As organizations adopt AWS Bedrock for generative AI, maintaining governance, security, and efficiency becomes essential. Nirmata Control Hub enables teams to scan AWS Bedrock services and enforce compliance using declarative policies. By embedding policies directly into your workflows, you ensure that every model invocation, configuration, and custom model use is optimal, secure, and adheres to your organizational standards.

From Guidelines to Automation

AWS provides comprehensive security guidelines for Bedrock services, ensuring compliance and operational excellence. You can find these guidelines here. At Nirmata, we take these high-level security controls and translate them into actionable, declarative Kyverno policies.

While the AWS security guidelines serve as a foundation for maintaining robust cloud operations, Nirmata makes these guidelines practical and enforceable by converting them into policy-as-code that:

• Detects misconfigurations in AWS Bedrock services.
• Automate guardrails to ensure secure and efficient usage.
• Enable continuous compliance with minimal manual intervention.

For example, you can ensure that encrypted keys are used for custom models, sensitive data is filtered, and logging is always enabled for model invocations – all with declarative policies managed in Nirmata Control Hub.

Sample Nirmata Policy

Below is a Kyverno policy to check if a sensitive information policy is enabled for a Guardrail. This allows filtering of sensitive information (such as Personally Identifiable Information) from model prompts and responses. This is not only a configuration best practice but is also mandatory for compliance standards such as GDPR, HIPAA, SOC 2, and many others.

apiVersion: nirmata.io/v1alpha1
kind: ValidatingPolicy
metadata:
 name: check-sensitive-information
spec:
 failureAction: Enforce
 scan: true
 rules:
   - name: check-sensitive-information
     identifier: payload.name
     match:
       all:
       - (metadata.provider): AWS
       - (metadata.service): Bedrock
       - (metadata.resource): Guardrail
     assert:
       all:
       - message: >-
           Sensitive information (such as PII) policy should be enabled for a Guardrail
         check:
           payload:
             (sensitiveInformationPolicy != null): true

Monitor Compliance at Scale

Nirmata Control Hub provides a centralized dashboard for monitoring AWS Bedrock compliance. Teams can visualize policy violations, view detailed reports, and take corrective actions proactively.

By integrating Nirmata Control Hub into your workflows, you empower your teams to innovate confidently while staying aligned with organizational policies.

What’s Next?

Ready to enhance your AWS Bedrock governance with Nirmata Control Hub? Here’s how you can get started:

1. Sign Up for Free: Experience the power of Nirmata Control Hub with a free account and start scanning your cloud services today.
2. Talk to Us: Have questions or need tailored guidance? Reach out to our experts for a personalized demo or consultation.
3. Explore More: Beyond AWS Bedrock, Nirmata Control Hub can scan and govern a wide range of cloud services, ensuring security, compliance, and operational excellence across your entire cloud environment.

Take the next step towards secure and efficient cloud operations. Your policies, your control, your peace of mind – powered by Nirmata.