How can I secure my Bedrock usage so that only authorized applications or users can call it (for example, using IAM policies or endpoint restrictions)?

To secure AWS Bedrock so only authorized applications or users can access it, use AWS Identity and Access Management (IAM) policies, network controls, and resource restrictions. IAM policies let you define granular permissions for users, roles, or applications. Network controls like VPC endpoints and security groups limit access to specific IP ranges or private networks. Combining these methods ensures Bedrock APIs are only reachable by approved entities.

Start by creating IAM policies that restrict Bedrock actions (e.g., bedrock:InvokeModel) to specific roles or users. For example, attach a policy to a role that allows access only if the request comes from an approved application’s IP address. Use conditions in the policy, such as aws:SourceIp, to enforce IP-based restrictions. You can also scope permissions to specific Bedrock model IDs using Amazon Resource Names (ARNs). For cross-account access, use role assumption with sts:AssumeRole and require Multi-Factor Authentication (MFA) for added security. Regularly audit IAM policies with AWS Access Analyzer to identify unintended permissions.

Next, enforce network-level security. Configure a VPC endpoint for Bedrock to keep traffic within your AWS network, avoiding public internet exposure. Attach security groups to the endpoint to restrict inbound/outbound traffic to specific subnets or instances. Use AWS Web Application Firewall (WAF) to block malicious requests (e.g., SQL injection) or rate-limit excessive calls. For hybrid environments, set up AWS PrivateLink to allow secure access from on-premises systems via Direct Connect. Combine these with Service Control Policies (SCPs) in AWS Organizations to block Bedrock usage in unauthorized regions.

Finally, add monitoring and validation layers. Enable AWS CloudTrail to log Bedrock API calls and detect unauthorized access attempts. Use Amazon CloudWatch alarms to trigger alerts for unusual activity, like spikes in InvokeModel requests. Validate client applications by requiring signed API requests using AWS Signature Version 4. For applications running outside AWS, issue temporary credentials via AWS Security Token Service (STS) instead of long-term access keys. Implement resource tagging to categorize Bedrock usage by project or team, making it easier to audit and revoke access if needed. These steps create a layered defense, ensuring only authorized entities interact with Bedrock.