AWS Security Blog
Enforce zero data retention on Amazon Bedrock with Bedrock Projects and service control policies
With the introduction of models that require data sharing with third-party providers—such as Claude Fable 5—organizations need a way to centrally enforce data retention policies. Amazon Bedrock gives you control over whether your prompts and model outputs are retained after an inference request completes. You might need a way to enforce your retention settings across all accounts and have granular control of project data retention when compatible with the selected model.
In this blog post, I walk you through how Amazon Bedrock data retention modes work, the tools available for managing retention—including Amazon Bedrock Projects and service control policies (SCPs)—and how to verify your policy settings are working correctly.
In this post, you will learn:
- How Amazon Bedrock data retention modes work and what each mode means for your data
- How to use Amazon Bedrock Projects with compatible models to isolate workloads with different retention needs
- How to write and deploy an SCP that prevents anyone in your organization from enabling data sharing
- How data retention modes interact with cross-Region inference profiles
- How to verify your configuration is working correctly
Understanding data retention modes
You can use Amazon Bedrock to control data retention through a mode setting on your account. This determines what happens to your prompts and outputs after each inference request, which is important to understand as you assess your compliance needs. Not all models require data retention or data sharing, and you might continue to use Amazon Bedrock with models that don’t require data retention or data sharing. See the Amazon Bedrock documentation for the current list of models that require data retention or data sharing. Ultimately, it’s your responsibility as the customer to select models that align with your compliance needs.
Important Note: To help stop the dissemination of child sexual abuse material (“CSAM”), Amazon Bedrock uses automated mechanisms to identify CSAM in model input/output. We may store and review flagged content to determine if it is CSAM for reporting purposes, even when mode is none.
The following modes govern how Amazon Bedrock handles your data:
| Mode | Behavior | Data shared with provider |
none |
Zero data retention. Prompts and responses are processed and immediately discarded. | No |
default |
No data is shared with model providers. Some models might require data retention for trust and safety checks for up to 30 days. Consult the model’s terms for specifics. This mode also allows APIs that inherently require retention (for example, Batch API, Responses API with store=true). Models that support zero retention will still operate with zero retention. | No |
inherit |
No explicit setting applied, defers to the next higher scope (project defers to account defers to service default). This is the default for new accounts. | No |
provider_data_share |
Data is shared with the model provider and retained for up to 30 days for trust and safety. | Yes |
Understanding mode as a ceiling, not a floor
The most important concept to understand: your configured mode is the upper limit of retention you’re willing to accept; it is not what every request will use. Setting your account to provider_data_share doesn’t mean all your requests suddenly start retaining and sharing data. Models that support zero data retention will still operate with zero retention regardless of your account-level setting.
Think of it as a permissions ceiling:
| Your account mode | Model you invoke | What happens |
provider_data_share |
Claude Sonnet (supports none) | Zero retention, Sonnet doesn’t require data sharing or data retention |
provider_data_share |
Claude Fable 5 (requires provider_data_share) |
Data retained for up to 30 days and might be shared with provider, Fable 5 requires data sharing and data retention |
none |
Claude Sonnet (supports none) |
Zero retention, no data sharing |
none |
Claude Fable 5 (requires provider_data_share) |
Blocked, your ceiling is below what the model requires, calls to this model will be denied |
default |
Claude Sonnet (supports none) |
Zero retention, Sonnet supports it, no data retention or data sharing |
default |
A model requiring retention for safety checks | Data is retained, model requires it and your ceiling allows it |
Key takeaway: Your mode setting declares the maximum level of data retention you will accept. Models that support zero retention will continue to operate that way regardless of your account setting. Amazon Bedrock is designed so that you do not get more retention than necessary just because your account mode allows it.
Important:
provider_data_shareisn’t inherited from a model—it’s an explicit opt-in at the account or project level. If your account is set to inherit or default, no model will trigger provider data sharing unless you configure it within your account or project.
