Bug fixes

• Lowered the priority of enforceApprovedFoundationModelsForAwsBedrock and enforceVpcEndpointForAwsBedrockInvocations from P1 to P2 since both enforce customer-defined allow lists for a single service rather than baseline account hygiene, and removed them from the AWS P1 Preventions benchmark to match.
• Fixed scoring for the Enforce approved foundation models for AWS Bedrock, Enforce VPC endpoint for AWS Bedrock invocations, and Restrict AWS Bedrock third-party knowledge bases to approved secret ARNs prevention objectives so preventions with custom approved values (model IDs, VPC endpoint IDs, secret ARNs) are scored against their own allow list instead of a fixed reference list.
• Strengthened the Enforce approved foundation models for AWS Bedrock prevention deny coverage to also block invocations routed through application inference profiles, closing a bypass where wrapping an unapproved model in an inference profile evaded the deny.
• Removed the Restrict AWS Bedrock Marketplace model endpoints to approved vendors prevention objective. The approved vendor identity is not present in the runtime event for AWS Bedrock Marketplace endpoint creation, so the allow list could not be evaluated and the objective scored zero in all workspaces.

What's new?

• Improved scoring for the Enforce VPC endpoint for AWS Bedrock invocations prevention objective so it no longer matches preventions that deny bedrock:InvokeModel without a VPC endpoint condition.

Prevention Fact Types

Added

• AWS Conditional Deny Scope

Prevention Objectives

Added

• Enforce Model Invocation Logging for AWS Bedrock
• Enforce mandatory Bedrock Guardrail on AWS Bedrock invocations

Removed

• Restrict AWS Bedrock Marketplace model endpoints to approved vendors

Prevention Examples

Added

• Enforce Model Invocation Logging for AWS Bedrock
• Require Bedrock Guardrail attachment on AWS Bedrock agents
• Require an approved Bedrock Guardrail on AWS Bedrock invocations

Removed

• Restrict AWS Bedrock Marketplace model endpoints