โ Back to Dashboard
1. Model Access and Region Strategy2. Least-Privilege IAM for Bedrock
Least-Privilege IAM for Bedrock
๐ Access, Regions, and IAMโฑ 11 minโญ 65 XP
Identity Boundaries First
Use dedicated IAM roles for Bedrock callers and grant only the actions and model resources required.
{
"Effect": "Allow",
"Action": ["bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream"],
"Resource": ["arn:aws:bedrock:us-east-1::foundation-model/*"]
}
Combine IAM with application-side allowlists so business logic cannot invoke unapproved models even if policy broadens later.
๐งช Knowledge CheckPress 1-4 to select1 of 2
What is the best IAM baseline for Bedrock workloads?
AdministratorAccess everywhere
Least privilege scoped to needed Bedrock actions and resources
No IAM, app only
Root user keys