Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Amazon Bedrock Service Role Policy Too Permissive

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the policies attached to your Amazon Bedrock service roles are not too permissive. To adhere to Identity and Access Management (IAM) best practices, the policies configured for your Bedrock service roles should implement the Principle of Least Privilege (POLP). This principle mandates granting only the minimum necessary permissions to each identity, process, or system.

Security

Protecting your Amazon Bedrock resources requires meticulous management of service role permissions. Granting only necessary access significantly reduces the risk of unauthorized data exposure and breaches.

AWS employs IAM service roles for various Bedrock resources, including agents, knowledge bases, prompt flows, model customization jobs, and Bedrock Studio workspaces. These roles enable Amazon Bedrock to carry out tasks on your behalf. As an example, the Audit and Remediation steps outlined on this KB page utilize service roles associated with Amazon Bedrock agents.

Audit

Case A: To determine if the identity-based policies (both managed and inline policies) attached to your Amazon Bedrock service roles are too permissive, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Builder tools, select Agents.

04 In the Agents section, click on the name (link) of the agent that you want to examine, available in the Name column.

05 In the Agent overview section, click on the ARN (link) of the IAM service role associated with the selected agent, listed under Permissions.

06 Select the Permissions tab to access the identity-based policies attached to the Amazon Bedrock service role.

07 In the Permissions policies section, click on the Expand button (i.e. plus icon) available next to each managed/inline policy to display the policy document in JSON format, then perform the following actions:

  1. Identify the "Action" element defined for each statement and check the element value. If the "Action" element value is set to "*", all the supported actions can be performed by the cloud resource(s) defined within the policy statement, therefore, the selected IAM policy is too permissive.
  2. Find the "Action" element defined for each policy statement and check the element value. If the "Action" value is set to "iam:*", all the Identity and Access Management (IAM) actions can be performed by the resource(s) defined within the policy statement (i.e. full access to Amazon IAM), therefore, the selected IAM policy is too permissive.
  3. Identify the "Action" and "Resource" elements defined for each policy statement, and check their values. If the "Action" element value contains "iam:PassRole" and the "Resource" element value is set to "*" or ends with a wildcard character (*), the policy allows the role to pass other IAM role(s) to the associated resource, therefore, the selected IAM policy is too permissive.
  4. The "NotAction" policy element used in combination with "Effect": "Allow" often provides more privileges than desired. Search for "NonAction" elements defined within the selected policy document. If the document contains one or more "NonAction" elements used in combination with "Effect": "Allow", the selected IAM policy is too permissive.

08 Repeat steps no. 4 - 7 for each Bedrock agent available within the current AWS region.

09 Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

01 Run list-agents command (OSX/Linux/UNIX) to list the identifier (ID) of each Amazon Bedrock agent available in the selected AWS cloud region: 

aws bedrock-agent list-agents
  --region us-east-1
  --query 'agentSummaries[*].agentId'

02 The command output should return the requested agent identifiers (IDs): 

[
	"ABCDACBDAB",
	"ABCABCABCA"
]

03 Run get-agent command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock agent that you want to examine as the identifier parameter and custom output filters to describe the Amazon Resource Name (ARN) of the IAM service role attached to the selected agent: 

aws bedrock-agent get-agent
  --region us-east-1
  --agent-id ABCDACBDAB
  --query 'agent.agentResourceRoleArn'

04 The command output should return the ARN of the associated IAM service role: 

"arn:aws:iam::123456789012:role/service-role/tm-bedrock-srv-role"

05 Run list-attached-role-policies command (OSX/Linux/UNIX) using the name of the Amazon Bedrock service role that you want to examine as the identifier parameter and custom output filters to list the Amazon Resource Name (ARN) of each managed policy attached to the selected service role: 

aws iam list-attached-role-policies
  --role-name tm-bedrock-srv-role
  --query 'AttachedPolicies[*].PolicyArn'

06 The command output should return the ARN of each managed policy attached to the selected role: 

[
	"arn:aws:iam::123456789012:policy/tm-bedrock-managed-policy"
]

07 Run get-policy-version command (OSX/Linux/UNIX) using the ARN of the IAM managed policy that you want to examine as the identifier parameter and custom filtering to describe the policy document (JSON format) defined for the selected policy version: 

aws iam get-policy-version
  --policy-arn arn:aws:iam::123456789012:policy/tm-bedrock-managed-policy
  --version-id v1
  --query 'PolicyVersion.Document'

08 The command output should return the requested IAM policy document: 

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": "*",
			"Resource": "*",
			"Effect": "Allow"
		}
	]
}

