Security, compliance, and governance in Amazon Bedrock — data protection, access control, and regulatory considerations.
Data Privacy Guarantees
Bedrock provides strong data isolation:
| Guarantee | Description |
|---|---|
| No training on your data | Your prompts/responses are never used to train or improve foundation models |
| Data stays in your account | Inputs and outputs don’t leave your AWS account |
| No data retention | Bedrock doesn’t store your prompts or responses (you control any logging) |
| Model isolation | Your inference runs in isolated environments |
Key Point: This is a major differentiator from using provider APIs directly (OpenAI, Anthropic) — your data is truly private.
Encryption
At Rest
| Component | Encryption |
|---|---|
| Fine-tuned models | AWS KMS (customer-managed or AWS-managed keys) |
| Knowledge Base data | Vector store encryption (OpenSearch, Aurora, etc.) |
| S3 data | S3 encryption with KMS |
In Transit
- All API calls use TLS 1.2+
- VPC endpoints use private connectivity
Network Security
| Feature | Description |
|---|---|
| VPC Endpoints | Private connectivity, no public internet |
| PrivateLink | Keep traffic within AWS network |
| Security Groups | Control inbound/outbound traffic |
| No public endpoint required | Can run entirely in private subnets |
Best Practice: Use VPC endpoints for production workloads to avoid public internet exposure.
Access Control (IAM)
Fine-grained access control:
| Control Level | What You Can Restrict |
|---|---|
| Model access | Which models a user/role can invoke |
| Feature access | Knowledge Bases, Agents, Guardrails separately |
| Actions | InvokeModel, CreateAgent, etc. |
| Resources | Specific model ARNs, specific agents |
Example IAM Policies
| Scenario | Policy Approach |
|---|---|
| Dev team can only use Llama | Restrict to specific model ARNs |
| Prod can use all, dev limited | Separate roles with different permissions |
| Block fine-tuning in prod | Deny CreateModelCustomizationJob |
| Only specific agents | Resource-based restrictions |
Audit & Monitoring
| Service | What It Captures |
|---|---|
| CloudTrail | All API calls (who invoked what model, when) |
| CloudWatch Logs | Model invocation logs (optional, you enable) |
| CloudWatch Metrics | Latency, token counts, errors, throttling |
| Config | Track Bedrock resource configurations |
Important Point: CloudTrail logs all Bedrock API calls for compliance and audit purposes.
Compliance Certifications
Bedrock inherits AWS compliance:
| Certification | Status |
|---|---|
| SOC 1, 2, 3 | ✅ Compliant |
| ISO 27001, 27017, 27018 | ✅ Compliant |
| HIPAA | ✅ Eligible (with BAA) |
| PCI DSS | ✅ Compliant |
| FedRAMP | ✅ In scope (varies by region) |
| GDPR | ✅ Data processing compliant |
| CSA STAR | ✅ Compliant |
Note: Compliance applies to the Bedrock service. Your application built on Bedrock must also be compliant.
Data Residency
| Aspect | How It Works |
|---|---|
| Region selection | You choose which AWS Region to use |
| Data stays in region | Prompts/responses processed in your chosen region |
| Cross-region considerations | Some models may only be available in specific regions |
Responsible AI
Bedrock provides tools for responsible AI deployment:
| Tool | Purpose |
|---|---|
| Guardrails | Filter harmful content, PII, prompt attacks |
| Model evaluation | Test for bias, toxicity, accuracy |
| Automated Reasoning | Prevent hallucinations |
| Audit logging | Track all model usage |
When to Use Bedrock (Security Perspective)
| Scenario | Recommendation |
|---|---|
| Regulated industry (healthcare, finance) | Bedrock (HIPAA, PCI compliance) |
| Data must stay in specific region | Bedrock (region selection) |
| No data sharing with model providers | Bedrock (data isolation guarantee) |
| Need full audit trail | Bedrock (CloudTrail integration) |
| Private network required | Bedrock (VPC endpoints) |
| Quick prototype, less sensitive data | Direct APIs may be simpler |
TL;DR
- Data never used for training — your prompts are private
- Encryption: KMS at rest, TLS in transit
- Network: VPC endpoints for private connectivity
- IAM: Fine-grained control per model, action, resource
- Audit: CloudTrail logs every API call
- Compliance: SOC, HIPAA, PCI, ISO, GDPR, FedRAMP
Bottom line: Bedrock is designed for enterprise security requirements.
Resources
Bedrock Security
Security documentation and best practices.AWS Compliance
Full list of AWS compliance certifications.