No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
111111111111
ap-southeast-2
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
111111111111
ap-southeast-2
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
111111111111
ap-southeast-2
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
111111111111
Global
AC-02
AgentCore IAM Full Access Policy
The following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161
Replace with least-privilege policies scoped to specific AgentCore resources and actions
High
Failed
111111111111
Global
AC-02
AgentCore IAM Wildcard Permissions
The following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-role
Scope permissions to specific AgentCore resources using resource ARNs
High
Failed
111111111111
Global
AC-03
AgentCore Stale Access
The following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (179 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (179 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (179 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (62 days)
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
111111111111
Global
AC-03
AgentCore Unused Permissions
The following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW', role 'ReSCOAIMLMemberRole'
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
111111111111
Global
AC-09
AgentCore Service-Linked Role Missing
Service-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.
The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.
Medium
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Consider using customer-managed KMS keys for better control and audit capabilities
Low
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-07
AgentCore Memory Encryption
Memory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configured
Enable encryption with customer-managed KMS keys
Medium
Failed
111111111111
us-east-1
AC-07
AgentCore Memory Encryption
Memory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configured
Enable encryption with customer-managed KMS keys
Medium
Failed
111111111111
us-east-1
AC-07
AgentCore Memory Encryption
Memory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configured
Enable encryption with customer-managed KMS keys
Medium
Failed
111111111111
us-east-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
111111111111
us-east-1
AC-08
AgentCore VPC Endpoints Missing
No AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.
Create VPC interface endpoints for AgentCore services:
1. com.amazonaws.region.bedrock-agentcore
2. com.amazonaws.region.bedrock-agentcore-control
3. com.amazonaws.region.bedrock-agentcore-runtime
This enables private connectivity via AWS PrivateLink
High
Failed
111111111111
us-east-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
111111111111
us-east-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
111111111111
us-east-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
111111111111
eu-west-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
111111111111
eu-west-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
111111111111
eu-west-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
111111111111
eu-west-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
111111111111
Global
BR-01
AmazonBedrockFullAccess role check
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonBedrockFullAccess policy attached
Limit the AmazonBedrockFullAccess policy only to required access
High
Failed
111111111111
Global
BR-01
AmazonBedrockFullAccess role check
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonBedrockFullAccess policy attached
Limit the AmazonBedrockFullAccess policy only to required access
High
Failed
111111111111
Global
BR-01
AmazonBedrockFullAccess role check
Role 'myAskMeAnything-role-kmsizqwf' has AmazonBedrockFullAccess policy attached
Limit the AmazonBedrockFullAccess policy only to required access
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-cdk_agent_core'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-neoCyan_Agent'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_knnc9'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_qxqw2'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonSageMaker-ExecutionRole-20250525T153161' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'myAskMeAnything-role-kmsizqwf' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
User 'BedrockAPIKey-20pp' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
User 'BedrockAPIKey-yhc3' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
User 'BedrockClientUser' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role '111111111111-us-east-1-kb-bedrock-service-role' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role '111111111111-us-east-1-kb-setup-function-role' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AIMLSecurityMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' last accessed Bedrock on 2025-12-21
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D' last accessed Bedrock on 2024-06-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ' last accessed Bedrock on 2025-04-27
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_072pr' last accessed Bedrock on 2024-06-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_byjin' last accessed Bedrock on 2024-11-17
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_h9718' last accessed Bedrock on 2024-11-17
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' last accessed Bedrock on 2026-01-01
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' last accessed Bedrock on 2025-12-28
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_semicon' last accessed Bedrock on 2024-09-01
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_xtwwd' last accessed Bedrock on 2025-10-13
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_y9m7f' last accessed Bedrock on 2025-04-27
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonQInvestigationRole-DefaultInvestigationGroup-8vxyjh' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonSageMaker-ExecutionRole-20231014T200029' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonSageMaker-ExecutionRole-20250525T153161' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'aws-api-mcp-server-execution-role' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AwsSecurityAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForAuditManager' last accessed Bedrock on 2024-11-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForSupport' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AWSVAPTAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'BedrockCognitoFederatedRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-111111111111-us-east-1' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-111111111111-us-west-2' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'cfn-contextualChatBot-usi-LambdaExecutionRoleForKno-aHg3J0xel6VU' last accessed Bedrock on 2024-03-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSecAuditRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSeerTrustedServiceRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CustomerSupportStackInfra-CustomerSupportLambdaRole-ujGGiNU6KEnI' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'e2ebedrockrag-KbRoleStack-2YO19O2NS6FP-KbRole-OgMxcvrnZrHZ' last accessed Bedrock on 2025-11-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'fsi-genai-workshop-bedrock-kb-role' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'fsi-genai-workshop-lambda-execution-role' last accessed Bedrock on 2025-12-28
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'fsi-genai-workshop-websocket-lambda-role' last accessed Bedrock on 2025-12-28
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-BDASAMPLEPROJECT-SGJRDJI15S-LambdaExecutionRole-MCRJbTEDuyKt' last accessed Bedrock on 2025-08-24
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-ChatWithDocumentResolverFunctionRole-ATyH7GeR2ad1' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-DOCUMENTBEDROCKKB-CY8-StartIngestionJobFunction-NjNLRuUn8qtp' last accessed Bedrock on 2025-08-24
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-EvaluationFunctionRole-LQdnEMAdwWPe' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-PATTERN1STACK-TNHNKPK-ProcessResultsFunctionRol-8z8mNwa6RahP' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-PATTERN1STACK-TNHNKPK-SummarizationFunctionRole-MY6sxSMvFNr4' last accessed Bedrock on 2025-10-07
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-PATTERN1STACK-TNHNKPKJY4Q-InvokeBDAFunctionRole-pLHufEKQ0Nu4' last accessed Bedrock on 2025-10-07
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-QueryKnowledgeBaseResolverFunctionRole-p9Mcpfk0BA6z' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' last accessed Bedrock on 2024-07-30
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'InternalAuditInternal' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'LLMEvaluationPromptfoo-Aurora-Bedrock-Role' last accessed Bedrock on 2025-12-30
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'LLMEvaluationPromptfoo-LambdaExecutionRole-umo63kVrhIoy' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' last accessed Bedrock on 2025-12-30
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'Meeting-Note-Bot-Role' last accessed Bedrock on 2025-10-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'myAskMeAnything-role-kmsizqwf' last accessed Bedrock on 2024-01-04
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'resco-aiml-security-19304-BedrockSecurityAssessment-kgYUbi1MIbbb' last accessed Bedrock on 2026-04-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'ReSCOAIMLMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'SAT-PrereqTest-CodeBuildRole-SATv2Stack-PreReqs' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'threat-designer-role' last accessed Bedrock on 2025-07-02
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
User 'BedrockAPIKey-yhc3' last accessed Bedrock on 2026-04-19
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
User 'BedrockClientUser' last accessed Bedrock on 2025-04-06
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
us-east-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
111111111111
us-east-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
111111111111
us-east-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
111111111111
us-east-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
111111111111
us-east-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
111111111111
us-east-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
111111111111
us-east-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
111111111111
us-east-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
111111111111
us-east-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
111111111111
us-east-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
111111111111
us-east-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'AmazonSageMaker-ExecutionRole-20231014T200029' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'AmazonSageMaker-ExecutionRole-20250525T153161' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'AmazonSageMakerServiceCatalogProductsExecutionRole' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'EMR_EC2_DefaultRole' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'SageMaker-EMR-ExecutionRole' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
us-east-1
SM-01
Non-VPC Only Network Access
SageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is not configured for VPC-only access
Configure the SageMaker domain to use VPC-only network access type
High
Failed
111111111111
us-east-1
SM-02
SSO Not Properly Configured
SageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is using authentication mode: IAM
Enable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.
Medium
Failed
111111111111
us-east-1
SM-03
Missing Encryption Configuration
Domain 'QuickSetupDomain-20250525T153160' - No KMS key configured
Configure encryption using AWS KMS customer managed keys for enhanced security
High
Failed
111111111111
us-east-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
111111111111
us-east-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
111111111111
us-east-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
111111111111
us-east-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
111111111111
us-east-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
111111111111
us-east-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
111111111111
us-east-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
111111111111
us-east-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
111111111111
us-east-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
111111111111
us-east-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
111111111111
us-east-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
111111111111
us-east-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
111111111111
us-east-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
111111111111
us-east-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
111111111111
us-east-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
111111111111
us-east-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
111111111111
ap-southeast-2
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
111111111111
ap-southeast-2
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
111111111111
ap-southeast-2
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
111111111111
ap-southeast-2
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
111111111111
ap-southeast-2
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
111111111111
eu-west-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
111111111111
eu-west-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
111111111111
eu-west-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
111111111111
eu-west-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
111111111111
eu-west-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
111111111111
eu-west-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
111111111111
eu-west-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
111111111111
eu-west-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
111111111111
eu-west-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
111111111111
eu-west-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
111111111111
eu-west-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
111111111111
eu-west-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
111111111111
eu-west-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
111111111111
eu-west-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
111111111111
eu-west-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
111111111111
eu-west-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
111111111111
eu-west-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
111111111111
eu-west-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
111111111111
eu-west-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
111111111111
eu-west-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
111111111111
eu-west-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
111111111111
eu-west-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
111111111111
eu-west-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
111111111111
eu-west-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
111111111111
eu-west-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
111111111111
eu-west-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
111111111111
eu-west-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
111111111111
eu-west-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
111111111111
eu-west-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
111111111111
eu-west-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
111111111111
us-east-1
FS-01
AWS Shield Advanced Not Enabled
AWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.
1. Subscribe to AWS Shield Advanced for DDoS protection.
2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection.
3. Enable Shield Response Team (SRT) access and configure proactive engagement.
4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.
Low
Failed
111111111111
us-east-1
FS-01
No Regional WAF Web ACLs Found
No AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.
1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP).
2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock.
3. Add AWS Managed Rules for known bad inputs.
Medium
Failed
111111111111
us-east-1
FS-02
API Gateway Usage Plans Missing Throttle
Usage plans without throttling: myAskMeAnything-UsagePlan. Unbounded API calls can exhaust Bedrock token quotas and inflate costs.
Set rateLimit and burstLimit on all usage plans associated with GenAI API stages. Consider per-consumer API keys with individual quotas.
Medium
Failed
111111111111
us-east-1
FS-03
Bedrock Token Quotas At Default
All 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.
1. Review current Bedrock TPM/TPD quotas in the Service Quotas console.
2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review.
3. Implement client-side token counting and pre-flight quota checks.
4. Use Bedrock cross-region inference profiles to distribute load.
Medium
N/A
111111111111
us-east-1
FS-04
No Cost Anomaly Detection Monitors
No AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.
1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker.
2. Configure alert subscriptions (SNS/email) for anomalies above threshold.
3. Set daily spend budgets with AWS Budgets as a secondary control.
Medium
Failed
111111111111
us-east-1
FS-05
No Bedrock CloudWatch Alarms Found
No CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.
Create CloudWatch alarms for:
- AWS/Bedrock InvocationThrottles (threshold > 0)
- AWS/Bedrock TokensProcessed (threshold based on quota)
- Custom application-level token counters via EMF
Medium
Failed
111111111111
us-east-1
FS-06
No AI/ML Service Budgets Configured
No AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.
1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds.
2. Add SNS notifications to on-call channels.
3. Consider budget actions to apply IAM deny policies when thresholds are breached.
Medium
Failed
111111111111
us-east-1
FS-07
Agent Action Boundary Check
No Bedrock agents found.
No action required.
Informational
N/A
111111111111
us-east-1
FS-08
AgentCore Runtimes Missing Policy Engine
Runtimes without authorizer configuration: origami_expeditions, neoCyan_Agent, customer_support_agent, cdk_agent_core, awsapimcpserver. Without a policy engine, agents can invoke any registered tool without authorization checks.
Configure an authorizer (Lambda or Cedar policy store) on each AgentCore runtime to enforce fine-grained tool-call authorization.
1. Set reserved concurrency on agent Lambda functions.
2. Implement maximum iteration counts in agent orchestration logic.
3. Use Step Functions with MaxConcurrency and timeout states.
4. Add circuit-breaker patterns to agent tool invocations.
Medium
Failed
111111111111
us-east-1
FS-10
Human-in-the-Loop Check — No Agent Workflows Found
No Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.
Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.
Informational
N/A
111111111111
us-east-1
FS-11
No Agent Rate Alarms Found
No CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.
Create CloudWatch alarms on:
- Bedrock agent invocation counts (threshold based on expected max)
- Lambda invocation errors for agent functions
- Step Functions execution failures and timeouts
Medium
Failed
111111111111
us-east-1
FS-12
No Bedrock-Scoped SCPs Found
No Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.
1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list.
2. Use bedrock:ModelId condition key to allowlist approved models.
3. Maintain a model inventory and update the SCP when models are approved/retired.
High
Failed
111111111111
us-east-1
FS-13
Model Provenance Tags Present
All reviewed models have required provenance tags.
No action required.
Medium
Passed
111111111111
us-east-1
FS-14
Model Governance Config Rules Present
Found 11 model-related Config rule(s).
No action required.
Medium
Passed
111111111111
us-east-1
FS-15
No Bedrock Evaluation Jobs Found
No Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.
1. Run Bedrock Model Evaluation with adversarial/red-team datasets.
2. Use FMEval library for automated robustness testing.
3. Schedule periodic re-evaluation after model updates.
Medium
Failed
111111111111
us-east-1
FS-16
ECR Repositories Without Image Scanning
4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111111111111-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.
Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.
High
Failed
111111111111
us-east-1
FS-20
No SageMaker Feature Groups Found
No SageMaker Feature Store groups found.
No action required.
Informational
N/A
111111111111
us-east-1
FS-21
Training Data Buckets Without Versioning
13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111111111111-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111111111111-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111111111111-huo1mvme4t.
Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning.
High
Failed
111111111111
us-east-1
FS-22
Overly Permissive Knowledge Base IAM Roles
722 role(s) with wildcard KB permissions:
- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'Admin' allows '*'
- Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*'
- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'Agentic-AI-MCP-Strands-SDK-Works-VSCodeInstanceRole-NCTUnlnRBFO6' allows '*'
- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases)
Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.
High
Failed
111111111111
us-east-1
FS-24
ADVISORY: Knowledge Base Metadata Filtering — Manual Review Required
Found 3 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.
1. Add metadata fields (tenantId, dataClassification) to KB data sources.
2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls.
3. Validate filters in integration tests to prevent cross-tenant data leakage.
Informational
N/A
111111111111
us-east-1
FS-25
OpenSearch Serverless Encryption Policies Present
Found 5 encryption policy(ies); 5 use a customer-managed KMS key.
Verify all vector store collections use customer-managed KMS keys.
High
Passed
111111111111
us-east-1
FS-26
OpenSearch Serverless Collections Not VPC-Restricted
Found 5 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.
Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.
High
Failed
111111111111
us-east-1
FS-27
No Guardrails — Contextual Grounding Not Applicable
No Bedrock Guardrails configured. Configure guardrails first (see BR-05).
Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).
Informational
N/A
111111111111
us-east-1
FS-27
Automated Reasoning Policies — Access Check
Access denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.
1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml.
2. Check for an Organizations SCP / permission boundary denying the action.
3. Confirm the assessed region supports Automated Reasoning checks.
4. Re-run the assessment after re-deploying.
Low
N/A
111111111111
us-east-1
FS-28
No Guardrails — Denied Topics Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with denied topics for regulated financial content.
Application-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.
1. Implement post-processing to append required disclaimers to GenAI outputs.
2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures.
