โ† Back to Dashboard
1. Model Access and Region Strategy2. Least-Privilege IAM for Bedrock

Least-Privilege IAM for Bedrock

๐Ÿ“š Access, Regions, and IAMโฑ 11 minโญ 65 XP

Identity Boundaries First

Use dedicated IAM roles for Bedrock callers and grant only the actions and model resources required.

{
  "Effect": "Allow",
  "Action": ["bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream"],
  "Resource": ["arn:aws:bedrock:us-east-1::foundation-model/*"]
}

Combine IAM with application-side allowlists so business logic cannot invoke unapproved models even if policy broadens later.

๐Ÿงช Knowledge Check
Press 1-4 to select1 of 2
What is the best IAM baseline for Bedrock workloads?
AdministratorAccess everywhere
Least privilege scoped to needed Bedrock actions and resources
No IAM, app only
Root user keys
Least-Privilege IAM for Bedrock Tutorial | Access, Regions, and IAM โ€” AWS Bedrock Academy