09 Analyze the get-policy-version command output by performing the following actions:

  1. Identify the "Action" element defined for each policy statement and check the element value. If the "Action" element value is set to "*", all the supported actions can be performed by the cloud resource(s) defined within the policy statement, therefore, the selected Amazon IAM managed policy is too permissive.
  2. Find the "Action" element defined for each statement and check the element value. If the "Action" value is set to "iam:*", all the Identity and Access Management (IAM) actions can be performed by the resource(s) defined within the policy statement (i.e. full access to Amazon IAM service), therefore, the selected IAM managed policy is too permissive.
  3. Identify the "Action" and "Resource" elements defined for each statement and check their values. If the "Action" element value contains "iam:PassRole" and the "Resource" element value is set to "*" or ends with a wildcard character (*), the policy allows the role to pass other IAM role(s) to the associated resource, therefore, the selected IAM policy is too permissive.
  4. The "NotAction" policy element used in combination with "Effect": "Allow" often provides more privileges than desired. Search for "NonAction" elements defined in the selected policy document. If the document contains one or more "NonAction" elements used in combination with "Effect": "Allow", the selected IAM managed policy is too permissive.

10 Repeat steps no. 7 – 9 to verify permissions for other managed policies attached to the selected IAM role.

11 Run list-role-policies command (OSX/Linux/UNIX) using the name of the Amazon Bedrock service role that you want to examine as the identifier parameter and custom output filtering to describe the name of each inline policy attached to the selected IAM role: 

aws iam list-role-policies
  --role-name tm-bedrock-srv-role
  --query 'PolicyNames'

12 The command output should return the name of each inline policy associated with the selected role: 

[
	"tm-bedrock-inline-policy"
]

13 Run get-role-policy command (OSX/Linux/UNIX) using the name of the IAM inline policy that you want to examine as the identifier parameter, to describe the policy document (JSON format) defined for the selected inline policy: 

aws iam get-role-policy
  --role-name tm-bedrock-srv-role
  --policy-name tm-bedrock-inline-policy
  --query 'PolicyDocument'

14 The command output should return the requested inline policy document: 

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"*"
			],
			"Resource": [
				"*"
			],
			"Effect": "Allow",
			"Sid": "FullAccess"
		}
	]
}

15 Perform the following actions for the get-role-policy command output:

  1. Identify the "Action" element defined for each policy statement and check the element value. If the "Action" element value is set to "*", all the supported actions can be performed by the cloud resource(s) defined within the policy statement, therefore, the selected Amazon IAM inline policy is too permissive.
  2. Find the "Action" element defined for each statement and check the element value. If the "Action" value is set to "iam:*", all the Identity and Access Management (IAM) actions can be performed by the resource(s) defined within the policy statement (i.e. full access to Amazon IAM service), therefore, the selected IAM inline policy is too permissive.
  3. Identify the "Action" and "Resource" elements defined for each statement and check their values. If the "Action" element value contains "iam:PassRole" and the "Resource" element value is set to "*" or ends with a wildcard character (*), the policy allows the role to pass other IAM role(s) to the associated resource, therefore, the selected IAM policy is too permissive.
  4. The "NotAction" policy element used in combination with "Effect": "Allow" often provides more privileges than desired. Search for "NonAction" elements defined within the selected policy document. If the document contains one or more "NonAction" elements used in combination with "Effect": "Allow", the selected IAM inline policy is too permissive.

16 Repeat steps no. 13 – 15 to check permissions for other inline policies embedded within the selected IAM role.

17 Repeat steps no. 3 - 16 for each Amazon Bedrock agent available in the selected AWS region.

18 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 17 to perform the Audit process for other regions.

Audit

Case B: To determine if the trust relationship policies configured for your Amazon Bedrock service roles allow "sts:AssumeRole" from anyone, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Builder tools, select Agents.

04 In the Agents section, click on the name (link) of the agent that you want to examine, available in the Name column.

05 In the Agent overview section, click on the ARN (link) of the IAM service role associated with the selected agent, listed under Permissions.

06 Select the Trust relationships tab to access the trust relationship policy configured for the selected IAM role.

07 In the Trusted entities section, identify the "Action" and "Principal" elements and their values. If the "Action" element value is set to "sts:AssumeRole" and the "Principal" element value is set to { "AWS": "*" }, anyone (any IAM entity) can assume the IAM role, therefore, the trust relationship policy configured for the selected IAM service role is too permissive.