3. Document disclaimer requirements in the AI use case register.
4. Test disclaimer presence in QA/UAT before production deployment.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with compliance-specific datasets:
- Fair lending test cases (ECOA, Fair Housing Act)
- UDAP/UDAAP unfair/deceptive practice scenarios
- AML/KYC edge cases
Informational
N/A
111111111111
us-east-1
FS-31
Knowledge Base Data Sources Past Review Threshold
2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit):
- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 702 days ago
- KB '111111111111-us-east-1-kb' source '111111111111-us-east-1-kb-datasource' last synced 180 days ago
Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.
1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match.
2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61.
3. Set CloudWatch alarms on sync job failures.
Source attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.
1. Use Bedrock RetrieveAndGenerate with citations enabled.
2. Include source document references in response post-processing.
3. Test citation accuracy in QA before production deployment.
4. Consider Bedrock Guardrails grounding checks to validate response accuracy.
Informational
N/A
111111111111
us-east-1
FS-33
KB Data Source Buckets Without Versioning
KB data source S3 buckets without versioning: 111111111111-us-east-1-kb-data-bucket.
Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection.
Medium
Failed
111111111111
us-east-1
FS-34
Legacy Foundation Models Available in Region
Legacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.
1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config).
2. Migrate active usage to current model versions.
3. Document training-data cutoff dates for all models in use.
4. Add data-currency disclaimers to outputs from models with old cutoffs.
Informational
N/A
111111111111
us-east-1
FS-35
ADVISORY: Harmful-Content Test Coverage — Manual Review Required
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation or FMEval with harmful content datasets:
- Toxicity detection
- Hate speech classification
- Violence/self-harm content
Informational
N/A
111111111111
us-east-1
FS-36
No Guardrails — Content Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with content filters.
Informational
N/A
111111111111
us-east-1
FS-37
ADVISORY: User Feedback Mechanism — Manual Review Required
User feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.
1. Implement thumbs-up/down or flag-for-review UI in GenAI applications.
2. Route flagged outputs to human reviewers via SQS/SNS.
3. Log feedback to DynamoDB/S3 for model improvement.
4. Define SLAs for reviewing flagged content.
Informational
N/A
111111111111
us-east-1
FS-38
No Guardrails — Word Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with word filters.
Informational
N/A
111111111111
us-east-1
FS-39
No SageMaker Clarify Bias Monitoring
No SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.
1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions.
2. Define protected attributes (age, gender, race proxies).
3. Set bias metric thresholds and alert on violations.
4. Document bias testing results for regulatory examination.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with bias test datasets:
- Demographic parity test cases
- Equal opportunity scenarios
- Counterfactual fairness tests
Informational
N/A
111111111111
us-east-1
FS-41
No SageMaker Clarify Explainability Monitoring
No SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).
1. Configure SageMaker Clarify explainability for credit/lending models.
2. Generate SHAP values for feature importance.
3. Map top features to human-readable adverse action reason codes.
4. Store explanations for regulatory examination.
High
Failed
111111111111
us-east-1
FS-42
No SageMaker Model Cards Found
No SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.
1. Create SageMaker Model Cards for all production models.
2. Document: intended use, out-of-scope uses, training data, bias evaluations.
3. Include regulatory compliance attestations.
4. Review and update cards at each model version release.
Medium
Failed
111111111111
us-east-1
FS-43
No CloudWatch Logs Data Protection Policies
No CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.
1. Create CloudWatch Logs data protection policies to mask PII.
2. Enable masking for: SSN, credit card numbers, bank account numbers, email.
3. Apply policies to Bedrock invocation log groups.
4. Test masking with synthetic PII before production deployment.
High
Failed
111111111111
us-east-1
FS-44
Amazon Macie Enabled
Amazon Macie is enabled and scanning S3 buckets.
Verify Macie jobs cover training data and KB data source buckets.
High
Passed
111111111111
us-east-1
FS-45
No Guardrails — PII Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with PII/sensitive information filters.
Application-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.'
2. Implement post-processing to append disclaimers.
3. Test disclaimer presence in QA before production.
Informational
N/A
111111111111
us-east-1
FS-50
No Guardrails With Relevance Grounding Filters
No guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.
Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.
Medium
Failed
111111111111
us-east-1
FS-51
No Guardrails — Prompt Attack Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with prompt attack filters.
Informational
N/A
111111111111
us-east-1
FS-52
Bedrock Lambda Functions on Deprecated Runtimes
Functions on deprecated runtimes: e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Deprecated runtimes may use outdated boto3/SDK versions lacking security patches.
1. Upgrade Lambda functions to a supported runtime — Python 3.12+, Node.js 22.x or 24.x, Java 21+, or .NET 8+.
2. Update boto3 to the latest version in Lambda layers (pin the version in requirements.txt and redeploy).
3. Enable Lambda runtime management controls for automatic minor-version updates (runtimeManagementConfig.updateRuntimeOn = 'Auto').
4. Refer to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html for the authoritative list of supported and deprecated runtimes.
Medium
Failed
111111111111
us-east-1
FS-53
No WAF Web ACLs — Injection Rules Not Applicable
No regional WAF Web ACLs found.
Create WAF Web ACLs with injection protection rules (see FS-01).
Penetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.
1. Conduct penetration testing of GenAI applications at least annually and before major releases.
2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts.
3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it.
4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail.
5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.
Informational
N/A
111111111111
us-east-1
FS-55
No Output Validation Functions Found
No Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.
1. Implement output validation Lambda functions in GenAI pipelines.
2. Validate output schema, length, and content before downstream use.
3. Sanitize outputs before rendering in web UIs (XSS prevention).
4. Encode outputs appropriately for the target context (HTML, SQL, JSON).
Output encoding practices cannot be verified via AWS APIs. Manual code review required.
1. HTML-encode GenAI outputs before rendering in web UIs.
2. Use parameterized queries when GenAI output is used in database operations.
3. JSON-encode outputs before embedding in JavaScript contexts.
4. Validate output length and format before passing to downstream APIs.
Found 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.
1. Use Bedrock structured output (response schemas) where supported.
2. Implement JSON schema validation on Lambda output processors.
3. Reject malformed outputs and return safe error responses.
4. Log schema validation failures to CloudWatch for monitoring.
Informational
N/A
111111111111
us-east-1
FS-59
No Guardrails — Topic Allowlist Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with topic policies to restrict off-topic responses.
Informational
N/A
111111111111
us-east-1
FS-60
ADVISORY: Contextual Grounding for Off-Topic Prevention
Contextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.
1. Include explicit scope instructions in system prompts.
2. Use Bedrock Guardrails relevance grounding filter.
3. Test with off-topic prompts in QA to verify rejection behavior.
Informational
N/A
111111111111
us-east-1
FS-61
COULD NOT ASSESS: Knowledge Base Sync Schedule Check
This check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-FinServSecurityAssessment-G8d5dEiMJsZB/aiml-security-aiml-security-111111111111-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:111111111111:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.
1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README).
2. Confirm the service/feature is supported in the assessed region.
3. Ensure botocore meets the version floor in requirements.txt.
4. Re-run the assessment; assess this control manually until it succeeds.
Low
N/A
111111111111
us-east-1
FS-62
ADVISORY: Data Currency Disclaimer — Manual Review Required
Data currency disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].'
2. Expose KB last sync timestamp in application responses.
3. Alert users when KB data is older than defined threshold.
Informational
N/A
111111111111
us-east-1
FS-63
Foundation Model Lifecycle Management
No legacy models detected. 10 lifecycle-related Config rule(s) found.
No action required.
Medium
Passed
111111111111
us-east-1
FS-65
KB Data Source Buckets Missing S3 Event Notifications
The following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time:
- semiconductor-demo-9999
- 111111111111-us-east-1-kb-data-bucket
1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket.
2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting.
3. Integrate alerts into your security incident response workflow.
The following runtimes have no JWT or IAM authorizer configured for end-user identity propagation. Tool calls are authorized only by the agent execution role, not the originating user:
- origami_expeditions
- neoCyan_Agent
- customer_support_agent
- cdk_agent_core
- awsapimcpserver
1. Configure a custom JWT authorizer or IAM authorizer on each AgentCore runtime.
2. Propagate the end-user's identity token to downstream tool services.
3. Ensure tool services validate the propagated identity before executing actions.
4. Do not expose propagated identity tokens to unauthorized third parties.
High
Failed
111111111111
us-east-1
FS-67
Agent Action-Group Lambdas May Lack Transaction Thresholds
The following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions:
- aiml-security-aiml-security-111111111111-FinServAssessment
- aiml-security-aiml-security-111111111111-BedrockAssessment
- resco-aiml-BedrockAssessment
- aiml-security-aiml-security-111111111111-AgentCoreAssessment
- e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk
- e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII
- resco-aiml-AgentCoreAssessment
1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda.
2. Implement threshold enforcement logic in the Lambda handler.
3. Configure AgentCore Policy Engine rules to cap financial transaction amounts.
4. Route transactions exceeding thresholds to a human-in-the-loop approval step.
High
Failed
111111111111
us-east-1
FS-68
API Gateway Request Body Size Limits Not Enforced
Found 3 REST API(s) and 0 regional WAF Web ACL(s), but none enforce a maximum request-body size. Note: an API Gateway request validator does NOT cap body size (it validates the schema and required params; the REST limit is a fixed 10 MB), and a WAF body SizeConstraint only inspects the first ~16 KB of the body by default. Oversized prompts can exhaust Bedrock token quotas and inflate costs.
1. Add a maxLength (or maxItems/maxProperties) bound to the request-body JSON-Schema model used by your request validator, so oversized prompts are rejected with a 400.
2. Add a WAF SizeConstraintStatement on the request Body sized within WAF's body-inspection window (default 16 KB; raise via the web ACL AssociationConfig, or set OversizeHandling=MATCH to block bodies beyond the window), and associate the ACL with the API stage.
3. Set the max_tokens parameter in Bedrock API calls to cap output length.
4. Implement client-side token counting before submitting requests.
Medium
Failed
111111111111
us-east-1
FS-69
Prompt Input Validation Functions Present
Found 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111111111111-CleanupBucket.
Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.
Medium
Passed
111111111111
eu-west-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
111111111111
ap-southeast-2
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
333333333333
ap-southeast-2
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
333333333333
eu-west-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
333333333333
eu-west-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
333333333333
eu-west-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
333333333333
eu-west-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
333333333333
eu-west-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
333333333333
eu-west-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
333333333333
eu-west-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
333333333333
eu-west-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
333333333333
eu-west-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
333333333333
eu-west-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
333333333333
eu-west-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
333333333333
eu-west-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
333333333333
eu-west-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
333333333333
eu-west-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
333333333333
eu-west-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
333333333333
eu-west-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
333333333333
eu-west-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
333333333333
eu-west-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
333333333333
eu-west-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
333333333333
eu-west-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
333333333333
eu-west-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
333333333333
eu-west-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
333333333333
eu-west-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
333333333333
Global
SM-02
SageMaker IAM Permissions Check
No issues found with IAM permissions and no stale access detected
No action required
High
Passed
333333333333
us-east-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
333333333333
us-east-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
333333333333
us-east-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
333333333333
us-east-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
333333333333
us-east-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
333333333333
us-east-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
333333333333
us-east-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
333333333333
us-east-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
333333333333
us-east-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
333333333333
us-east-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
333333333333
us-east-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
333333333333
us-east-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
333333333333
us-east-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
333333333333
us-east-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
333333333333
us-east-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
333333333333
us-east-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
333333333333
us-east-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
333333333333
us-east-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
333333333333
us-east-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
333333333333
ap-southeast-2
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
333333333333
ap-southeast-2
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
333333333333
ap-southeast-2
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
333333333333
ap-southeast-2
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
333333333333
ap-southeast-2
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
333333333333
ap-southeast-2
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
333333333333
ap-southeast-2
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
333333333333
ap-southeast-2
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
333333333333
ap-southeast-2
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
333333333333
ap-southeast-2
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
333333333333
ap-southeast-2
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
333333333333
ap-southeast-2
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
333333333333
Global
BR-01
AmazonBedrockFullAccess role check
No roles found with AmazonBedrockFullAccess policy
No action required
High
Passed
333333333333
Global
BR-03
Marketplace Subscription Access Check
Role 'ProwlerApp-EC2-Role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AIMLSecurityMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_7erx6' last accessed Bedrock on 2025-05-13
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AwsSecurityAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForAuditManager' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForSupport' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AWSVAPTAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-333333333333-us-east-1' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-333333333333-us-east-2' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-333333333333-us-west-2' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSecAuditRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSeerTrustedServiceRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'InternalAuditInternal' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'Nova-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerApp-EC2-Role' last accessed Bedrock on 2026-03-29
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerScanRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'resco-aiml-security-mgmt-BedrockSecurityAssessmentF-espswsHIf9by' last accessed Bedrock on 2026-04-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ReSCOAIMLMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
us-east-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
333333333333
us-east-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
333333333333
us-east-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
333333333333
us-east-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
333333333333
us-east-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
333333333333
us-east-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
333333333333
us-east-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
333333333333
us-east-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
333333333333
us-east-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
333333333333
us-east-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
333333333333
us-east-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
333333333333
us-east-1
FS-01
AWS Shield Advanced Not Enabled
AWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.
1. Subscribe to AWS Shield Advanced for DDoS protection.
2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection.
3. Enable Shield Response Team (SRT) access and configure proactive engagement.
4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.
Low
Failed
333333333333
us-east-1
FS-01
No Regional WAF Web ACLs Found
No AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.
1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP).
2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock.
3. Add AWS Managed Rules for known bad inputs.
Medium
Failed
333333333333
us-east-1
FS-02
No API Gateway Usage Plans Found
No usage plans configured. GenAI API endpoints may have no rate limits.
Create API Gateway usage plans with throttle settings (rateLimit and burstLimit) for all Bedrock-facing APIs.
Informational
N/A
333333333333
us-east-1
FS-03
Bedrock Token Quotas At Default
All 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.
1. Review current Bedrock TPM/TPD quotas in the Service Quotas console.
2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review.
3. Implement client-side token counting and pre-flight quota checks.
4. Use Bedrock cross-region inference profiles to distribute load.
Medium
N/A
333333333333
us-east-1
FS-04
No Cost Anomaly Detection Monitors
No AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.
1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker.
2. Configure alert subscriptions (SNS/email) for anomalies above threshold.
3. Set daily spend budgets with AWS Budgets as a secondary control.
Medium
Failed
333333333333
us-east-1
FS-05
No Bedrock CloudWatch Alarms Found
No CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.
Create CloudWatch alarms for:
- AWS/Bedrock InvocationThrottles (threshold > 0)
- AWS/Bedrock TokensProcessed (threshold based on quota)
- Custom application-level token counters via EMF
Medium
Failed
333333333333
us-east-1
FS-06
No AI/ML Service Budgets Configured
No AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.
1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds.
2. Add SNS notifications to on-call channels.
3. Consider budget actions to apply IAM deny policies when thresholds are breached.
Medium
Failed
333333333333
us-east-1
FS-07
Agent Action Boundary Check
No Bedrock agents found.
No action required.
Informational
N/A
333333333333
us-east-1
FS-08
No AgentCore Runtimes Found
No AgentCore runtimes found; policy engine check not applicable.
If using AgentCore, configure the Policy Engine to authorize tool calls.
1. Set reserved concurrency on agent Lambda functions.
2. Implement maximum iteration counts in agent orchestration logic.
3. Use Step Functions with MaxConcurrency and timeout states.
4. Add circuit-breaker patterns to agent tool invocations.
Medium
Failed
333333333333
us-east-1
FS-10
Human-in-the-Loop Check — No Agent Workflows Found
No Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.
Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.
Informational
N/A
333333333333
us-east-1
FS-11
No Agent Rate Alarms Found
No CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.
Create CloudWatch alarms on:
- Bedrock agent invocation counts (threshold based on expected max)
- Lambda invocation errors for agent functions
- Step Functions execution failures and timeouts
Medium
Failed
333333333333
us-east-1
FS-12
No Bedrock-Scoped SCPs Found
No Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.
1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list.
2. Use bedrock:ModelId condition key to allowlist approved models.
3. Maintain a model inventory and update the SCP when models are approved/retired.
High
Failed
333333333333
us-east-1
FS-13
Model Provenance Tags Present
All reviewed models have required provenance tags.
No action required.
Medium
Passed
333333333333
us-east-1
FS-14
Model Governance Config Rules Present
Found 13 model-related Config rule(s).
No action required.
Medium
Passed
333333333333
us-east-1
FS-15
No Bedrock Evaluation Jobs Found
No Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.
1. Run Bedrock Model Evaluation with adversarial/red-team datasets.
2. Use FMEval library for automated robustness testing.
3. Schedule periodic re-evaluation after model updates.
Medium
Failed
333333333333
us-east-1
FS-16
ECR Repositories Without Image Scanning
1 ECR repo(s) without scan-on-push: cdk-hnb659fds-container-assets-333333333333-us-east-1.
Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.
High
Failed
333333333333
us-east-1
FS-20
No SageMaker Feature Groups Found
No SageMaker Feature Store groups found.
No action required.
Informational
N/A
333333333333
us-east-1
FS-21
No Training Data Buckets Identified
No S3 buckets with training/model naming found.
Tag training data buckets and enable versioning.
Informational
N/A
333333333333
us-east-1
FS-22
Overly Permissive Knowledge Base IAM Roles
710 role(s) with wildcard KB permissions:
- Role 'Admin' allows '*'
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetModelInvocationLoggingConfiguration' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListPrompts' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetPrompt' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListAgents' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetAgent' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListCustomModels' on Resource '*' (no ARN scoping to specific Knowledge Bases)
Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.
High
Failed
333333333333
us-east-1
FS-24
ADVISORY: Knowledge Base Metadata Filtering — Manual Review Required
Found 1 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.
1. Add metadata fields (tenantId, dataClassification) to KB data sources.
2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls.
3. Validate filters in integration tests to prevent cross-tenant data leakage.
Informational
N/A
333333333333
us-east-1
FS-25
OpenSearch Serverless Encryption Policies Present
Found 1 encryption policy(ies); 1 use a customer-managed KMS key.
Verify all vector store collections use customer-managed KMS keys.
High
Passed
333333333333
us-east-1
FS-26
OpenSearch Serverless Collections Not VPC-Restricted
Found 1 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.
Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.
High
Failed
333333333333
us-east-1
FS-27
No Guardrails — Contextual Grounding Not Applicable
No Bedrock Guardrails configured. Configure guardrails first (see BR-05).
Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).
Informational
N/A
333333333333
us-east-1
FS-27
Automated Reasoning Policies — Access Check
Access denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.
1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml.
2. Check for an Organizations SCP / permission boundary denying the action.
3. Confirm the assessed region supports Automated Reasoning checks.
4. Re-run the assessment after re-deploying.
Low
N/A
333333333333
us-east-1
FS-28
No Guardrails — Denied Topics Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with denied topics for regulated financial content.
Application-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.
1. Implement post-processing to append required disclaimers to GenAI outputs.
2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures.
3. Document disclaimer requirements in the AI use case register.
4. Test disclaimer presence in QA/UAT before production deployment.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with compliance-specific datasets:
- Fair lending test cases (ECOA, Fair Housing Act)
- UDAP/UDAAP unfair/deceptive practice scenarios
- AML/KYC edge cases
Informational
N/A
333333333333
us-east-1
FS-31
Knowledge Base Data Sources Past Review Threshold
1 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit):
- KB 'knowledge-base-prowler-findings' source 'knowledge-base-quick-start-9lb68-data-source' last synced 403 days ago
Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.
1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match.
2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61.
3. Set CloudWatch alarms on sync job failures.
Source attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.
1. Use Bedrock RetrieveAndGenerate with citations enabled.
2. Include source document references in response post-processing.
3. Test citation accuracy in QA before production deployment.
4. Consider Bedrock Guardrails grounding checks to validate response accuracy.
Informational
N/A
333333333333
us-east-1
FS-33
KB Data Source Buckets Have Versioning
All reviewed KB data source buckets have versioning enabled.
No action required.
Medium
Passed
333333333333
us-east-1
FS-34
Legacy Foundation Models Available in Region
Legacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.
1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config).
2. Migrate active usage to current model versions.
3. Document training-data cutoff dates for all models in use.
4. Add data-currency disclaimers to outputs from models with old cutoffs.
Informational
N/A
333333333333
us-east-1
FS-35
ADVISORY: Harmful-Content Test Coverage — Manual Review Required
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation or FMEval with harmful content datasets:
- Toxicity detection
- Hate speech classification
- Violence/self-harm content
Informational
N/A
333333333333
us-east-1
FS-36
No Guardrails — Content Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with content filters.
Informational
N/A
333333333333
us-east-1
FS-37
ADVISORY: User Feedback Mechanism — Manual Review Required
User feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.
1. Implement thumbs-up/down or flag-for-review UI in GenAI applications.
2. Route flagged outputs to human reviewers via SQS/SNS.
3. Log feedback to DynamoDB/S3 for model improvement.
4. Define SLAs for reviewing flagged content.
Informational
N/A
333333333333
us-east-1
FS-38
No Guardrails — Word Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with word filters.
Informational
N/A
333333333333
us-east-1
FS-39
No SageMaker Clarify Bias Monitoring
No SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.
1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions.
2. Define protected attributes (age, gender, race proxies).
3. Set bias metric thresholds and alert on violations.
4. Document bias testing results for regulatory examination.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with bias test datasets:
- Demographic parity test cases
- Equal opportunity scenarios
- Counterfactual fairness tests
Informational
N/A
333333333333
us-east-1
FS-41
No SageMaker Clarify Explainability Monitoring
No SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).
1. Configure SageMaker Clarify explainability for credit/lending models.
2. Generate SHAP values for feature importance.
3. Map top features to human-readable adverse action reason codes.
4. Store explanations for regulatory examination.
High
Failed
333333333333
us-east-1
FS-42
No SageMaker Model Cards Found
No SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.
1. Create SageMaker Model Cards for all production models.
2. Document: intended use, out-of-scope uses, training data, bias evaluations.
3. Include regulatory compliance attestations.
4. Review and update cards at each model version release.
Medium
Failed
333333333333
us-east-1
FS-43
No CloudWatch Logs Data Protection Policies
No CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.
1. Create CloudWatch Logs data protection policies to mask PII.
2. Enable masking for: SSN, credit card numbers, bank account numbers, email.
3. Apply policies to Bedrock invocation log groups.
4. Test masking with synthetic PII before production deployment.
High
Failed
333333333333
us-east-1
FS-44
Amazon Macie Not Enabled
Amazon Macie is not enabled. S3 buckets containing training data and KB data sources are not being scanned for PII/sensitive data.
1. Enable Amazon Macie in all regions where AI/ML data is stored.
2. Create Macie classification jobs for training data and KB buckets.
3. Configure Macie findings to route to Security Hub and SNS.
4. Remediate PII findings before using data for model training.
High
Failed
333333333333
us-east-1
FS-45
No Guardrails — PII Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with PII/sensitive information filters.
Informational
N/A
333333333333
us-east-1
FS-46
No AI/ML Data Buckets Identified
No S3 buckets with AI/ML naming found.
Tag AI/ML data buckets with data-classification labels.
Informational
N/A
333333333333
us-east-1
FS-47
No Guardrails — Grounding Threshold Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with contextual grounding checks.
Informational
N/A
333333333333
us-east-1
FS-48
Active Knowledge Bases for RAG Present
Found 1 active Knowledge Base(s) for RAG grounding.
Application-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.'
2. Implement post-processing to append disclaimers.
3. Test disclaimer presence in QA before production.
Informational
N/A
333333333333
us-east-1
FS-50
No Guardrails With Relevance Grounding Filters
No guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.
Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.
Medium
Failed
333333333333
us-east-1
FS-51
No Guardrails — Prompt Attack Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with prompt attack filters.
Informational
N/A
333333333333
us-east-1
FS-52
Bedrock Lambda Functions on Current Runtimes
All 16 Bedrock Lambda function(s) use current runtimes.
No action required.
Medium
Passed
333333333333
us-east-1
FS-53
No WAF Web ACLs — Injection Rules Not Applicable
No regional WAF Web ACLs found.
Create WAF Web ACLs with injection protection rules (see FS-01).
Penetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.
1. Conduct penetration testing of GenAI applications at least annually and before major releases.
2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts.
3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it.
4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail.
5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.
Informational
N/A
333333333333
us-east-1
FS-55
No Output Validation Functions Found
No Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.
1. Implement output validation Lambda functions in GenAI pipelines.
2. Validate output schema, length, and content before downstream use.
3. Sanitize outputs before rendering in web UIs (XSS prevention).
4. Encode outputs appropriately for the target context (HTML, SQL, JSON).
Output encoding practices cannot be verified via AWS APIs. Manual code review required.
1. HTML-encode GenAI outputs before rendering in web UIs.
2. Use parameterized queries when GenAI output is used in database operations.
3. JSON-encode outputs before embedding in JavaScript contexts.
4. Validate output length and format before passing to downstream APIs.
Found 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.
1. Use Bedrock structured output (response schemas) where supported.
2. Implement JSON schema validation on Lambda output processors.
3. Reject malformed outputs and return safe error responses.
4. Log schema validation failures to CloudWatch for monitoring.
Informational
N/A
333333333333
us-east-1
FS-59
No Guardrails — Topic Allowlist Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with topic policies to restrict off-topic responses.
Informational
N/A
333333333333
us-east-1
FS-60
ADVISORY: Contextual Grounding for Off-Topic Prevention
Contextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.
1. Include explicit scope instructions in system prompts.
2. Use Bedrock Guardrails relevance grounding filter.
3. Test with off-topic prompts in QA to verify rejection behavior.
Informational
N/A
333333333333
us-east-1
FS-61
COULD NOT ASSESS: Knowledge Base Sync Schedule Check
This check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-FinServSecurityAssessmentFunctio-pwj9by1swQWa/aiml-security-aiml-security-mgmt-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:333333333333:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.
1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README).
2. Confirm the service/feature is supported in the assessed region.
3. Ensure botocore meets the version floor in requirements.txt.
4. Re-run the assessment; assess this control manually until it succeeds.
Low
N/A
333333333333
us-east-1
FS-62
ADVISORY: Data Currency Disclaimer — Manual Review Required
Data currency disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].'
2. Expose KB last sync timestamp in application responses.
3. Alert users when KB data is older than defined threshold.
Informational
N/A
333333333333
us-east-1
FS-63
Foundation Model Lifecycle Management
No legacy models detected. 11 lifecycle-related Config rule(s) found.
No action required.
Medium
Passed
333333333333
us-east-1
FS-65
KB Data Source Buckets Missing S3 Event Notifications
The following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time:
- sat2-prowler-2025-prowlerfindingsbucket-wc1k0mza7lpk
1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket.
2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting.
3. Integrate alerts into your security incident response workflow.
Medium
Failed
333333333333
us-east-1
FS-66
No AgentCore Runtimes Found
No AgentCore runtimes found; identity propagation check not applicable.
If using AgentCore, configure token propagation so end-user identities are forwarded to tool services.
Informational
N/A
333333333333
us-east-1
FS-67
Agent Action-Group Lambdas May Lack Transaction Thresholds
The following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions:
- aiml-security-aiml-security-mgmt-FinServAssessment
- resco-aiml-BedrockAssessment
- resco-aiml-AgentCoreAssessment
- aiml-security-aiml-security-mgmt-AgentCoreAssessment
- aiml-security-aiml-security-mgmt-BedrockAssessment
1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda.
2. Implement threshold enforcement logic in the Lambda handler.
3. Configure AgentCore Policy Engine rules to cap financial transaction amounts.
4. Route transactions exceeding thresholds to a human-in-the-loop approval step.
High
Failed
333333333333
us-east-1
FS-68
API Gateway Request Body Size Limits — Not Applicable
No API Gateway REST APIs and no regional WAF Web ACLs were found in this region. There is no input-payload surface to assess for body-size limits.
If GenAI endpoints are fronted by API Gateway or WAF in another region, run the assessment there. Otherwise no action is required.
Informational
N/A
333333333333
us-east-1
FS-69
Prompt Input Validation Functions Present
Found 2 Lambda function(s) with input validation/sanitization naming patterns: aiml-security-aiml-security-mgmt-CleanupBucket, resco-aiml-CleanupBucket.
Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.
Medium
Passed
333333333333
eu-west-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
333333333333
ap-southeast-2
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
333333333333
ap-southeast-2
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
333333333333
ap-southeast-2
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
333333333333
ap-southeast-2
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
333333333333
ap-southeast-2
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
333333333333
ap-southeast-2
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
333333333333
eu-west-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
333333333333
eu-west-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
333333333333
eu-west-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
333333333333
eu-west-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
333333333333
eu-west-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
333333333333
eu-west-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
333333333333
eu-west-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
333333333333
eu-west-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
333333333333
eu-west-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
333333333333
eu-west-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
333333333333
eu-west-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
333333333333
Global
AC-02
AgentCore IAM Full Access Check
No roles with overly permissive AgentCore access found
No action required
High
Passed
333333333333
Global
AC-03
AgentCore Stale Access
The following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-mgmt-AgentCoreSecurityAssessmen-JrbYHkz9UslU' (62 days)
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
333333333333
Global
AC-03
AgentCore Unused Permissions
The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
333333333333
Global
AC-09
AgentCore Service-Linked Role Missing
Service-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.
The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.
