Amazon Bedrock Security and Privacy

With Amazon Bedrock, you have full control over the data you use to customize the foundation models for your generative AI applications. Your data is encrypted in transit and at rest. Additionally, you can create, manage, and control encryption keys using the AWS Key Management Service (AWS KMS). Identity-based policies provide further control over your data, helping you manage what actions users and roles can perform, on which resources, and under what conditions.

Amazon Bedrock helps ensure that your data stays under your control. When you tune a foundation model, we base it on a private copy of that model. This means your data is not shared with model providers, and is not used to improve the base models. You can use AWS PrivateLink to establish private connectivity from your Amazon Virtual Private Cloud (VPC) to Amazon Bedrock, without having to expose your VPC to internet traffic. Finally, Bedrock is in scope for common compliance standards including ISO, SOC, CSA STAR Level 2, is HIPAA eligible, and customers can use Bedrock in compliance with the GDPR. Amazon Bedrock is a FedRAMP High authorized service in the AWS GovCloud (US-West) Region.

Amazon Bedrock offers comprehensive monitoring and logging capabilities that can support your governance and audit requirements. You can use Amazon CloudWatch to track usage metrics and build customized dashboards with metrics that can be used for your audit purposes. You can also use AWS CloudTrail to monitor API activity and troubleshoot issues as you integrate other systems into your generative AI applications. You can also choose to store the metadata, requests, and responses in your Amazon Simple Storage Service (Amazon S3) bucket, as well as to Amazon CloudWatch Logs. Finally, to prevent potential misuse, Amazon Bedrock implements automated abuse detection mechanisms.