Note on inherit behavior: The inherit mode defers to the next scope up in the hierarchy (project defers to account defers to service default). If a project is set to inherit and the account above it is set to provider_data_share, the project will inherit provider_data_share. You will not inherit provider_data_share from a model—that requires an explicit setting at the account or project level.
Note on APIs that require retention: Some Amazon Bedrock APIs require data retention to function regardless of model support, for example, the Batch API and the Responses API with store=true. Setting your mode to none will block these APIs. This is expected behavior: your ceiling of none means you require no retention, so APIs that can’t operate without retention are unavailable.
Why does provider_data_share exist?
Some foundation models require the provider_data_share mode to function. As AI models evolve, so must the mechanism to protect customers and the safety of their use. Models that require provider_data_share have allowed_modes: ["provider_data_share"], meaning they will appear as unavailable unless the account has explicitly opted in. This is by design: AWS requires you to make a conscious decision to share data before you as a customer can use these models. See the current list of models available through Amazon Bedrock and their retention requirements, which can change as new models are released.
If your regulatory requirements, internal policies, or customer commitments prohibit data sharing with third-party model providers, you can enforce this at multiple levels. Amazon Bedrock provides several tools for managing data retention, from fine-grained project-level settings to organization-wide enforcement.
Tools for managing data retention
Amazon Bedrock gives you multiple layers of control over data retention. You can use them independently or combine them for defense-in-depth:
| Tool | Scope | Use case |
| Amazon Bedrock console | Per-account, per-AWS Region | Quick configuration and visibility; view and change your retention mode directly in the AWS Management Console. |
| Amazon Bedrock Projects | Per-project within an account | Isolate workloads with different retention needs within the same account for compatible models |
| SCPs | Organization-wide | Use to prevent any account from opting in to data sharing |
| IAM policies | Per-account or per-principal | Fine-grained control, including the management account (which SCPs don’t cover) |
Using Amazon Bedrock Projects for granular control
Not every workload in an account has the same data retention requirements. If you’re using the bedrock-mantle endpoint (OpenAI-compatible APIs), you can use Amazon Bedrock Projects to isolate traffic that can accept data retention from traffic that must not be retained—even within the same account.
For example, you might have:
- A research project where your team needs access to the latest models (including those requiring
provider_data_share) for experimentation - A production project handling customer data where zero retention is mandatory
With Amazon Bedrock Projects, you can set provider_data_share on the research project while keeping the production project locked to none. Each project enforces its own retention ceiling independently.
How project-level retention works:
- Each project can have its own data retention mode setting.
- A project set to
inheritwill inherit its mode from the account level. - A project set to
noneenforces zero retention regardless of the account setting. Traffic routed through that project can’t trigger data sharing. - A project set to
provider_data_shareallows models requiring data sharing, but only for requests within that project.
This gives organizations the flexibility to adopt new models incrementally while maintaining strict data governance on sensitive workloads. You can manage project settings using the Amazon Bedrock console or the bedrock-mantle API.
Important: Amazon Bedrock Projects are only available on the
bedrock-mantleendpoint. They work with models accessed using the OpenAI-compatible APIs (Responses,Chat Completions) and the Anthropic Messages API on the mantle endpoint. Not all models are available onbedrock-mantle; check the endpoint availability by models page for current support.
Workload isolation on the bedrock-runtime endpoint
If you’re using the bedrock-runtime endpoint (Invoke, Converse APIs), project-level data retention isn’t available. The account-level retention mode applies to all requests made through bedrock-runtime.
To achieve workload-level isolation on bedrock-runtime, use separate AWS accounts:
- Place workloads that need
provider_data_sharein one account (or OU) without the SCP - Place workloads that require zero retention in a separate account (or OU) with the SCP applied
You can use AWS Organizations OUs to group accounts by retention policy and apply SCPs selectively:
Combining projects with SCPs: If you use an SCP to enforce none at the organization level, it overrides all project-level settings on bedrock-mantle. For accounts where you want project-level flexibility, don’t apply the SCP—use project-level isolation instead. For accounts that must never have data sharing under any circumstances, the SCP provides an unbypassable guarantee across both endpoints.