Medium
Failed
333333333333
us-east-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
333333333333
us-east-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
333333333333
us-east-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
333333333333
us-east-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
eu-west-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
222222222222
eu-west-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
222222222222
eu-west-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
222222222222
eu-west-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
eu-west-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
222222222222
eu-west-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
222222222222
eu-west-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
222222222222
eu-west-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
222222222222
eu-west-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
222222222222
eu-west-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
222222222222
eu-west-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
222222222222
eu-west-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
222222222222
eu-west-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
222222222222
eu-west-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
222222222222
eu-west-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
222222222222
eu-west-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
222222222222
eu-west-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
222222222222
eu-west-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
222222222222
eu-west-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
222222222222
eu-west-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
222222222222
eu-west-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
222222222222
eu-west-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
222222222222
eu-west-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
222222222222
Global
SM-02
SageMaker IAM Permissions Check
No issues found with IAM permissions and no stale access detected
No action required
High
Passed
222222222222
us-east-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
222222222222
us-east-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
222222222222
us-east-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
222222222222
us-east-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
222222222222
us-east-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
222222222222
us-east-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
222222222222
us-east-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
222222222222
us-east-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
222222222222
us-east-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
222222222222
us-east-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
222222222222
us-east-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
222222222222
us-east-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
222222222222
us-east-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
222222222222
us-east-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
222222222222
us-east-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
222222222222
us-east-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
222222222222
us-east-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
222222222222
us-east-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
222222222222
us-east-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
222222222222
us-east-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
222222222222
eu-west-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
222222222222
ap-southeast-2
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
222222222222
ap-southeast-2
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
222222222222
ap-southeast-2
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
222222222222
ap-southeast-2
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
222222222222
ap-southeast-2
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
222222222222
ap-southeast-2
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
222222222222
ap-southeast-2
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
222222222222
ap-southeast-2
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
222222222222
ap-southeast-2
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
222222222222
ap-southeast-2
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
222222222222
ap-southeast-2
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
222222222222
ap-southeast-2
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
222222222222
ap-southeast-2
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
222222222222
ap-southeast-2
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
222222222222
ap-southeast-2
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
222222222222
ap-southeast-2
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
222222222222
ap-southeast-2
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
222222222222
Global
BR-01
AmazonBedrockFullAccess role check
No roles found with AmazonBedrockFullAccess policy
No action required
High
Passed
222222222222
Global
BR-03
Marketplace Subscription Access Check
No identities found with overly permissive marketplace subscription access
No action required
Medium
Passed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AIMLSecurityMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AwsSecurityAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForAuditManager' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForSupport' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSecAuditRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSeerTrustedServiceRole' last accessed Bedrock on 2025-08-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'InternalAuditInternal' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'resco-aiml-security-23026-BedrockSecurityAssessment-xNwSsmlzindY' last accessed Bedrock on 2026-04-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'ReSCOAIMLMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
us-east-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
222222222222
us-east-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
222222222222
us-east-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
222222222222
us-east-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
222222222222
us-east-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
222222222222
us-east-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
222222222222
us-east-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
222222222222
us-east-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
222222222222
us-east-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
222222222222
us-east-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
222222222222
us-east-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
222222222222
Global
AC-02
AgentCore IAM Full Access Check
No roles with overly permissive AgentCore access found
No action required
High
Passed
222222222222
Global
AC-03
AgentCore Stale Access
The following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (62 days)
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
222222222222
Global
AC-03
AgentCore Unused Permissions
The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
222222222222
Global
AC-09
AgentCore Service-Linked Role Missing
Service-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.
The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.
Medium
Failed
222222222222
us-east-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
222222222222
us-east-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
222222222222
us-east-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
222222222222
us-east-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
eu-west-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
222222222222
eu-west-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
222222222222
eu-west-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
222222222222
eu-west-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
222222222222
eu-west-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
222222222222
eu-west-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
222222222222
eu-west-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
222222222222
eu-west-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
222222222222
eu-west-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
222222222222
eu-west-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
222222222222
eu-west-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
Risk Distribution
Pass Rate by Severity
HIGH
14.8%
9 of 61 checks passed
MEDIUM
20.5%
39 of 190 checks passed
LOW
52.9%
9 of 17 checks passed
Overall
21.3%
57 of 268 actionable checks
Risk by Account
111111111111
146
42 High · 101 Med · 3 Low
222222222222
14
0 High · 14 Med · 0 Low
333333333333
45
10 High · 34 Med · 1 Low
Risk by Region
ap-southeast-2
0
0 High · 0 Med · 0 Low
eu-west-1
0
0 High · 0 Med · 0 Low
us-east-1
80
28 High · 48 Med · 4 Low
Findings by Service
Bedrock
209
107 Failed · 3 Passed
SageMaker
252
10 Failed · 37 Passed
AgentCore
123
37 Failed · 2 Passed
Financial Services Risk
139
51 Failed · 15 Passed
Amazon Bedrock Findings
Account ID
Region
Check ID
Finding
Details
Resolution
Reference
Severity
Status
111111111111
Global
BR-01
AmazonBedrockFullAccess role check
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonBedrockFullAccess policy attached
Limit the AmazonBedrockFullAccess policy only to required access
High
Failed
111111111111
Global
BR-01
AmazonBedrockFullAccess role check
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonBedrockFullAccess policy attached
Limit the AmazonBedrockFullAccess policy only to required access
High
Failed
111111111111
Global
BR-01
AmazonBedrockFullAccess role check
Role 'myAskMeAnything-role-kmsizqwf' has AmazonBedrockFullAccess policy attached
Limit the AmazonBedrockFullAccess policy only to required access
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-cdk_agent_core'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' has overly permissive marketplace subscription access through policy 'BedrockAgentCoreRuntimeExecutionPolicy-neoCyan_Agent'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_knnc9'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' has overly permissive marketplace subscription access through policy 'AmazonBedrockFoundationModelPolicyForKnowledgeBase_qxqw2'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'AmazonSageMaker-ExecutionRole-20250525T153161' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
Role 'myAskMeAnything-role-kmsizqwf' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
User 'BedrockAPIKey-20pp' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
User 'BedrockAPIKey-yhc3' has overly permissive marketplace subscription access through policy 'AmazonBedrockLimitedAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-03
Marketplace Subscription Access Check
User 'BedrockClientUser' has overly permissive marketplace subscription access through policy 'AmazonBedrockFullAccess'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role '111111111111-us-east-1-kb-bedrock-service-role' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role '111111111111-us-east-1-kb-setup-function-role' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AIMLSecurityMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b' last accessed Bedrock on 2025-12-21
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForAgents_S0T9VNPP9D' last accessed Bedrock on 2024-06-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForAgents_WNCOPE29NZ' last accessed Bedrock on 2025-04-27
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_072pr' last accessed Bedrock on 2024-06-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_byjin' last accessed Bedrock on 2024-11-17
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_h9718' last accessed Bedrock on 2024-11-17
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_knnc9' last accessed Bedrock on 2026-01-01
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_qxqw2' last accessed Bedrock on 2025-12-28
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_semicon' last accessed Bedrock on 2024-09-01
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_xtwwd' last accessed Bedrock on 2025-10-13
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_y9m7f' last accessed Bedrock on 2025-04-27
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonQInvestigationRole-DefaultInvestigationGroup-8vxyjh' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonSageMaker-ExecutionRole-20231014T200029' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonSageMaker-ExecutionRole-20250525T153161' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'aws-api-mcp-server-execution-role' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AwsSecurityAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForAuditManager' last accessed Bedrock on 2024-11-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForSupport' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'AWSVAPTAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'BedrockCognitoFederatedRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-111111111111-us-east-1' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-111111111111-us-west-2' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'cfn-contextualChatBot-usi-LambdaExecutionRoleForKno-aHg3J0xel6VU' last accessed Bedrock on 2024-03-25
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSecAuditRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSeerTrustedServiceRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' last accessed Bedrock on 2025-12-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CustomerSupportStackInfra-CustomerSupportLambdaRole-ujGGiNU6KEnI' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'e2ebedrockrag-KbRoleStack-2YO19O2NS6FP-KbRole-OgMxcvrnZrHZ' last accessed Bedrock on 2025-11-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'fsi-genai-workshop-bedrock-kb-role' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'fsi-genai-workshop-lambda-execution-role' last accessed Bedrock on 2025-12-28
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'fsi-genai-workshop-websocket-lambda-role' last accessed Bedrock on 2025-12-28
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-BDASAMPLEPROJECT-SGJRDJI15S-LambdaExecutionRole-MCRJbTEDuyKt' last accessed Bedrock on 2025-08-24
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-ChatWithDocumentResolverFunctionRole-ATyH7GeR2ad1' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-DOCUMENTBEDROCKKB-CY8-StartIngestionJobFunction-NjNLRuUn8qtp' last accessed Bedrock on 2025-08-24
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-EvaluationFunctionRole-LQdnEMAdwWPe' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-PATTERN1STACK-TNHNKPK-ProcessResultsFunctionRol-8z8mNwa6RahP' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-PATTERN1STACK-TNHNKPK-SummarizationFunctionRole-MY6sxSMvFNr4' last accessed Bedrock on 2025-10-07
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-PATTERN1STACK-TNHNKPKJY4Q-InvokeBDAFunctionRole-pLHufEKQ0Nu4' last accessed Bedrock on 2025-10-07
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDP-QueryKnowledgeBaseResolverFunctionRole-p9Mcpfk0BA6z' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' last accessed Bedrock on 2024-07-30
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'InternalAuditInternal' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'LLMEvaluationPromptfoo-Aurora-Bedrock-Role' last accessed Bedrock on 2025-12-30
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'LLMEvaluationPromptfoo-LambdaExecutionRole-umo63kVrhIoy' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' last accessed Bedrock on 2025-12-30
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'Meeting-Note-Bot-Role' last accessed Bedrock on 2025-10-22
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'myAskMeAnything-role-kmsizqwf' last accessed Bedrock on 2024-01-04
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'resco-aiml-security-19304-BedrockSecurityAssessment-kgYUbi1MIbbb' last accessed Bedrock on 2026-04-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'ReSCOAIMLMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'SAT-PrereqTest-CodeBuildRole-SATv2Stack-PreReqs' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
Role 'threat-designer-role' last accessed Bedrock on 2025-07-02
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
User 'BedrockAPIKey-yhc3' last accessed Bedrock on 2026-04-19
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
Global
BR-14
Stale Bedrock Access Check
User 'BedrockClientUser' last accessed Bedrock on 2025-04-06
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
111111111111
us-east-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
111111111111
us-east-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
111111111111
us-east-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
111111111111
us-east-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
111111111111
us-east-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
111111111111
us-east-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
111111111111
us-east-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
111111111111
us-east-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
111111111111
us-east-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
111111111111
us-east-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
111111111111
us-east-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
111111111111
ap-southeast-2
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
111111111111
ap-southeast-2
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
111111111111
ap-southeast-2
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
111111111111
ap-southeast-2
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
111111111111
ap-southeast-2
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
111111111111
eu-west-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
111111111111
eu-west-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
111111111111
eu-west-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
111111111111
eu-west-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
111111111111
eu-west-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
111111111111
eu-west-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
111111111111
eu-west-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX/aiml-security-aiml-security-111111111111-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:111111111111:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
111111111111
eu-west-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
111111111111
eu-west-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
111111111111
eu-west-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
111111111111
eu-west-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
333333333333
Global
BR-01
AmazonBedrockFullAccess role check
No roles found with AmazonBedrockFullAccess policy
No action required
High
Passed
333333333333
Global
BR-03
Marketplace Subscription Access Check
Role 'ProwlerApp-EC2-Role' has overly permissive marketplace subscription access through policy 'AWSElasticBeanstalkMulticontainerDocker'
Ensure that users have access to only the models that you want user to be able to subscribe to based on your organizational policies. For example, you may want users to have access to only text based models and not image and video generation model. This can also help to keep cost in check.
High
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AIMLSecurityMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AmazonBedrockExecutionRoleForKnowledgeBase_7erx6' last accessed Bedrock on 2025-05-13
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AwsSecurityAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForAuditManager' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForSupport' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'AWSVAPTAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-333333333333-us-east-1' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-333333333333-us-east-2' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'cdk-hnb659fds-lookup-role-333333333333-us-west-2' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSecAuditRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSeerTrustedServiceRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'InternalAuditInternal' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'Nova-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerApp-EC2-Role' last accessed Bedrock on 2026-03-29
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerScanRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'resco-aiml-security-mgmt-BedrockSecurityAssessmentF-espswsHIf9by' last accessed Bedrock on 2026-04-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
Global
BR-14
Stale Bedrock Access Check
Role 'ReSCOAIMLMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
333333333333
us-east-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
333333333333
us-east-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
333333333333
us-east-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
333333333333
us-east-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
333333333333
us-east-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
333333333333
us-east-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
333333333333
us-east-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
333333333333
us-east-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
333333333333
us-east-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
333333333333
us-east-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
333333333333
us-east-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
333333333333
ap-southeast-2
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
333333333333
ap-southeast-2
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
333333333333
ap-southeast-2
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
333333333333
ap-southeast-2
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
333333333333
ap-southeast-2
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
333333333333
eu-west-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
333333333333
eu-west-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
333333333333
eu-west-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
333333333333
eu-west-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
333333333333
eu-west-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
333333333333
eu-west-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
333333333333
eu-west-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b/aiml-security-aiml-security-mgmt-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:333333333333:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
333333333333
eu-west-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
333333333333
eu-west-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
333333333333
eu-west-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
333333333333
eu-west-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
222222222222
ap-southeast-2
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:ap-southeast-2:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
222222222222
ap-southeast-2
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
222222222222
ap-southeast-2
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
222222222222
ap-southeast-2
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
222222222222
ap-southeast-2
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
222222222222
Global
BR-01
AmazonBedrockFullAccess role check
No roles found with AmazonBedrockFullAccess policy
No action required
High
Passed
222222222222
Global
BR-03
Marketplace Subscription Access Check
No identities found with overly permissive marketplace subscription access
No action required
Medium
Passed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AIMLSecurityMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AwsSecurityAudit' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForAuditManager' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'AWSServiceRoleForSupport' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSecAuditRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'CloudSeerTrustedServiceRole' last accessed Bedrock on 2025-08-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'IibsAdminAccess-DO-NOT-DELETE' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'InternalAuditInternal' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'ProwlerMemberRole' last accessed Bedrock on 2026-03-10
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'resco-aiml-security-23026-BedrockSecurityAssessment-xNwSsmlzindY' last accessed Bedrock on 2026-04-18
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
Global
BR-14
Stale Bedrock Access Check
Role 'ReSCOAIMLMemberRole' last accessed Bedrock on never
You can use last accessed information to refine your policies and allow access to only the services and actions that your IAM identities and policies use. This helps you to better adhere to the best practice of least privilege.
Medium
Failed
222222222222
us-east-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
222222222222
us-east-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
222222222222
us-east-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
222222222222
us-east-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
222222222222
us-east-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
222222222222
us-east-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
222222222222
us-east-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:us-east-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
222222222222
us-east-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
222222222222
us-east-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
222222222222
us-east-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
222222222222
us-east-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
222222222222
eu-west-1
BR-02
Amazon Bedrock private connectivity check
No regional Bedrock resources found to assess private connectivity
No action required
Informational
N/A
222222222222
eu-west-1
BR-04
Bedrock Model Invocation Logging Check
No regional Bedrock resources found to monitor with invocation logging
No action required
Informational
N/A
222222222222
eu-west-1
BR-05
Bedrock Guardrails Check
No regional Bedrock resources found to protect with guardrails
No action required
Informational
N/A
222222222222
eu-west-1
BR-06
Bedrock CloudTrail Logging Check
No regional Bedrock resources found to audit with Bedrock-specific CloudTrail coverage
No action required
Informational
N/A
222222222222
eu-west-1
BR-07
Bedrock Prompt Management Check
Prompt Management feature is not being used. This may lead to inconsistent prompt handling and suboptimal model responses.
Implement Prompt Management to:
1. Create and version your prompts
2. Test different prompt variants
3. Share prompts across your organization
4. Maintain consistent prompt templates
Informational
N/A
222222222222
eu-west-1
BR-08
Bedrock Agent IAM Roles Check
No Bedrock agents found in the account
No action required
Informational
N/A
222222222222
eu-west-1
BR-09
Bedrock Knowledge Base Encryption Check
Unable to check Bedrock Knowledge Base API: An error occurred (AccessDeniedException) when calling the ListKnowledgeBases operation: User: arn:aws:sts::222222222222:assumed-role/aiml-security-23026652352-BedrockSecurityAssessment-UZzmVN1xrMwf/aiml-security-aiml-security-222222222222-BedrockAssessment is not authorized to perform: bedrock:ListKnowledgeBases on resource: arn:aws:bedrock:eu-west-1:222222222222:knowledge-base/* because no identity-based policy allows the bedrock:ListKnowledgeBases action
Verify your AWS credentials and permissions to access Bedrock Knowledge Bases, then retry the assessment.
