly permissive AgentCore access foundReplace full-access AgentCore permissions with least-privilege IAM policies scoped to required resources and actions.HighPassed
123456789012GlobalAG-17Agentic AI Stale AgentCore AccessAgentic AI security domain: Agent Identity & Access. Unused AgentCore permissions increase the blast radius of compromised principals. Source check AC-03: The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'CloudSeerTrustedServiceRole'Remove or restrict stale AgentCore permissions for principals that no longer need access. Informational N/A
111111111111
123456789012 us-east-1AC-07AgentCore Memory Configuration CheckNo Memory resources foundNo action requiredAG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services. Informational N/A
111111111111
123456789012 us-east-1AC-13AgentCore Gateway Configuration CheckNo Gateway resources foundNo action requiredAG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported. Informational N/A
111111111111
123456789012 us-east-1AC-08AgentCore VPC Endpoints CheckNo AgentCore resources foundNo action requiredAG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions. Informational N/A
111111111111
123456789012 us-east-1AC-10AgentCore Resource-Based Policies CheckNo AgentCore resources found to check for resource-based policiesNo action requiredAG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability. Informational N/A
111111111111
123456789012 us-east-1AC-11AgentCore Policy Engine Encryption CheckNo Policy Engines foundNo action requiredAG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources. Informational N/A
111111111111
123456789012 us-east-1AC-12AgentCore Gateway Encryption CheckNo Gateways foundAG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-east-1AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-west-2AG-24Agentic AI Gateway Inbound AuthorizationNo AgentCore Gateways found No action required Informational N/A
-
-
Financial Services GenAI Risk Findings
Scope: this assessment records findings against each resolved CloudFormation TargetRegions entry. These checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption. Severities follow a documented Likelihood × Impact methodology (see docs).
- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
111111111111
123456789012us-west-2AG-25Agentic AI Gateway Tool Policy EnforcementNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-26Agentic AI Gateway Error Detail ExposureNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-27Agentic AI Gateway WAF ProtectionNo AgentCore Gateways foundNo action requiredInformationalN/A
123456789012us-west-2AG-15Agentic AI Runtime Network BoundaryAgentic AI security domain: Bounded Autonomy. Agent runtimes should execute inside explicit network boundaries to reduce unintended external reachability. Source check AC-01: No AgentCore resources foundConfigure AgentCore runtimes with appropriate VPC settings and restrict network paths to required services.InformationalN/A
123456789012us-west-2AG-18Agentic AI AgentCore ObservabilityAgentic AI security domain: Auditability & Observability. AgentCore observability provides the telemetry needed to investigate runtime, tool, memory, and gateway behavior. Source check AC-04: No AgentCore resources foundEnable CloudWatch Logs, tracing, and AgentCore observability for runtime and gateway resources where supported.InformationalN/A
123456789012us-west-2AG-19Agentic AI Memory Data ProtectionAgentic AI security domain: Memory & Data Privacy. Agent memory can contain sensitive user or business context and should use customer-controlled encryption where required. Source check AC-07: No Memory resources foundConfigure AgentCore memory resources with customer-managed KMS keys and review memory access permissions.InformationalN/A
123456789012us-west-2AG-20Agentic AI Private AgentCore ConnectivityAgentic AI security domain: Bounded Autonomy. Private service connectivity reduces exposure for agents that access AgentCore control or runtime services. Source check AC-08: No AgentCore resources foundCreate required VPC endpoints for AgentCore services and validate endpoint availability.InformationalN/A
123456789012us-west-2AG-21Agentic AI Resource Policy BoundaryAgentic AI security domain: Agent Identity & Access. Resource-based policies add a second authorization boundary for AgentCore runtimes and gateways. Source check AC-10: No AgentCore resources found to check for resource-based policiesAttach resource-based policies to AgentCore resources to constrain principals, accounts, and network sources.InformationalN/A
123456789012us-west-2AG-22Agentic AI Policy Engine Data ProtectionAgentic AI security domain: Tool Authorization. Policy engines contain authorization logic for tool calls and should be protected with appropriate encryption controls. Source check AC-11: No Policy Engines foundConfigure policy engines with customer-managed KMS keys where enhanced key control is required.InformationalN/A
123456789012us-west-2AG-23Agentic AI Gateway Data ProtectionAgentic AI security domain: Tool Authorization. Gateway configuration can include tool schemas, target definitions, and integration metadata. Source check AC-12: No Gateways foundConfigure AgentCore gateways with customer-managed KMS keys where enhanced key control is required.InformationalN/A
+
Financial Services GenAI Risk Findings
Scope: this assessment records findings against each resolved CloudFormation TargetRegions entry. These checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption. Severities follow a documented Likelihood × Impact methodology (see docs).
+ @@ -4116,8 +10503,19 @@

Informational

- - + + + + + + + + + + + + + @@ -4127,12 +10525,23 @@

Informational

- - - + + + + + + + + + + + + + + - + @@ -4143,7 +10552,7 @@

Severity Levels & Status Values

Account IDRegionCheck IDFindingDetailsResolutionReferenceSeverityStatus
123456789012 us-east-1 FS-00 FinServ Regional Scope Not ApplicableN/A
111111111111
123456789012us-west-2FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in us-west-2; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
123456789012 eu-west-1 FS-00 FinServ Regional Scope Not ApplicableN/A
111111111111ap-southeast-2
123456789012ap-south-1FS-00FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-south-1; FinServ GenAI risk checks were not applied to this region.No action required unless GenAI workloads are expected in this region.InformationalN/A
123456789012sa-east-1 FS-00 FinServ Regional Scope Not ApplicableNo regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.No regional Bedrock, AgentCore, or SageMaker resources were found in sa-east-1; FinServ GenAI risk checks were not applied to this region. No action required unless GenAI workloads are expected in this region. Informational
HighDirect security riskFailedRemediation needed
MediumDefense-in-depth gapPassedMeets requirements
LowBest practiceN/ANot applicable
InformationalNo action required

Remediation Guidance

High7 daysAddress immediately; block deployment if unresolved
Medium30 daysSchedule in next sprint; may require change window
Low90 daysInclude in backlog; address during regular maintenance

Assessment Notes

Point-in-time: Security posture changes as resources are modified. Scope limited: Passed checks verify tested controls only. Context matters: Adjust severity for compliance requirements and environment type.
-

Assessment Scope

Amazon Bedrock
Amazon SageMaker
Amazon Bedrock AgentCore
Industry
Financial Services GenAI Risk

Bedrock, SageMaker, and AgentCore checks are based on the AWS Well-Architected Framework Generative AI Lens. Financial Services GenAI Risk checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption.

+

Assessment Scope

Amazon Bedrock
Amazon SageMaker
Amazon Bedrock AgentCore
Agentic AI Security
Agentic AI Security Lens Mapping
Industry
Financial Services GenAI Risk

Bedrock, SageMaker, and AgentCore checks are based on the AWS Well-Architected Framework Generative AI Lens. Agentic AI Security references the AWS Well-Architected Agentic AI Lens. Controls that cannot be proven using AWS APIs, including semantic human-in-the-loop workflow quality, are not automatically scored. Financial Services GenAI Risk checks are based on the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption.

@@ -4323,10 +10732,11 @@