Using SCPs for organization-wide enforcement
For organizations that need an absolute guarantee that no account can enable data sharing—regardless of who has admin access or which endpoint they use—SCPs provide the strongest enforcement mechanism. SCPs apply to both the Amazon Bedrock control plane (bedrock:PutAccountDataRetention) and the mantle endpoint (bedrock-mantle:PutAccountDataRetention, bedrock-mantle:CreateProject, bedrock-mantle:UpdateProject).
Enforcing zero data retention with an SCP
In this section, I cover how you can use SCPs to manage your data retention policy. I introduce what an SCP is and provide some policies that you can use in your organization.
What is an SCP?
A service control policy (SCP) is a guardrail set at the organization level. It overrides every principal in the organization, including account administrators and root users. Even if someone has full admin permissions, an SCP deny can’t be overridden by an AWS Identity and Access Management (IAM) policy.
SCPs are managed in AWS Organizations and can be attached at different levels:
- Root – Applies to every account in the organization
- Organizational unit (OU) – Applies to all accounts in that OU
- Individual account – Applies only to that specific account
Important: The SCP must be attached to the root OU to cover all accounts. If attached to a child OU, accounts outside that OU will not be protected. Organization admin accounts don’t inherit SCP controls.
The SCP policy
The following policy prevents anyone in the organization from changing the Amazon Bedrock data retention mode to anything other than none.
Important: New accounts default to
inherit(notnone). Before attaching this SCP, you must explicitly set each account tonone. Start by running the following in each account:
aws bedrock put-account-data-retention --region us-east-1 --mode noneIf you have hundreds, or thousands of AWS accounts, you will need a way to scale this. See the AWS re:Post article Automate Bedrock Zero Data Retention Across All Accounts in Your Organization to learn how.
Amazon Bedrock policy:
This policy is used to restrict data retention to only be set to none. Any other value than none will be denied.
How it works
The Condition block uses StringNotEquals, meaning the deny fires for any value that isn’t none. This ensures:
| Action | Result |
Setting mode to none |
Allowed |
Setting mode to provider_data_share |
Denied by SCP |
Setting mode to default |
Denied by SCP |
Setting mode to inherit |
Denied by SCP |
With all the preceding in place you might be wondering what this means for your organization:
- No one can enable data sharing with model providers – Even account administrators receive
Access Denied - Models requiring
provider_data_sharebecome permanently unavailable – Models that require data sharing (such as Claude Fable 5 and Claude Mythos 5, among others) will not work across the organization - All other models continue to work normally – Models that support
nonemode are unaffected - The setting cannot be bypassed – no IAM policy can override an SCP
deny
Optional: Block project-level overrides
The bedrock-mantle endpoint supports project-level data retention settings. Without additional SCP coverage, someone could create or update a project with provider_data_share, bypassing the account-level restriction. To prevent this, extend your SCP to include the bedrock-mantle project actions:
Why doesn’t bedrock-runtime need project-level blocking? Projects don’t exist on the bedrock-runtime endpoint. The only way to change retention for bedrock-runtime traffic is the account-level bedrock:PutAccountDataRetention action, which the base SCP already blocks. The extra CreateProject and UpdateProject actions are only needed because bedrock-mantle allows per-project retention overrides; the project level control iisn’t required on bedrock-runtime.
Data retention and cross-Region inference
When using cross-Region inference profiles, it’s important to understand how data retention mode is evaluated: the mode is evaluated in the source AWS Region of your request, the Region where you make the API call. You don’t need to set the retention mode in every destination Region.
However, there’s an important caveat: while the mode check happens in your source Region, the data itself might be retained in the destination Region where the inference is processed. This is relevant for organizations tracking where retained data resides geographically.
What this means in practice
The following describes how this work in practice with data retention and inference.