Informational
N/A
222222222222
eu-west-1
BR-10
Bedrock Guardrail IAM Enforcement Check
No guardrails configured - IAM enforcement check not applicable
Configure Bedrock Guardrails first, then enforce their use via IAM policies
Informational
N/A
222222222222
eu-west-1
BR-11
Bedrock Custom Model Encryption Check
No custom/fine-tuned models found in the account
No action required
Informational
N/A
222222222222
eu-west-1
BR-12
Bedrock Invocation Log Encryption Check
Model invocation logging to S3 is not configured
If logging is enabled to CloudWatch only, ensure CloudWatch log group uses CMK encryption
Informational
N/A
222222222222
eu-west-1
BR-13
Bedrock Flows Guardrails Check
No Bedrock Flows found in the account
No action required
Informational
N/A
Amazon SageMaker Findings
Account ID
Region
Check ID
Finding
Details
Resolution
Reference
Severity
Status
111111111111
ap-southeast-2
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
111111111111
ap-southeast-2
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
111111111111
ap-southeast-2
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
111111111111
ap-southeast-2
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
111111111111
ap-southeast-2
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
111111111111
ap-southeast-2
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
111111111111
ap-southeast-2
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
111111111111
ap-southeast-2
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
111111111111
ap-southeast-2
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
111111111111
ap-southeast-2
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
111111111111
ap-southeast-2
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
111111111111
ap-southeast-2
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
111111111111
ap-southeast-2
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'AmazonSageMaker-ExecutionRole-20231014T200029' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'AmazonSageMaker-ExecutionRole-20250525T153161' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'AmazonSageMakerServiceCatalogProductsExecutionRole' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'EMR_EC2_DefaultRole' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'IDPSageMakerCfnStack-SageMakerExecutionRole-aqrHz6dVkoHC' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'LLMEvaluationPromptfoo-SageMakerExecutionRole-M69xCHJ9c3LU' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
Global
SM-02
SageMaker Full Access Policy Used
Role 'SageMaker-EMR-ExecutionRole' has AmazonSageMakerFullAccess policy attached
Replace AmazonSageMakerFullAccess with more restrictive custom policies that follow the principle of least privilege
High
Failed
111111111111
us-east-1
SM-01
Non-VPC Only Network Access
SageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is not configured for VPC-only access
Configure the SageMaker domain to use VPC-only network access type
High
Failed
111111111111
us-east-1
SM-02
SSO Not Properly Configured
SageMaker domain 'd-cz8qi7j81si3' (QuickSetupDomain-20250525T153160) is using authentication mode: IAM
Enable and properly configure AWS IAM Identity Center (successor to AWS SSO) for centralized access management. Ensure Identity Store ID is configured.
Medium
Failed
111111111111
us-east-1
SM-03
Missing Encryption Configuration
Domain 'QuickSetupDomain-20250525T153160' - No KMS key configured
Configure encryption using AWS KMS customer managed keys for enhanced security
High
Failed
111111111111
us-east-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
111111111111
us-east-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
111111111111
us-east-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
111111111111
us-east-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
111111111111
us-east-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
111111111111
us-east-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
111111111111
us-east-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
111111111111
us-east-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
111111111111
us-east-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
111111111111
us-east-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
111111111111
us-east-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
111111111111
us-east-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
111111111111
us-east-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
111111111111
us-east-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
111111111111
us-east-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
111111111111
us-east-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
111111111111
eu-west-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
111111111111
eu-west-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
111111111111
eu-west-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
111111111111
eu-west-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
111111111111
eu-west-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
111111111111
eu-west-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
111111111111
eu-west-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
111111111111
eu-west-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
111111111111
eu-west-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
111111111111
eu-west-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
111111111111
eu-west-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
111111111111
eu-west-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
111111111111
eu-west-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
111111111111
eu-west-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
111111111111
eu-west-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
111111111111
eu-west-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
111111111111
eu-west-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
111111111111
eu-west-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
111111111111
eu-west-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
333333333333
eu-west-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
333333333333
eu-west-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
333333333333
eu-west-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
333333333333
eu-west-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
333333333333
eu-west-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
333333333333
eu-west-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
333333333333
eu-west-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
333333333333
eu-west-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
333333333333
eu-west-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
333333333333
eu-west-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
333333333333
eu-west-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
333333333333
eu-west-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
333333333333
eu-west-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
333333333333
eu-west-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
333333333333
eu-west-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
333333333333
eu-west-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
333333333333
eu-west-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
333333333333
eu-west-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
333333333333
eu-west-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
333333333333
Global
SM-02
SageMaker IAM Permissions Check
No issues found with IAM permissions and no stale access detected
No action required
High
Passed
333333333333
us-east-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
333333333333
us-east-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
333333333333
us-east-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
333333333333
us-east-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
333333333333
us-east-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
333333333333
us-east-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
333333333333
us-east-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
333333333333
us-east-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
333333333333
us-east-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
333333333333
us-east-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
333333333333
us-east-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
333333333333
us-east-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
333333333333
us-east-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
333333333333
us-east-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
333333333333
us-east-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
333333333333
us-east-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
333333333333
us-east-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
333333333333
us-east-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
333333333333
us-east-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
333333333333
ap-southeast-2
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
333333333333
ap-southeast-2
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
333333333333
ap-southeast-2
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
333333333333
ap-southeast-2
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
333333333333
ap-southeast-2
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
333333333333
ap-southeast-2
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
333333333333
ap-southeast-2
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
333333333333
ap-southeast-2
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
333333333333
ap-southeast-2
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
333333333333
ap-southeast-2
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
333333333333
ap-southeast-2
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
333333333333
ap-southeast-2
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
333333333333
ap-southeast-2
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
222222222222
eu-west-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
222222222222
eu-west-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
222222222222
eu-west-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
222222222222
eu-west-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
222222222222
eu-west-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
222222222222
eu-west-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
222222222222
eu-west-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
222222222222
eu-west-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
222222222222
eu-west-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
222222222222
eu-west-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
222222222222
eu-west-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
222222222222
eu-west-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
222222222222
eu-west-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
222222222222
eu-west-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
222222222222
eu-west-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
222222222222
eu-west-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
222222222222
eu-west-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
222222222222
eu-west-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
222222222222
eu-west-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
222222222222
Global
SM-02
SageMaker IAM Permissions Check
No issues found with IAM permissions and no stale access detected
No action required
High
Passed
222222222222
us-east-1
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
222222222222
us-east-1
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
222222222222
us-east-1
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
222222222222
us-east-1
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
222222222222
us-east-1
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
222222222222
us-east-1
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
222222222222
us-east-1
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
222222222222
us-east-1
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
222222222222
us-east-1
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
222222222222
us-east-1
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
222222222222
us-east-1
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
222222222222
us-east-1
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
222222222222
us-east-1
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
222222222222
us-east-1
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
222222222222
us-east-1
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
222222222222
us-east-1
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
222222222222
us-east-1
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
222222222222
us-east-1
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
222222222222
us-east-1
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
222222222222
ap-southeast-2
SM-01
SageMaker Internet Access Check
No SageMaker notebook instances or domains found to check
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-02
SageMaker SSO Configuration Check
No SageMaker domains found, or all domains use SSO with IAM Identity Center configured
No action required
Medium
Passed
222222222222
ap-southeast-2
SM-03
Data Protection Check
No SageMaker resources found to check for data protection
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-04
GuardDuty Enabled
Amazon GuardDuty is properly enabled and monitoring for security threats in SageMaker workloads.
No action required
Medium
Passed
222222222222
ap-southeast-2
SM-05
SageMaker Model Registry Issue
No model package groups found
Implement model versioning using SageMaker Model Registry to track model lineage, approve model versions, and manage model deployment
Informational
N/A
222222222222
ap-southeast-2
SM-05
SageMaker Feature Store Issue
No feature groups found
Utilize SageMaker Feature Store to create, share, and manage features for machine learning development and production
Informational
N/A
222222222222
ap-southeast-2
SM-05
SageMaker Pipelines Issue
No ML pipelines found
Implement SageMaker Pipelines to automate and manage ML workflows, including data preparation, training, and model deployment
Informational
N/A
222222222222
ap-southeast-2
SM-06
SageMaker Clarify No Clarify Usage
No SageMaker Clarify jobs found
Implement SageMaker Clarify for model explainability and bias detection
Informational
N/A
222222222222
ap-southeast-2
SM-07
SageMaker Model Monitor No Model Monitoring
No Model Monitor schedules found
Configure comprehensive model monitoring schedules
Informational
N/A
222222222222
ap-southeast-2
SM-08
Model Registry Registry Not Used
Model Registry is not being utilized
Implement proper model versioning and approval workflows
Informational
N/A
222222222222
ap-southeast-2
SM-09
SageMaker Notebook Root Access Check
No notebook instances found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-10
SageMaker Notebook VPC Deployment Check
No notebook instances found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-11
SageMaker Model Network Isolation Check
No models found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-12
SageMaker Endpoint Instance Count Check
No InService endpoints found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-13
SageMaker Monitoring Network Isolation Check
No monitoring schedules found
No action required
Informational
N/A
222222222222
ap-southeast-2
SM-14
SageMaker Model Repository Access Check
No models found or all use default Platform access
No model package groups found. Model Registry is not being used for model governance.
Implement Model Registry to track model versions and enforce approval workflows before production deployment.
Informational
N/A
222222222222
ap-southeast-2
SM-23
Model Drift Detection Check
No InService endpoints found to monitor.
No action required
Medium
Passed
222222222222
ap-southeast-2
SM-24
A/B Testing and Shadow Deployment Check
No InService endpoints found.
No action required
Low
Passed
222222222222
ap-southeast-2
SM-25
ML Lineage Tracking - Experiments Not Used
No SageMaker Experiments found. ML Lineage tracking through Experiments is not being utilized.
Implement SageMaker Experiments to track ML training runs, hyperparameters, metrics, and model artifacts. This enables reproducibility and auditability.
Informational
N/A
Amazon Bedrock AgentCore Findings
Account ID
Region
Check ID
Finding
Details
Resolution
Reference
Severity
Status
111111111111
ap-southeast-2
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
111111111111
ap-southeast-2
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
111111111111
Global
AC-02
AgentCore IAM Full Access Policy
The following roles have BedrockAgentCoreFullAccess policy: AmazonSageMaker-ExecutionRole-20250525T153161
Replace with least-privilege policies scoped to specific AgentCore resources and actions
High
Failed
111111111111
Global
AC-02
AgentCore IAM Wildcard Permissions
The following roles have wildcard AgentCore permissions on all resources: agentcore-wildrydes_gateway_role_ab3991f6-role
Scope permissions to specific AgentCore resources using resource ARNs
High
Failed
111111111111
Global
AC-03
AgentCore Stale Access
The following principals have not accessed AgentCore in 60+ days: role 'AmazonSageMaker-ExecutionRole-20250525T153161' (179 days), role 'AWSServiceRoleForBedrockAgentCoreRuntimeIdentity' (179 days), role 'CustomerSupportAssistantBedrockAgentCoreRole-us-east-1' (179 days), role 'resco-aiml-security-19304-AgentCoreSecurityAssessme-w773pPsFWNsn' (62 days)
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
111111111111
Global
AC-03
AgentCore Unused Permissions
The following principals have AgentCore permissions but have never accessed the service: role 'agentcore-wildrydes_gateway_role_ab3991f6-role', role 'AIMLSecurityMemberRole', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-a6ddf3fc76', role 'AmazonBedrockAgentCoreSDKRuntime-us-east-1-ed660add8b', role 'aws-api-mcp-server-execution-role', role 'CustomerSupportStackInfra-RuntimeAgentCoreRole-N188nLB5RtLO', role 'IDP-AnalyticsProcessorFunctionRole-H3gwkJtNqrqW', role 'ReSCOAIMLMemberRole'
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
111111111111
Global
AC-09
AgentCore Service-Linked Role Missing
Service-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.
The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.
Medium
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-01
AgentCore Runtime VPC Configuration
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) is not configured with VPC. This exposes the runtime to public internet.
Configure VPC with private subnets and required VPC endpoints (ECR, S3, CloudWatch Logs)
High
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime CloudWatch Logs
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have CloudWatch Logs configured
Enable CloudWatch Logs for monitoring and troubleshooting
Medium
Failed
111111111111
us-east-1
AC-04
AgentCore Runtime X-Ray Tracing
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have X-Ray tracing enabled
Enable X-Ray tracing for distributed tracing and performance analysis
Consider using customer-managed KMS keys for better control and audit capabilities
Low
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'origami_expeditions' (origami_expeditions-TR4jDoHXe8) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'neoCyan_Agent' (neoCyan_Agent-yAFXSWFaA3) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'customer_support_agent' (customer_support_agent-ZP4e8z55dP) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'cdk_agent_core' (cdk_agent_core-7FqFlD86LW) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-06
AgentCore Runtime Storage Configuration
Runtime 'awsapimcpserver' (awsapimcpserver-mJrqgt37GO) does not have storage configuration for browser tools
Configure S3 storage for browser tool session recordings and artifacts
Medium
Failed
111111111111
us-east-1
AC-07
AgentCore Memory Encryption
Memory 'CustomerSupportMemory-x69jBq5GLp' (CustomerSupportMemory-x69jBq5GLp) does not have customer-managed encryption configured
Enable encryption with customer-managed KMS keys
Medium
Failed
111111111111
us-east-1
AC-07
AgentCore Memory Encryption
Memory 'cdk_agent_core_mem-uxfIagADuF' (cdk_agent_core_mem-uxfIagADuF) does not have customer-managed encryption configured
Enable encryption with customer-managed KMS keys
Medium
Failed
111111111111
us-east-1
AC-07
AgentCore Memory Encryption
Memory 'wildrydes_memory_ab3991f6-9FjiHOHjT2' (wildrydes_memory_ab3991f6-9FjiHOHjT2) does not have customer-managed encryption configured
Enable encryption with customer-managed KMS keys
Medium
Failed
111111111111
us-east-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
111111111111
us-east-1
AC-08
AgentCore VPC Endpoints Missing
No AgentCore VPC endpoints found in 4 VPCs. AgentCore API traffic traverses public internet, exposing it to interception.
Create VPC interface endpoints for AgentCore services:
1. com.amazonaws.region.bedrock-agentcore
2. com.amazonaws.region.bedrock-agentcore-control
3. com.amazonaws.region.bedrock-agentcore-runtime
This enables private connectivity via AWS PrivateLink
High
Failed
111111111111
us-east-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
111111111111
us-east-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
111111111111
us-east-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
111111111111
eu-west-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
111111111111
eu-west-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
111111111111
eu-west-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
111111111111
eu-west-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
111111111111
eu-west-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
333333333333
ap-southeast-2
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
333333333333
eu-west-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
333333333333
eu-west-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
eu-west-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
333333333333
eu-west-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
333333333333
eu-west-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
333333333333
Global
AC-02
AgentCore IAM Full Access Check
No roles with overly permissive AgentCore access found
No action required
High
Passed
333333333333
Global
AC-03
AgentCore Stale Access
The following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-mgmt-AgentCoreSecurityAssessmen-JrbYHkz9UslU' (62 days)
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
333333333333
Global
AC-03
AgentCore Unused Permissions
The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
333333333333
Global
AC-09
AgentCore Service-Linked Role Missing
Service-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.
The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.