08 Repeat steps no. 4 - 7 for each Bedrock agent available within the current AWS region.

09 Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

01 Run list-agents command (OSX/Linux/UNIX) to list the identifier (ID) of each Amazon Bedrock agent available in the selected AWS cloud region: 

aws bedrock-agent list-agents
  --region us-east-1
  --query 'agentSummaries[*].agentId'

02 The command output should return the requested agent identifiers (IDs): 

[
	"ABCDACBDAB",
	"ABCABCABCA"
]

03 Run get-agent command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock agent that you want to examine as the identifier parameter and custom output filters to describe the Amazon Resource Name (ARN) of the IAM service role attached to the selected agent: 

aws bedrock-agent get-agent
  --region us-east-1
  --agent-id ABCDACBDAB
  --query 'agent.agentResourceRoleArn'

04 The command output should return the ARN of the associated IAM service role: 

"arn:aws:iam::123456789012:role/service-role/tm-bedrock-srv-role"

05 Run get-role command (OSX/Linux/UNIX) using the name of the Amazon Bedrock service role that you want to examine as the identifier parameter and custom output filters to describe the trust relationship policy configured for the selected IAM role: 

aws iam get-role
  --role-name tm-bedrock-srv-role
  --query 'Role.AssumeRolePolicyDocument'

06 The command output should return the requested trust relationship policy: 

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": "sts:AssumeRole",
			"Effect": "Allow",
			"Principal": {
				"AWS": "*"
			}
		}
	]
}

Identify the "Action" and "Principal" elements values within the policy document returned by the get-role command output. If the "Action" element value is set to "sts:AssumeRole" and the "Principal" element value is set to { "AWS": "*" }, anyone can assume the IAM role, therefore, the trust relationship policy configured for the selected IAM service role is too permissive.

07 Repeat steps no. 3 - 6 for each Amazon Bedrock agent available in the selected AWS region.

08 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 7 to perform the Audit process for other regions.

Remediation / Resolution

Case A: To update your Amazon Bedrock service role permissions through IAM policies in order to implement the Principle of Least Privilege (POLP), perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Builder tools, select Agents.

04 In the Agents section, click on the name (link) of the agent that you want to configure, available in the Name column.

05 In the Agent overview section, click on the ARN (link) of the IAM service role associated with the selected agent, listed under Permissions.

06 Select the Permissions tab to access the identity-based policies attached to the Amazon Bedrock service role.

07 In the Permissions policies section, perform the following actions based on the policy type:

  1. For managed IAM policies (AWS-managed and customer-managed policies):
    1. Select the overly permissive policy that you want to detach from your IAM service role and choose Remove.
    2. Inside the confirmation box, choose Remove to detach the selected policy.
    3. Choose Add permissions and select Attach policies to attach managed IAM policies to your service role. Select one or more IAM policies from the Other permissions policies list based on your role access requirements. Follow the Principle of Least Privilege (the security concept of providing every identity the minimal set of permissions required to successfully perform its tasks) when selecting the managed policies to attach to your IAM service role. Choose Add permissions to confirm the attachment.
  2. For inline IAM policies:
    1. Select the overly permissive inline policy embedded within your service role and choose Remove.
    2. Inside the confirmation box, enter the inline policy name in the text input field, then choose Delete to remove the selected policy.
    3. Choose Add permissions and select Create inline policy to create a new inline policy for your service role. Select the JSON tab and configure the policy document according to your IAM role access requirements. Follow the Principle of Least Privilege (POLP) when creating the new inline policy for your IAM role. For example, set the "Action" element value to specific actions such as "bedrock:InvokeModel" (invokes the Bedrock model to run inference) and "bedrock:ApplyGuardrail" (apply a guardrail to the agent). Choose Next, provide a meaningful name to identify the new policy, then choose Create policy to save your inline policy.

08 Repeat steps no. 4 - 7 for each Bedrock agent that you want to configure, available within the current AWS region.

09 Change the AWS cloud region from the navigation bar to repeat the Remediation process for other regions.

Using AWS CLI

01 Define the new identity–based policy that will replace the overly permissive policy associated with your IAM service role, and save the policy document to a JSON file named tm-iam-role-policy.json. You can update the existing, overly permissive policies, with the appropriate permissions, or you can use the AWS Policy Generator available at https://awspolicygen.s3.amazonaws.com/policygen.html to build custom policies for your IAM roles. To adhere to IAM security best practices, the new identity-based IAM policy should implement the Principle of Least Privilege (POLP) and provide the minimal set of permissions required to perform successfully the desired tasks. For example, the following IAM policy grants permissions to apply an Amazon Bedrock guardrail to the associated Bedrock resource: 