- If your source Region (for example, us-east-1) is set to
provider_data_share, requests using a cross-Region inference profile will be permitted, regardless of the retention setting in the destination Region - If your source Region is set to
none, requests to models requiringprovider_data_sharewill be blocked at the source, before the request is ever routed to a destination Region - SCPs continue to apply globally, a single SCP at the root OU blocks
provider_data_sharein every Region automatically
SCPs are global
While data retention settings are helpful for granular control of data retention settings itself, SCPs can be used to apply data retention settings globally across all Regions automatically. A single SCP attached to the root OU blocks provider_data_share in every Region without needing to configure anything per-region. This is one of the key advantages of using an SCP for enforcement rather than relying on manual configuration.
Verify your configuration
You can verify your data retention settings and SCP enforcement using the AWS Software Development Kit, AWS Command Line Interface (AWS CLI), or the Amazon Bedrock console.
Check your current retention mode
The following provides are options that you can use for checking your current retention mode.
Using the Amazon Bedrock console:
In the AWS Management Console, go to Amazon Bedrock and choose Settings, and then choose Data retention. Here, you can see the current account-level retention mode and change it directly.
Using the AWS CLI (requires CLI version 2.35+):
Expected response:
Using the bedrock-mantle API (using a Bedrock API key):
Expected response:
Check a model’s effective mode and allowed modes
You can also use the bedrock-mantle API to check what retention mode is in effect for a specific model, and which modes that model supports:
Response:
If the model shows "status": "unavailable", the status_reason field will explain the retention mode conflict.
Verify the SCP is working
To confirm your SCP is actively blocking data retention changes, attempt to set the mode to provider_data_share:
Using AWS CLI:
Using bedrock-mantle API:
If the SCP is working, you’ll receive an Access Denied error:
If the SCP is not working, the request will succeed. If this happens, immediately revert:
Then troubleshoot your SCP attachment:
- Verify the SCP is attached to the root OU, not a child OU
- Check the SCP policy syntax and condition keys
- Remember: the AWS Organizations management account is exempt from SCPs—use an IAM policy to enforce policies on that account
Enable data retention for models that require it
For accounts where you want to use models requiring provider_data_share (accounts where the SCP isn’t applied), set the mode using AWS CLI, the API, or the console:
Using AWS CLI:
Using bedrock-mantle API:
You can also do this in the Bedrock console in Data retention , under Settings.
Reset data retention back to none
To revert to zero data retention:
Using AWS CLI:
Using bedrock-mantle API:
Manage project-level data retention
You can set data retention at the project level to allow different workloads within the same account to have different retention policies. Update a project’s data retention mode using the bedrock-mantle API:
How project-level retention resolves: The effective mode for any request is determined by taking the first non-inherit value in the project, account, model default hierarchy. If your project is set to none, it enforces zero retention regardless of the account setting. If your project is set to inherit, it defers to the account-level setting.
Note: Project-level data retention is managed exclusively through the
bedrock-mantleAPI. There is no AWS CLI command for project-level settings. The preceding AWS CLI commands only manage the account-level setting through the Amazon Bedrock control plane.
Conclusion
In this post, I showed you the various methods for managing data retention within Amazon Bedrock, including project-level data retention and organization wide control you can implement using SCPs. Choose the combination that matches your requirements and consult the Amazon Bedrock documentation to confirm each model’s mode requirements before deployment.
For more information about Amazon Bedrock data retention, see the data retention documentation. For SCPs, see service control policies in the AWS Organizations User Guide.
Additional resources
- Amazon Bedrock data retention – Full documentation on retention modes, configuration, and IAM enforcement
- Cross-Region inference profiles – Understanding how inference routes across AWS Regions
- Amazon Bedrock abuse detection – What data is retained for safety purposes
- Fallback credit for refused requests – How billing works when Fable 5 falls back to Opus 4.8
- Claude Fable 5 and Mythos 5 announcement – Anthropic’s explanation of the new data retention policy
- Anthropic Data Processing Addendum – Legal terms governing data shared with Anthropic
- Service control policies (SCPs) – AWS Organizations documentation
Try the examples in this post and send feedback to AWS re:Post for Amazon Bedrock or through your usual AWS Support contacts.