Medium
Failed
333333333333
us-east-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
333333333333
us-east-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
333333333333
us-east-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
333333333333
us-east-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
333333333333
us-east-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
eu-west-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
222222222222
eu-west-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
eu-west-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
222222222222
eu-west-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
222222222222
eu-west-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
Global
AC-02
AgentCore IAM Full Access Check
No roles with overly permissive AgentCore access found
No action required
High
Passed
222222222222
Global
AC-03
AgentCore Stale Access
The following principals have not accessed AgentCore in 60+ days: role 'resco-aiml-security-23026-AgentCoreSecurityAssessme-2AEt2MTxg4AU' (62 days)
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
222222222222
Global
AC-03
AgentCore Unused Permissions
The following principals have AgentCore permissions but have never accessed the service: role 'AIMLSecurityMemberRole', role 'ReSCOAIMLMemberRole'
Review and remove unused AgentCore permissions following least privilege principle
Medium
Failed
222222222222
Global
AC-09
AgentCore Service-Linked Role Missing
Service-linked role 'AWSServiceRoleForBedrockAgentCoreNetwork' does not exist. VPC configuration for AgentCore Runtimes will fail without this role.
The service-linked role is automatically created when you configure VPC for an AgentCore Runtime. Ensure IAM permissions allow service-linked role creation.
Medium
Failed
222222222222
us-east-1
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
222222222222
us-east-1
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
us-east-1
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
No action required
Informational
N/A
222222222222
us-east-1
AC-11
AgentCore Policy Engine Encryption Check
No Policy Engines found
No action required
Informational
N/A
222222222222
us-east-1
AC-12
AgentCore Gateway Encryption Check
No Gateways found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-01
AgentCore VPC Configuration Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-04
AgentCore Observability Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-05
AgentCore Encryption Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-06
AgentCore Browser Tool Recording Check
No AgentCore Runtimes found to check browser tool configuration
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-07
AgentCore Memory Configuration Check
No Memory resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-13
AgentCore Gateway Configuration Check
No Gateway resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-08
AgentCore VPC Endpoints Check
No AgentCore resources found
No action required
Informational
N/A
222222222222
ap-southeast-2
AC-10
AgentCore Resource-Based Policies Check
No AgentCore resources found to check for resource-based policies
AWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.
1. Subscribe to AWS Shield Advanced for DDoS protection.
2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection.
3. Enable Shield Response Team (SRT) access and configure proactive engagement.
4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.
Low
Failed
111111111111
us-east-1
FS-01
No Regional WAF Web ACLs Found
No AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.
1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP).
2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock.
3. Add AWS Managed Rules for known bad inputs.
Medium
Failed
111111111111
us-east-1
FS-02
API Gateway Usage Plans Missing Throttle
Usage plans without throttling: myAskMeAnything-UsagePlan. Unbounded API calls can exhaust Bedrock token quotas and inflate costs.
Set rateLimit and burstLimit on all usage plans associated with GenAI API stages. Consider per-consumer API keys with individual quotas.
Medium
Failed
111111111111
us-east-1
FS-03
Bedrock Token Quotas At Default
All 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.
1. Review current Bedrock TPM/TPD quotas in the Service Quotas console.
2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review.
3. Implement client-side token counting and pre-flight quota checks.
4. Use Bedrock cross-region inference profiles to distribute load.
Medium
N/A
111111111111
us-east-1
FS-04
No Cost Anomaly Detection Monitors
No AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.
1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker.
2. Configure alert subscriptions (SNS/email) for anomalies above threshold.
3. Set daily spend budgets with AWS Budgets as a secondary control.
Medium
Failed
111111111111
us-east-1
FS-05
No Bedrock CloudWatch Alarms Found
No CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.
Create CloudWatch alarms for:
- AWS/Bedrock InvocationThrottles (threshold > 0)
- AWS/Bedrock TokensProcessed (threshold based on quota)
- Custom application-level token counters via EMF
Medium
Failed
111111111111
us-east-1
FS-06
No AI/ML Service Budgets Configured
No AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.
1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds.
2. Add SNS notifications to on-call channels.
3. Consider budget actions to apply IAM deny policies when thresholds are breached.
Medium
Failed
111111111111
us-east-1
FS-07
Agent Action Boundary Check
No Bedrock agents found.
No action required.
Informational
N/A
111111111111
us-east-1
FS-08
AgentCore Runtimes Missing Policy Engine
Runtimes without authorizer configuration: origami_expeditions, neoCyan_Agent, customer_support_agent, cdk_agent_core, awsapimcpserver. Without a policy engine, agents can invoke any registered tool without authorization checks.
Configure an authorizer (Lambda or Cedar policy store) on each AgentCore runtime to enforce fine-grained tool-call authorization.
1. Set reserved concurrency on agent Lambda functions.
2. Implement maximum iteration counts in agent orchestration logic.
3. Use Step Functions with MaxConcurrency and timeout states.
4. Add circuit-breaker patterns to agent tool invocations.
Medium
Failed
111111111111
us-east-1
FS-10
Human-in-the-Loop Check — No Agent Workflows Found
No Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.
Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.
Informational
N/A
111111111111
us-east-1
FS-11
No Agent Rate Alarms Found
No CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.
Create CloudWatch alarms on:
- Bedrock agent invocation counts (threshold based on expected max)
- Lambda invocation errors for agent functions
- Step Functions execution failures and timeouts
Medium
Failed
111111111111
us-east-1
FS-12
No Bedrock-Scoped SCPs Found
No Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.
1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list.
2. Use bedrock:ModelId condition key to allowlist approved models.
3. Maintain a model inventory and update the SCP when models are approved/retired.
High
Failed
111111111111
us-east-1
FS-13
Model Provenance Tags Present
All reviewed models have required provenance tags.
No action required.
Medium
Passed
111111111111
us-east-1
FS-14
Model Governance Config Rules Present
Found 11 model-related Config rule(s).
No action required.
Medium
Passed
111111111111
us-east-1
FS-15
No Bedrock Evaluation Jobs Found
No Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.
1. Run Bedrock Model Evaluation with adversarial/red-team datasets.
2. Use FMEval library for automated robustness testing.
3. Schedule periodic re-evaluation after model updates.
Medium
Failed
111111111111
us-east-1
FS-16
ECR Repositories Without Image Scanning
4 ECR repo(s) without scan-on-push: mlexplorationrepo, cdk-hnb659fds-container-assets-111111111111-us-east-1, bedrock-agentcore-customer_support_agent, bedrock-agentcore-origami_expeditions.
Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.
High
Failed
111111111111
us-east-1
FS-20
No SageMaker Feature Groups Found
No SageMaker Feature Store groups found.
No action required.
Informational
N/A
111111111111
us-east-1
FS-21
Training Data Buckets Without Versioning
13 training data bucket(s) without versioning: ancbedrocklogging, bedrock-agentcore-codebuild-sources-111111111111-us-east-1, bedrock-bda-us-east-1-dda43109-6557-48bb-993d-3f97126b64b4, bedrock-bda-us-east-1-logging-00719114-debd-4487-85d1-09cbc3fc8, bedrock-kb-bucket-f736570b, bedrock-video-generation-us-east-1-h5ltpm, fsi-genai-workshop-bedrock-datasources-111111111111-us-west-2, knowledgebase-bedrock-agent-agasthik, llmevaluationpromptfoo-bedrockkb-cozhbzbrcmd2, sagemaker-studio-111111111111-huo1mvme4t.
Enable S3 versioning on all training data buckets. Consider enabling MFA Delete for additional protection against poisoning.
High
Failed
111111111111
us-east-1
FS-22
Overly Permissive Knowledge Base IAM Roles
722 role(s) with wildcard KB permissions:
- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateKnowledgeBase' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role '111111111111-us-east-1-kb-setup-function-role' allows 'bedrock:CreateDataSource' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'Admin' allows '*'
- Role 'agentcore-wildrydes_gateway_role_ab3991f6-role' allows 'bedrock:*'
- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModel' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'AgentCoreEvalsSDK-us-east-1-d04ba7b68b' allows 'bedrock:InvokeModelWithResponseStream' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'Agentic-AI-MCP-Strands-SDK-Works-VSCodeInstanceRole-NCTUnlnRBFO6' allows '*'
- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-19304724716-BedrockSecurityAssessment-vv6H0eGD9ESX' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases)
Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.
High
Failed
111111111111
us-east-1
FS-24
ADVISORY: Knowledge Base Metadata Filtering — Manual Review Required
Found 3 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.
1. Add metadata fields (tenantId, dataClassification) to KB data sources.
2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls.
3. Validate filters in integration tests to prevent cross-tenant data leakage.
Informational
N/A
111111111111
us-east-1
FS-25
OpenSearch Serverless Encryption Policies Present
Found 5 encryption policy(ies); 5 use a customer-managed KMS key.
Verify all vector store collections use customer-managed KMS keys.
High
Passed
111111111111
us-east-1
FS-26
OpenSearch Serverless Collections Not VPC-Restricted
Found 5 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.
Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.
High
Failed
111111111111
us-east-1
FS-27
No Guardrails — Contextual Grounding Not Applicable
No Bedrock Guardrails configured. Configure guardrails first (see BR-05).
Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).
Informational
N/A
111111111111
us-east-1
FS-27
Automated Reasoning Policies — Access Check
Access denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.
1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml.
2. Check for an Organizations SCP / permission boundary denying the action.
3. Confirm the assessed region supports Automated Reasoning checks.
4. Re-run the assessment after re-deploying.
Low
N/A
111111111111
us-east-1
FS-28
No Guardrails — Denied Topics Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with denied topics for regulated financial content.
Application-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.
1. Implement post-processing to append required disclaimers to GenAI outputs.
2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures.
3. Document disclaimer requirements in the AI use case register.
4. Test disclaimer presence in QA/UAT before production deployment.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with compliance-specific datasets:
- Fair lending test cases (ECOA, Fair Housing Act)
- UDAP/UDAAP unfair/deceptive practice scenarios
- AML/KYC edge cases
Informational
N/A
111111111111
us-east-1
FS-31
Knowledge Base Data Sources Past Review Threshold
2 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit):
- KB 'knowledge-base-semiconductors' source 'knowledge-base-quick-start-qpvuv-data-source' last synced 702 days ago
- KB '111111111111-us-east-1-kb' source '111111111111-us-east-1-kb-datasource' last synced 180 days ago
Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.
1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match.
2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61.
3. Set CloudWatch alarms on sync job failures.
Source attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.
1. Use Bedrock RetrieveAndGenerate with citations enabled.
2. Include source document references in response post-processing.
3. Test citation accuracy in QA before production deployment.
4. Consider Bedrock Guardrails grounding checks to validate response accuracy.
Informational
N/A
111111111111
us-east-1
FS-33
KB Data Source Buckets Without Versioning
KB data source S3 buckets without versioning: 111111111111-us-east-1-kb-data-bucket.
Enable S3 versioning on all KB data source buckets. Enable S3 Object Integrity (checksum) for tamper detection.
Medium
Failed
111111111111
us-east-1
FS-34
Legacy Foundation Models Available in Region
Legacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.
1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config).
2. Migrate active usage to current model versions.
3. Document training-data cutoff dates for all models in use.
4. Add data-currency disclaimers to outputs from models with old cutoffs.
Informational
N/A
111111111111
us-east-1
FS-35
ADVISORY: Harmful-Content Test Coverage — Manual Review Required
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation or FMEval with harmful content datasets:
- Toxicity detection
- Hate speech classification
- Violence/self-harm content
Informational
N/A
111111111111
us-east-1
FS-36
No Guardrails — Content Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with content filters.
Informational
N/A
111111111111
us-east-1
FS-37
ADVISORY: User Feedback Mechanism — Manual Review Required
User feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.
1. Implement thumbs-up/down or flag-for-review UI in GenAI applications.
2. Route flagged outputs to human reviewers via SQS/SNS.
3. Log feedback to DynamoDB/S3 for model improvement.
4. Define SLAs for reviewing flagged content.
Informational
N/A
111111111111
us-east-1
FS-38
No Guardrails — Word Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with word filters.
Informational
N/A
111111111111
us-east-1
FS-39
No SageMaker Clarify Bias Monitoring
No SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.
1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions.
2. Define protected attributes (age, gender, race proxies).
3. Set bias metric thresholds and alert on violations.
4. Document bias testing results for regulatory examination.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with bias test datasets:
- Demographic parity test cases
- Equal opportunity scenarios
- Counterfactual fairness tests
Informational
N/A
111111111111
us-east-1
FS-41
No SageMaker Clarify Explainability Monitoring
No SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).
1. Configure SageMaker Clarify explainability for credit/lending models.
2. Generate SHAP values for feature importance.
3. Map top features to human-readable adverse action reason codes.
4. Store explanations for regulatory examination.
High
Failed
111111111111
us-east-1
FS-42
No SageMaker Model Cards Found
No SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.
1. Create SageMaker Model Cards for all production models.
2. Document: intended use, out-of-scope uses, training data, bias evaluations.
3. Include regulatory compliance attestations.
4. Review and update cards at each model version release.
Medium
Failed
111111111111
us-east-1
FS-43
No CloudWatch Logs Data Protection Policies
No CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.
1. Create CloudWatch Logs data protection policies to mask PII.
2. Enable masking for: SSN, credit card numbers, bank account numbers, email.
3. Apply policies to Bedrock invocation log groups.
4. Test masking with synthetic PII before production deployment.
High
Failed
111111111111
us-east-1
FS-44
Amazon Macie Enabled
Amazon Macie is enabled and scanning S3 buckets.
Verify Macie jobs cover training data and KB data source buckets.
High
Passed
111111111111
us-east-1
FS-45
No Guardrails — PII Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with PII/sensitive information filters.
Application-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.'
2. Implement post-processing to append disclaimers.
3. Test disclaimer presence in QA before production.
Informational
N/A
111111111111
us-east-1
FS-50
No Guardrails With Relevance Grounding Filters
No guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.
Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.
Medium
Failed
111111111111
us-east-1
FS-51
No Guardrails — Prompt Attack Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with prompt attack filters.
Informational
N/A
111111111111
us-east-1
FS-52
Bedrock Lambda Functions on Deprecated Runtimes
Functions on deprecated runtimes: e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk, e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII. Deprecated runtimes may use outdated boto3/SDK versions lacking security patches.
1. Upgrade Lambda functions to a supported runtime — Python 3.12+, Node.js 22.x or 24.x, Java 21+, or .NET 8+.
2. Update boto3 to the latest version in Lambda layers (pin the version in requirements.txt and redeploy).
3. Enable Lambda runtime management controls for automatic minor-version updates (runtimeManagementConfig.updateRuntimeOn = 'Auto').
4. Refer to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html for the authoritative list of supported and deprecated runtimes.
Medium
Failed
111111111111
us-east-1
FS-53
No WAF Web ACLs — Injection Rules Not Applicable
No regional WAF Web ACLs found.
Create WAF Web ACLs with injection protection rules (see FS-01).
Penetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.
1. Conduct penetration testing of GenAI applications at least annually and before major releases.
2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts.
3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it.
4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail.
5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.
Informational
N/A
111111111111
us-east-1
FS-55
No Output Validation Functions Found
No Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.
1. Implement output validation Lambda functions in GenAI pipelines.
2. Validate output schema, length, and content before downstream use.
3. Sanitize outputs before rendering in web UIs (XSS prevention).
4. Encode outputs appropriately for the target context (HTML, SQL, JSON).
Output encoding practices cannot be verified via AWS APIs. Manual code review required.
1. HTML-encode GenAI outputs before rendering in web UIs.
2. Use parameterized queries when GenAI output is used in database operations.
3. JSON-encode outputs before embedding in JavaScript contexts.
4. Validate output length and format before passing to downstream APIs.
Found 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.
1. Use Bedrock structured output (response schemas) where supported.
2. Implement JSON schema validation on Lambda output processors.
3. Reject malformed outputs and return safe error responses.
4. Log schema validation failures to CloudWatch for monitoring.
Informational
N/A
111111111111
us-east-1
FS-59
No Guardrails — Topic Allowlist Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with topic policies to restrict off-topic responses.
