Bedrock Knowledge Base write access should be condition-scoped in IAM role inline policies
Description
This control checks whether your IAM role inline policies for write access to Bedrock Knowledge Base (KB) sources include appropriate security conditions to restrict access. Without these conditions, principals could inadvertently gain excessive permissions, leading to KB poisoning risks.
The control fails if the policy allows any write actions without a condition providing additional security context:
- Actions containing:
bedrock:createknowledgebase
bedrock:updateknowledgebase
bedrock:deleteknowledgebase
bedrock:ingestknowledgebasedocuments
bedrock:associateagentknowledgebase
bedrock:disassociateagentknowledgebase
bedrock:deleteknowledgebasedocuments
bedrock:createagent
bedrock:updateagent
bedrock:deleteagent
bedrock:createprompt
bedrock:updateprompt
bedrock:deleteprompt
bedrock:createdatasource
bedrock:updatedatasource
bedrock:deletedatasource
bedrock:createflow
bedrock:updateflow
bedrock:deleteflow
bedrock:create*
bedrock:update*
bedrock:delete*
bedrock:modify*
bedrock:*
*
The control specifically verifies the presence of security conditions, such as aws:PrincipalArn
, aws:SourceIp
, aws:ResourceTag
, or aws:MultiFactorAuthPresent
, ensuring that access is appropriately restricted.
See the IAM JSON Policy Elements: Condition and Managing IAM Role Inline Policies documentation for guidance on modifying inline policies to include necessary security conditions.