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AmazonBedrockAgentBedrockApplyGuardrailPolicy",
			"Effect": "Allow",
			"Action": "bedrock:ApplyGuardrail",
			"Resource": [
				"arn:aws:bedrock:us-east-1:123456789012:guardrail/abcd1234abcd1234"
			]
		}
	]
}

02 Depending on whether you need to update a managed IAM policy or an inline IAM policy, execute one of the following sets of commands:

  1. If the policy attached to your service role is a managed policy, run create-policy-version command (OSX/Linux/UNIX) using the policy document created at the previous step (i.e. tm-iam-role-policy.json) to create a new and compliant version of the attached managed policy. The following command request example creates a new version of an IAM managed policy identified by the ARN "arn:aws:iam::123456789012:policy/tm-bedrock-managed-policy" and makes it the default version: 
    aws iam create-policy-version
  --policy-arn arn:aws:iam::123456789012:policy/tm-bedrock-managed-policy
  --policy-document file://tm-iam-role-policy.json
  --set-as-default
  2. The command output should return the information available for the new managed policy version: 
    {
	"PolicyVersion": {
		"CreateDate": "2024-07-15T10:00:00Z",
		"VersionId": "v2",
		"IsDefaultVersion": true
	}
}
  3. If the policy associated with your Amazon IAM role is an inline policy, run put-role-policy command (OSX/Linux/UNIX) using the policy document created at the previous step (i.e. tm-iam-role-policy.json) to update the permissions of the selected inline policy. The following command request example updates an inline IAM policy named "tm-bedrock-inline-policy" (the command does not produce an output): 
    aws iam put-role-policy
  --role-name tm-bedrock-srv-role
  --policy-name tm-bedrock-inline-policy
  --policy-document file://tm-iam-role-policy.json

03 Repeat steps no. 1 and 2 to change permissions for other overly permissive IAM policies associated with the selected IAM service role.

04 Repeat steps no. 1 - 3 for each Bedrock agent that you want to configure, available in the selected AWS region.

05 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 4 to perform the Remediation process for other regions.

Remediation / Resolution

Case B: To update the trust relationship policies configured for your Amazon Bedrock service roles in order to implement the Principle of Least Privilege (POLP), perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Builder tools, select Agents.

04 In the Agents section, click on the name (link) of the agent that you want to configure, available in the Name column.

05 In the Agent overview section, click on the ARN (link) of the IAM service role associated with the selected agent, listed under Permissions.

06 Select the Trust relationships tab and choose Edit trust policy to edit the trust relationship policy configured for the selected IAM role.

07 In the Edit trust policy section, replace the "Principal" element value with an AWS trusted entity such as the Amazon Bedrock service (i.e. "Service": "bedrock.amazonaws.com"), then choose Update policy to apply the changes. The specified AWS entity will assume the selected role.

08 Repeat steps no. 4 - 7 for each Bedrock agent that you want to configure, available within the current AWS region.

09 Change the AWS cloud region from the navigation bar to repeat the Remediation process for other regions.

Using AWS CLI

01 Modify the associated trust relationship policy and replace the "Principal" element value with an AWS trusted entity that can assume the selected IAM role, such as the Amazon Bedrock service, then save the policy document to a JSON file named tm-trust-policy.json. The following policy example describes a trust relationship policy that allows the Amazon Bedrock service to assume the IAM role. Replace \<aws-account-id\> and \<aws-region\> with your own information: 

{
	"Version": "2012-10-17",
	"Statement": [{
		"Effect": "Allow",
		"Principal": {
			"Service": "bedrock.amazonaws.com"
		},
		"Action": "sts:AssumeRole",
		"Condition": {
			"StringEquals": {
				"aws:SourceAccount": "<aws-account-id>"
			},
			"ArnLike": {
				"AWS:SourceArn": "arn:aws:bedrock:<aws-region>:<aws-account-id>:agent/*"
			}
		}
	}]
}

02 Run update-assume-role-policy command (OSX/Linux/UNIX) using the name of the Amazon Bedrock service role that you want to configure as the identifier parameter, to update the trust relationship policy configured for the selected IAM role with the policy defined at the previous step (i.e. tm-trust-policy.json): 

aws iam update-assume-role-policy
  --role-name tm-bedrock-srv-role
  --policy-document file://tm-trust-policy.json

03 Repeat steps no. 1 and 2 for each Bedrock agent that you want to configure, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 3 to perform the Remediation process for other regions.

References

Publication date Jul 24, 2024

Related Bedrock rules