Informational
N/A
111111111111
us-east-1
FS-60
ADVISORY: Contextual Grounding for Off-Topic Prevention
Contextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.
1. Include explicit scope instructions in system prompts.
2. Use Bedrock Guardrails relevance grounding filter.
3. Test with off-topic prompts in QA to verify rejection behavior.
Informational
N/A
111111111111
us-east-1
FS-61
COULD NOT ASSESS: Knowledge Base Sync Schedule Check
This check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::111111111111:assumed-role/aiml-security-19304724716-FinServSecurityAssessment-G8d5dEiMJsZB/aiml-security-aiml-security-111111111111-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:111111111111:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.
1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README).
2. Confirm the service/feature is supported in the assessed region.
3. Ensure botocore meets the version floor in requirements.txt.
4. Re-run the assessment; assess this control manually until it succeeds.
Low
N/A
111111111111
us-east-1
FS-62
ADVISORY: Data Currency Disclaimer — Manual Review Required
Data currency disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].'
2. Expose KB last sync timestamp in application responses.
3. Alert users when KB data is older than defined threshold.
Informational
N/A
111111111111
us-east-1
FS-63
Foundation Model Lifecycle Management
No legacy models detected. 10 lifecycle-related Config rule(s) found.
No action required.
Medium
Passed
111111111111
us-east-1
FS-65
KB Data Source Buckets Missing S3 Event Notifications
The following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time:
- semiconductor-demo-9999
- 111111111111-us-east-1-kb-data-bucket
1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket.
2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting.
3. Integrate alerts into your security incident response workflow.
The following runtimes have no JWT or IAM authorizer configured for end-user identity propagation. Tool calls are authorized only by the agent execution role, not the originating user:
- origami_expeditions
- neoCyan_Agent
- customer_support_agent
- cdk_agent_core
- awsapimcpserver
1. Configure a custom JWT authorizer or IAM authorizer on each AgentCore runtime.
2. Propagate the end-user's identity token to downstream tool services.
3. Ensure tool services validate the propagated identity before executing actions.
4. Do not expose propagated identity tokens to unauthorized third parties.
High
Failed
111111111111
us-east-1
FS-67
Agent Action-Group Lambdas May Lack Transaction Thresholds
The following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions:
- aiml-security-aiml-security-111111111111-FinServAssessment
- aiml-security-aiml-security-111111111111-BedrockAssessment
- resco-aiml-BedrockAssessment
- aiml-security-aiml-security-111111111111-AgentCoreAssessment
- e2ebedrockrag-OSSInfraStack-BKBOSSInfraSetupLambda-031La8JAQXtk
- e2ebedrockrag-OSSInfraSta-OSSIndexCreationProvider-g56en9UzRjII
- resco-aiml-AgentCoreAssessment
1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda.
2. Implement threshold enforcement logic in the Lambda handler.
3. Configure AgentCore Policy Engine rules to cap financial transaction amounts.
4. Route transactions exceeding thresholds to a human-in-the-loop approval step.
High
Failed
111111111111
us-east-1
FS-68
API Gateway Request Body Size Limits Not Enforced
Found 3 REST API(s) and 0 regional WAF Web ACL(s), but none enforce a maximum request-body size. Note: an API Gateway request validator does NOT cap body size (it validates the schema and required params; the REST limit is a fixed 10 MB), and a WAF body SizeConstraint only inspects the first ~16 KB of the body by default. Oversized prompts can exhaust Bedrock token quotas and inflate costs.
1. Add a maxLength (or maxItems/maxProperties) bound to the request-body JSON-Schema model used by your request validator, so oversized prompts are rejected with a 400.
2. Add a WAF SizeConstraintStatement on the request Body sized within WAF's body-inspection window (default 16 KB; raise via the web ACL AssociationConfig, or set OversizeHandling=MATCH to block bodies beyond the window), and associate the ACL with the API stage.
3. Set the max_tokens parameter in Bedrock API calls to cap output length.
4. Implement client-side token counting before submitting requests.
Medium
Failed
111111111111
us-east-1
FS-69
Prompt Input Validation Functions Present
Found 3 Lambda function(s) with input validation/sanitization naming patterns: resco-aiml-CleanupBucket, visa-bulletin-tracker-prod-cleanup, aiml-security-aiml-security-111111111111-CleanupBucket.
Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.
Medium
Passed
111111111111
eu-west-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
111111111111
ap-southeast-2
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
333333333333
us-east-1
FS-01
AWS Shield Advanced Not Enabled
AWS Shield Advanced is not subscribed. GenAI API endpoints are vulnerable to volumetric DDoS attacks that can exhaust token quotas and inflate costs.
1. Subscribe to AWS Shield Advanced for DDoS protection.
2. After subscribing, explicitly add resource protections in the Shield Advanced console for each Bedrock-facing resource (API Gateway stages, ALBs, CloudFront distributions, Route 53 hosted zones). Shield Advanced subscription alone does NOT automatically protect resources — each resource must be individually added to receive protection.
3. Enable Shield Response Team (SRT) access and configure proactive engagement.
4. Alternatively, use AWS Firewall Manager with a Shield Advanced policy to automate resource protection based on tags or resource types.
Low
Failed
333333333333
us-east-1
FS-01
No Regional WAF Web ACLs Found
No AWS WAF regional Web ACLs found. Without WAF, GenAI endpoints lack rate-based rules to block abusive callers.
1. Create a WAF Web ACL with rate-based rules (e.g., 1000 req/5 min per IP).
2. Associate the ACL with API Gateway stages or ALBs fronting Bedrock.
3. Add AWS Managed Rules for known bad inputs.
Medium
Failed
333333333333
us-east-1
FS-02
No API Gateway Usage Plans Found
No usage plans configured. GenAI API endpoints may have no rate limits.
Create API Gateway usage plans with throttle settings (rateLimit and burstLimit) for all Bedrock-facing APIs.
Informational
N/A
333333333333
us-east-1
FS-03
Bedrock Token Quotas At Default
All 232 Bedrock token-based quota(s) are at their AWS default values — no quota increase has been applied. Running at default is a legitimate posture, but it should be a reviewed decision aligned with expected peak load rather than an oversight.
1. Review current Bedrock TPM/TPD quotas in the Service Quotas console.
2. Request increases aligned with expected peak load, or document a deliberate decision to remain at default after review.
3. Implement client-side token counting and pre-flight quota checks.
4. Use Bedrock cross-region inference profiles to distribute load.
Medium
N/A
333333333333
us-east-1
FS-04
No Cost Anomaly Detection Monitors
No AWS Cost Anomaly Detection monitors found. Unexpected spikes in Bedrock/SageMaker usage (e.g., from prompt injection loops) will go undetected.
1. Create a Cost Anomaly Detection monitor scoped to AWS/Bedrock and AWS/SageMaker.
2. Configure alert subscriptions (SNS/email) for anomalies above threshold.
3. Set daily spend budgets with AWS Budgets as a secondary control.
Medium
Failed
333333333333
us-east-1
FS-05
No Bedrock CloudWatch Alarms Found
No CloudWatch alarms found for Bedrock metrics. Token exhaustion and throttling events will not trigger operational alerts.
Create CloudWatch alarms for:
- AWS/Bedrock InvocationThrottles (threshold > 0)
- AWS/Bedrock TokensProcessed (threshold based on quota)
- Custom application-level token counters via EMF
Medium
Failed
333333333333
us-east-1
FS-06
No AI/ML Service Budgets Configured
No AWS Budgets found scoped to Bedrock or SageMaker. Unbounded GenAI spend can go undetected until the monthly bill.
1. Create cost budgets for AWS Bedrock and SageMaker with 80%/100% alert thresholds.
2. Add SNS notifications to on-call channels.
3. Consider budget actions to apply IAM deny policies when thresholds are breached.
Medium
Failed
333333333333
us-east-1
FS-07
Agent Action Boundary Check
No Bedrock agents found.
No action required.
Informational
N/A
333333333333
us-east-1
FS-08
No AgentCore Runtimes Found
No AgentCore runtimes found; policy engine check not applicable.
If using AgentCore, configure the Policy Engine to authorize tool calls.
1. Set reserved concurrency on agent Lambda functions.
2. Implement maximum iteration counts in agent orchestration logic.
3. Use Step Functions with MaxConcurrency and timeout states.
4. Add circuit-breaker patterns to agent tool invocations.
Medium
Failed
333333333333
us-east-1
FS-10
Human-in-the-Loop Check — No Agent Workflows Found
No Step Functions state machines with agent/approval naming found. Verify that high-risk agent actions (e.g., fund transfers, account changes) have human approval gates.
Implement Step Functions .waitForTaskToken patterns for high-risk agent actions. Route approval requests to human reviewers via SNS/SES/Slack.
Informational
N/A
333333333333
us-east-1
FS-11
No Agent Rate Alarms Found
No CloudWatch alarms found for agent invocation rates. Looping or runaway agents will not trigger operational alerts.
Create CloudWatch alarms on:
- Bedrock agent invocation counts (threshold based on expected max)
- Lambda invocation errors for agent functions
- Step Functions execution failures and timeouts
Medium
Failed
333333333333
us-east-1
FS-12
No Bedrock-Scoped SCPs Found
No Service Control Policies reference Bedrock. Without SCPs, any account in the organization can access any Bedrock model, including unapproved third-party models.
1. Create an SCP that denies bedrock:InvokeModel for model IDs not on the approved list.
2. Use bedrock:ModelId condition key to allowlist approved models.
3. Maintain a model inventory and update the SCP when models are approved/retired.
High
Failed
333333333333
us-east-1
FS-13
Model Provenance Tags Present
All reviewed models have required provenance tags.
No action required.
Medium
Passed
333333333333
us-east-1
FS-14
Model Governance Config Rules Present
Found 13 model-related Config rule(s).
No action required.
Medium
Passed
333333333333
us-east-1
FS-15
No Bedrock Evaluation Jobs Found
No Bedrock Model Evaluation jobs found. Models have not been evaluated for adversarial robustness. FinServ model-risk management (SR 11-7) expects documented model validation/evaluation.
1. Run Bedrock Model Evaluation with adversarial/red-team datasets.
2. Use FMEval library for automated robustness testing.
3. Schedule periodic re-evaluation after model updates.
Medium
Failed
333333333333
us-east-1
FS-16
ECR Repositories Without Image Scanning
1 ECR repo(s) without scan-on-push: cdk-hnb659fds-container-assets-333333333333-us-east-1.
Enable scan-on-push for all ECR repositories containing model containers. Consider enabling Enhanced Scanning (Inspector) for CVE detection.
High
Failed
333333333333
us-east-1
FS-20
No SageMaker Feature Groups Found
No SageMaker Feature Store groups found.
No action required.
Informational
N/A
333333333333
us-east-1
FS-21
No Training Data Buckets Identified
No S3 buckets with training/model naming found.
Tag training data buckets and enable versioning.
Informational
N/A
333333333333
us-east-1
FS-22
Overly Permissive Knowledge Base IAM Roles
710 role(s) with wildcard KB permissions:
- Role 'Admin' allows '*'
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListGuardrails' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetGuardrail' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListModelInvocations' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetModelInvocationLoggingConfiguration' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListPrompts' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetPrompt' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListAgents' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:GetAgent' on Resource '*' (no ARN scoping to specific Knowledge Bases)
- Role 'aiml-security-mgmt-BedrockSecurityAssessmentFunctio-3SFVOekaDS6b' allows 'bedrock:ListCustomModels' on Resource '*' (no ARN scoping to specific Knowledge Bases)
Replace wildcard bedrock-agent:* with specific actions: bedrock:Retrieve, bedrock:RetrieveAndGenerate. Scope resources to specific Knowledge Base ARNs.
High
Failed
333333333333
us-east-1
FS-24
ADVISORY: Knowledge Base Metadata Filtering — Manual Review Required
Found 1 Knowledge Base(s). Tenant-isolation metadata filtering is a design pattern that cannot be verified via API — manual review required. Verify that metadata attributes (e.g., tenantId, classification) are indexed and that Retrieve calls include RetrievalFilter conditions for tenant isolation.
1. Add metadata fields (tenantId, dataClassification) to KB data sources.
2. Pass RetrievalFilter in all Retrieve/RetrieveAndGenerate calls.
3. Validate filters in integration tests to prevent cross-tenant data leakage.
Informational
N/A
333333333333
us-east-1
FS-25
OpenSearch Serverless Encryption Policies Present
Found 1 encryption policy(ies); 1 use a customer-managed KMS key.
Verify all vector store collections use customer-managed KMS keys.
High
Passed
333333333333
us-east-1
FS-26
OpenSearch Serverless Collections Not VPC-Restricted
Found 1 network policy(ies) but none restrict to VPC. Vector stores may be accessible from the public internet.
Update network policies to allow access only from VPC endpoints. Create an OpenSearch Serverless VPC endpoint in your VPC.
High
Failed
333333333333
us-east-1
FS-27
No Guardrails — Contextual Grounding Not Applicable
No Bedrock Guardrails configured. Configure guardrails first (see BR-05).
Configure Bedrock Guardrails with contextual grounding checks (grounding threshold ≥0.7 and relevance threshold ≥0.7 for FinServ use cases).
Informational
N/A
333333333333
us-east-1
FS-27
Automated Reasoning Policies — Access Check
Access denied or service unavailable when listing Automated Reasoning policies. The IAM action name (bedrock:ListAutomatedReasoningPolicies) is correct, so the most likely causes are, in order: (1) the assessment MEMBER ROLE in this account was deployed before this action was added and has not been re-deployed; (2) an AWS Organizations SCP or permission boundary denies this newer Bedrock action; (3) the region does not support ARC. ARC is available in AWS GovCloud (US) and a growing set of commercial regions (e.g., us-east-1, us-east-2, us-west-2, eu-central-1, eu-west-1, eu-west-3) — verify the current list in the AWS documentation.
1. RE-DEPLOY the member-role CloudFormation stack so the role picks up bedrock:ListAutomatedReasoningPolicies (templates may be current while the *deployed* role is stale). See deployment/1-aiml-security-member-roles.yaml and aiml-security-single-account.yaml.
2. Check for an Organizations SCP / permission boundary denying the action.
3. Confirm the assessed region supports Automated Reasoning checks.
4. Re-run the assessment after re-deploying.
Low
N/A
333333333333
us-east-1
FS-28
No Guardrails — Denied Topics Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with denied topics for regulated financial content.
Application-level compliance disclaimers cannot be verified via AWS APIs. Manual review required to confirm GenAI outputs include required regulatory disclosures.
1. Implement post-processing to append required disclaimers to GenAI outputs.
2. Use Bedrock Guardrails word filters to block outputs that omit required disclosures.
3. Document disclaimer requirements in the AI use case register.
4. Test disclaimer presence in QA/UAT before production deployment.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include compliance-specific datasets (fair lending/ECOA, Fair Housing Act, UDAP/UDAAP, AML/KYC edge cases). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with compliance-specific datasets:
- Fair lending test cases (ECOA, Fair Housing Act)
- UDAP/UDAAP unfair/deceptive practice scenarios
- AML/KYC edge cases
Informational
N/A
333333333333
us-east-1
FS-31
Knowledge Base Data Sources Past Review Threshold
1 data source(s) not synced in >7 days (a configurable review threshold, NOT an AWS-mandated limit):
- KB 'knowledge-base-prowler-findings' source 'knowledge-base-quick-start-9lb68-data-source' last synced 403 days ago
Confirm this age is acceptable for each data source's currency requirement — slow-changing reference data may legitimately sync infrequently.
