|
7 | 7 | - [Security Controls](#security-controls) |
8 | 8 | - [JSON Parameters](#json-parameters) |
9 | 9 | - [References](#references) |
| 10 | +- [Related Security Control Solutions](#related-security-control-solutions) |
10 | 11 |
|
11 | 12 | --- |
12 | 13 |
|
@@ -460,3 +461,32 @@ This section explains the parameters in the CloudFormation template that require |
460 | 461 | - [CloudWatch Metrics and Alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html) |
461 | 462 | - [AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html) |
462 | 463 | - [AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) |
| 464 | + |
| 465 | +## Related Security Control Solutions |
| 466 | + |
| 467 | +This solution works in conjunction with other AWS SRA solutions to provide comprehensive security controls for Bedrock GenAI environments: |
| 468 | + |
| 469 | +### Amazon Bedrock Guardrails Solution |
| 470 | +The [SRA Bedrock Guardrails solution](../../genai/bedrock_guardrails/README.md) provides automated deployment of Amazon Bedrock Guardrails across your organization. It supports: |
| 471 | + |
| 472 | +- **Content Filters**: Block harmful content in inputs/outputs based on predefined categories (Hate, Insults, Sexual, Violence, Misconduct, Prompt Attack) |
| 473 | +- **Denied Topics**: Define and block undesirable topics |
| 474 | +- **Word Filters**: Block specific words, phrases, and profanity |
| 475 | +- **Sensitive Information Filters**: Block or mask PII and sensitive data |
| 476 | +- **Contextual Grounding**: Detect and filter hallucinations based on source grounding |
| 477 | + |
| 478 | +The solution uses KMS encryption for enhanced security and requires proper IAM role configurations for users who need to invoke or manage guardrails. |
| 479 | + |
| 480 | +### GuardDuty Malware Protection for S3 |
| 481 | +The [SRA GuardDuty Malware Protection solution](../../guardduty/guardduty_malware_protection_for_s3/README.md) helps protect S3 buckets used in your Bedrock environment from malware. This is particularly important for: |
| 482 | + |
| 483 | +- Model evaluation job buckets |
| 484 | +- Knowledge base data ingestion buckets |
| 485 | +- Model invocation logging buckets |
| 486 | + |
| 487 | +The solution enables GuardDuty's malware scanning capabilities to detect malicious files that could be used in prompt injection attacks or compromise your GenAI applications. |
| 488 | + |
| 489 | +These complementary solutions work together to provide defense-in-depth for your Bedrock GenAI environment: |
| 490 | +- This solution (SRA Bedrock Org) provides organizational security controls and monitoring |
| 491 | +- Bedrock Guardrails solution provides content and data security controls |
| 492 | +- GuardDuty Malware Protection ensures S3 bucket security against malware threats |
0 commit comments