1. Define the maximum acceptable data age per use case (e.g., intraday for market data, daily for product terms, weekly/monthly for regulatory guidance) and adjust the review threshold to match.
2. Configure automated sync (EventBridge Scheduler → StartIngestionJob) at that cadence — see FS-61.
3. Set CloudWatch alarms on sync job failures.
Source attribution in GenAI responses cannot be verified via AWS APIs. Manual review required to confirm responses include citations.
1. Use Bedrock RetrieveAndGenerate with citations enabled.
2. Include source document references in response post-processing.
3. Test citation accuracy in QA before production deployment.
4. Consider Bedrock Guardrails grounding checks to validate response accuracy.
Informational
N/A
333333333333
us-east-1
FS-33
KB Data Source Buckets Have Versioning
All reviewed KB data source buckets have versioning enabled.
No action required.
Medium
Passed
333333333333
us-east-1
FS-34
Legacy Foundation Models Available in Region
Legacy/deprecated foundation models are available in this account/region: anthropic.claude-sonnet-4-20250514-v1:0, twelvelabs.marengo-embed-2-7-v1:0, amazon.titan-image-generator-v2:0, amazon.nova-premier-v1:0:8k, amazon.nova-premier-v1:0:20k, amazon.nova-premier-v1:0:1000k, amazon.nova-premier-v1:0:mm, amazon.nova-premier-v1:0, amazon.nova-canvas-v1:0, amazon.nova-reel-v1:0. This API reports model *availability*, not actual usage — it cannot determine which models your applications invoke. Legacy models have older training-data cutoffs and may produce outdated information if used. Review whether any are in active use.
1. Identify which (if any) of these legacy models your applications invoke (e.g., via CloudTrail InvokeModel events or application config).
2. Migrate active usage to current model versions.
3. Document training-data cutoff dates for all models in use.
4. Add data-currency disclaimers to outputs from models with old cutoffs.
Informational
N/A
333333333333
us-east-1
FS-35
ADVISORY: Harmful-Content Test Coverage — Manual Review Required
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation/FMEval jobs include harmful-content datasets (toxicity, hate speech, violence/self-harm). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation or FMEval with harmful content datasets:
- Toxicity detection
- Hate speech classification
- Violence/self-harm content
Informational
N/A
333333333333
us-east-1
FS-36
No Guardrails — Content Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with content filters.
Informational
N/A
333333333333
us-east-1
FS-37
ADVISORY: User Feedback Mechanism — Manual Review Required
User feedback mechanisms for harmful outputs cannot be verified via AWS APIs. Manual review required.
1. Implement thumbs-up/down or flag-for-review UI in GenAI applications.
2. Route flagged outputs to human reviewers via SQS/SNS.
3. Log feedback to DynamoDB/S3 for model improvement.
4. Define SLAs for reviewing flagged content.
Informational
N/A
333333333333
us-east-1
FS-38
No Guardrails — Word Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with word filters.
Informational
N/A
333333333333
us-east-1
FS-39
No SageMaker Clarify Bias Monitoring
No SageMaker Clarify model bias monitoring schedules found. Models making financial decisions (credit, insurance) may exhibit discriminatory bias without detection.
1. Configure SageMaker Clarify bias detection for all models making credit, insurance, or employment decisions.
2. Define protected attributes (age, gender, race proxies).
3. Set bias metric thresholds and alert on violations.
4. Document bias testing results for regulatory examination.
Bedrock model-evaluation dataset content cannot be inspected via API. Manually verify your model-evaluation jobs include bias/fairness datasets (demographic parity, equal-opportunity, counterfactual fairness) for any GenAI models used in financial decisions (ECOA/Fair Housing). Whether any evaluation jobs exist at all is assessed by FS-15.
Run Bedrock Model Evaluation with bias test datasets:
- Demographic parity test cases
- Equal opportunity scenarios
- Counterfactual fairness tests
Informational
N/A
333333333333
us-east-1
FS-41
No SageMaker Clarify Explainability Monitoring
No SageMaker Clarify explainability monitoring found. Models making adverse financial decisions may not provide required explanations (ECOA adverse action notices).
1. Configure SageMaker Clarify explainability for credit/lending models.
2. Generate SHAP values for feature importance.
3. Map top features to human-readable adverse action reason codes.
4. Store explanations for regulatory examination.
High
Failed
333333333333
us-east-1
FS-42
No SageMaker Model Cards Found
No SageMaker Model Cards found. Production AI models lack documented intended use, limitations, and bias evaluations.
1. Create SageMaker Model Cards for all production models.
2. Document: intended use, out-of-scope uses, training data, bias evaluations.
3. Include regulatory compliance attestations.
4. Review and update cards at each model version release.
Medium
Failed
333333333333
us-east-1
FS-43
No CloudWatch Logs Data Protection Policies
No CloudWatch Logs data protection policies found. PII (SSN, account numbers, credit card numbers) in Bedrock invocation logs may be stored in plaintext.
1. Create CloudWatch Logs data protection policies to mask PII.
2. Enable masking for: SSN, credit card numbers, bank account numbers, email.
3. Apply policies to Bedrock invocation log groups.
4. Test masking with synthetic PII before production deployment.
High
Failed
333333333333
us-east-1
FS-44
Amazon Macie Not Enabled
Amazon Macie is not enabled. S3 buckets containing training data and KB data sources are not being scanned for PII/sensitive data.
1. Enable Amazon Macie in all regions where AI/ML data is stored.
2. Create Macie classification jobs for training data and KB buckets.
3. Configure Macie findings to route to Security Hub and SNS.
4. Remediate PII findings before using data for model training.
High
Failed
333333333333
us-east-1
FS-45
No Guardrails — PII Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with PII/sensitive information filters.
Informational
N/A
333333333333
us-east-1
FS-46
No AI/ML Data Buckets Identified
No S3 buckets with AI/ML naming found.
Tag AI/ML data buckets with data-classification labels.
Informational
N/A
333333333333
us-east-1
FS-47
No Guardrails — Grounding Threshold Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with contextual grounding checks.
Informational
N/A
333333333333
us-east-1
FS-48
Active Knowledge Bases for RAG Present
Found 1 active Knowledge Base(s) for RAG grounding.
Application-level hallucination disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add disclaimers to GenAI outputs: 'AI-generated content may contain errors. Verify with authoritative sources before acting.'
2. Implement post-processing to append disclaimers.
3. Test disclaimer presence in QA before production.
Informational
N/A
333333333333
us-east-1
FS-50
No Guardrails With Relevance Grounding Filters
No guardrails have RELEVANCE contextual grounding filters. Without relevance filters, responses that are off-topic or unrelated to the user query will not be blocked, increasing hallucination risk in RAG-based FinServ applications.
Enable the RELEVANCE contextual grounding filter in Bedrock Guardrails with a threshold of ≥0.7 to block responses that are not relevant to the user query. Also enable the GROUNDING filter (≥0.7) to block responses not supported by the retrieved source context.
Medium
Failed
333333333333
us-east-1
FS-51
No Guardrails — Prompt Attack Filters Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with prompt attack filters.
Informational
N/A
333333333333
us-east-1
FS-52
Bedrock Lambda Functions on Current Runtimes
All 16 Bedrock Lambda function(s) use current runtimes.
No action required.
Medium
Passed
333333333333
us-east-1
FS-53
No WAF Web ACLs — Injection Rules Not Applicable
No regional WAF Web ACLs found.
Create WAF Web ACLs with injection protection rules (see FS-01).
Penetration testing evidence cannot be verified via AWS APIs. Manual review required to confirm GenAI applications have been tested.
1. Conduct penetration testing of GenAI applications at least annually and before major releases.
2. Include AI-specific test cases: prompt injection, jailbreak, indirect (cross-domain) injection, system-prompt leakage, and data-extraction attempts.
3. Consider AWS Security Agent for on-demand, AI-driven penetration testing (GA March 2026; available in US East N. Virginia, US West Oregon, Europe Ireland, Europe Frankfurt, Asia Pacific Sydney, Asia Pacific Tokyo, with cross-account shared-VPC testing via AWS RAM). Open-source tools such as Garak or PyRIT and manual red-teaming are complementary options. Verify current regional availability on the AWS Security Agent page before relying on it.
4. Document findings and remediation for regulatory examination, and tag tested resources with a last-pentest-date for audit trail.
5. For DORA compliance, include GenAI in TLPT (Threat-Led Penetration Testing) scope.
Informational
N/A
333333333333
us-east-1
FS-55
No Output Validation Functions Found
No Lambda functions with output validation/sanitization naming found. GenAI outputs may be passed directly to downstream systems without validation.
1. Implement output validation Lambda functions in GenAI pipelines.
2. Validate output schema, length, and content before downstream use.
3. Sanitize outputs before rendering in web UIs (XSS prevention).
4. Encode outputs appropriately for the target context (HTML, SQL, JSON).
Output encoding practices cannot be verified via AWS APIs. Manual code review required.
1. HTML-encode GenAI outputs before rendering in web UIs.
2. Use parameterized queries when GenAI output is used in database operations.
3. JSON-encode outputs before embedding in JavaScript contexts.
4. Validate output length and format before passing to downstream APIs.
Found 0 Lambda function(s) whose names suggest schema/validation handling. Structured-output / JSON-schema validation of GenAI responses is an application-layer control that cannot be verified automatically — manual review required.
1. Use Bedrock structured output (response schemas) where supported.
2. Implement JSON schema validation on Lambda output processors.
3. Reject malformed outputs and return safe error responses.
4. Log schema validation failures to CloudWatch for monitoring.
Informational
N/A
333333333333
us-east-1
FS-59
No Guardrails — Topic Allowlist Not Applicable
No Bedrock Guardrails configured.
Configure guardrails with topic policies to restrict off-topic responses.
Informational
N/A
333333333333
us-east-1
FS-60
ADVISORY: Contextual Grounding for Off-Topic Prevention
Contextual grounding for off-topic prevention is covered by guardrail grounding checks (FS-47) and RAG configuration (FS-48). Additionally verify system prompts explicitly scope the assistant's role.
1. Include explicit scope instructions in system prompts.
2. Use Bedrock Guardrails relevance grounding filter.
3. Test with off-topic prompts in QA to verify rejection behavior.
Informational
N/A
333333333333
us-east-1
FS-61
COULD NOT ASSESS: Knowledge Base Sync Schedule Check
This check could not be completed (error: An error occurred (AccessDeniedException) when calling the ListSchedules operation: User: arn:aws:sts::333333333333:assumed-role/aiml-security-mgmt-FinServSecurityAssessmentFunctio-pwj9by1swQWa/aiml-security-aiml-security-mgmt-FinServAssessment is not authorized to perform: scheduler:ListSchedules on resource: arn:aws:scheduler:us-east-1:333333333333:schedule/*/* because no identity-based policy allows the scheduler:ListSchedules action). The most common cause is a missing IAM permission for the assessment role; it may also indicate an unsupported region or an outdated botocore. This control was NOT assessed — verify the role's permissions and re-run, and assess this control manually until resolved.
1. Confirm the assessment role grants the actions this check requires (see the documented IAM permission set in the README).
2. Confirm the service/feature is supported in the assessed region.
3. Ensure botocore meets the version floor in requirements.txt.
4. Re-run the assessment; assess this control manually until it succeeds.
Low
N/A
333333333333
us-east-1
FS-62
ADVISORY: Data Currency Disclaimer — Manual Review Required
Data currency disclaimers cannot be verified via AWS APIs. Manual review required.
1. Add data currency disclaimers to GenAI outputs: 'Information based on data current as of [KB last sync date].'
2. Expose KB last sync timestamp in application responses.
3. Alert users when KB data is older than defined threshold.
Informational
N/A
333333333333
us-east-1
FS-63
Foundation Model Lifecycle Management
No legacy models detected. 11 lifecycle-related Config rule(s) found.
No action required.
Medium
Passed
333333333333
us-east-1
FS-65
KB Data Source Buckets Missing S3 Event Notifications
The following KB data-source S3 buckets have no event notifications configured. Unauthorized document modifications will not be detected in real time:
- sat2-prowler-2025-prowlerfindingsbucket-wc1k0mza7lpk
1. Enable Amazon EventBridge notifications on each KB data-source S3 bucket.
2. Create an EventBridge rule to route s3:ObjectCreated, s3:ObjectRemoved, and s3:ObjectModified events to an SNS topic or Lambda for alerting.
3. Integrate alerts into your security incident response workflow.
Medium
Failed
333333333333
us-east-1
FS-66
No AgentCore Runtimes Found
No AgentCore runtimes found; identity propagation check not applicable.
If using AgentCore, configure token propagation so end-user identities are forwarded to tool services.
Informational
N/A
333333333333
us-east-1
FS-67
Agent Action-Group Lambdas May Lack Transaction Thresholds
The following agent action-group Lambda functions have no environment variables whose names suggest transaction-value threshold configuration (this is a best-effort heuristic — a threshold enforced in code or in an AgentCore Policy Engine rule would not be detected here, so treat this as a prompt for manual verification rather than a definitive gap). Without explicit limits, agents could initiate unbounded financial transactions:
- aiml-security-aiml-security-mgmt-FinServAssessment
- resco-aiml-BedrockAssessment
- resco-aiml-AgentCoreAssessment
- aiml-security-aiml-security-mgmt-AgentCoreAssessment
- aiml-security-aiml-security-mgmt-BedrockAssessment
1. Add transaction-value threshold environment variables (e.g., MAX_TRANSACTION_AMOUNT) to each agent action-group Lambda.
2. Implement threshold enforcement logic in the Lambda handler.
3. Configure AgentCore Policy Engine rules to cap financial transaction amounts.
4. Route transactions exceeding thresholds to a human-in-the-loop approval step.
High
Failed
333333333333
us-east-1
FS-68
API Gateway Request Body Size Limits — Not Applicable
No API Gateway REST APIs and no regional WAF Web ACLs were found in this region. There is no input-payload surface to assess for body-size limits.
If GenAI endpoints are fronted by API Gateway or WAF in another region, run the assessment there. Otherwise no action is required.
Informational
N/A
333333333333
us-east-1
FS-69
Prompt Input Validation Functions Present
Found 2 Lambda function(s) with input validation/sanitization naming patterns: aiml-security-aiml-security-mgmt-CleanupBucket, resco-aiml-CleanupBucket.
Review these functions to confirm they cover: special-character stripping, format validation, size limits, and injection-sequence detection.
Medium
Passed
333333333333
eu-west-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
333333333333
ap-southeast-2
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
222222222222
us-east-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in us-east-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
222222222222
eu-west-1
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in eu-west-1; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
222222222222
ap-southeast-2
FS-00
FinServ Regional Scope Not Applicable
No regional Bedrock, AgentCore, or SageMaker resources were found in ap-southeast-2; FinServ GenAI risk checks were not applied to this region.
No action required unless GenAI workloads are expected in this region.
Informational
N/A
Assessment Methodology
Severity Levels & Status Values
High
Direct security risk
Failed
Remediation needed
Medium
Defense-in-depth gap
Passed
Meets requirements
Low
Best practice
N/A
Not applicable
Informational
No action required
Remediation Guidance
High
7 days
Address immediately; block deployment if unresolved
Medium
30 days
Schedule in next sprint; may require change window
Low
90 days
Include in backlog; address during regular maintenance
Assessment Notes
Point-in-time: Security posture changes as resources are modified. Scope limited: Passed checks verify tested controls only. Context matters: Adjust severity for compliance requirements and environment type.