Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™

Restrict Bedrock Flow IAM Role Permissions

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the policies attached to the IAM execution role associated with your Amazon Bedrock flows are not too permissive. To adhere to Identity and Access Management (IAM) best practices, the policies configured for your Bedrock flow execution roles should implement the Principle of Least Privilege (POLP). This principle mandates granting only the minimum necessary permissions to each identity, process, or system.

Security

The flow execution role determines what AWS services and resources an Amazon Bedrock flow can access during execution, including foundation models, knowledge bases, agents, guardrails, AWS Lambda functions, Amazon S3 buckets, and Amazon Lex bots referenced by the flow's nodes. An overly permissive execution role allows an attacker who compromises the flow to access resources beyond the flow's intended scope, including sensitive downstream systems. Granting only the access necessary for the flow's nodes to function significantly reduces the risk of unauthorized data exposure, lateral movement, and privilege escalation.


Audit

To determine if the identity-based policies (both managed and inline policies) attached to the IAM execution role associated with your Amazon Bedrock flows are too permissive, perform the following operations:

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

  3. In the main navigation panel, under Build, select Flows.

  4. In the Flows section, click on the name (link) of the flow that you want to examine, available in the Name column.

  5. On the flow details page, in the Flow details section, locate the Service role attribute to identify the name of the IAM execution role associated with the selected flow. Because the role name is displayed as plain text (not a clickable link), note the role name, then open the IAM console available at https://console.aws.amazon.com/iam/, select Roles, and open the IAM role with that name.

  6. Select the Permissions tab to access the identity-based policies attached to the flow execution role.

  7. In the Permissions policies section, click on the Expand button (i.e. plus icon) available next to each managed/inline policy to display the policy document in JSON format, then perform the following actions:

    1. Identify the "Action" element defined for each statement and check the element value. If the "Action" element value is set to "*", all the supported actions can be performed by the cloud resource(s) defined within the policy statement, therefore, the selected IAM policy is too permissive.
    2. Find the "Action" element defined for each policy statement and check the element value. If the "Action" value is set to "iam:*", all the Identity and Access Management (IAM) actions can be performed by the resource(s) defined within the policy statement (i.e. full access to Amazon IAM), therefore, the selected IAM policy is too permissive.
    3. Identify the "Action" and "Resource" elements defined for each policy statement, and check their values. If the "Action" element value contains "iam:PassRole" and the "Resource" element value is set to "*" or ends with a wildcard character (*), the policy allows the role to pass other IAM role(s) to the associated resource, therefore, the selected IAM policy is too permissive.
    4. The "NotAction" policy element used in combination with "Effect": "Allow" often provides more privileges than desired. Search for "NotAction" elements defined within the selected policy document. If the document contains one or more "NotAction" elements used in combination with "Effect": "Allow", the selected IAM policy is too permissive.
  8. Repeat steps no. 4 - 7 for each Amazon Bedrock flow available within the current AWS region.

  9. Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

  1. Run list-flows command (OSX/Linux/UNIX) to list the identifier (ID) of each Amazon Bedrock flow available in the selected AWS cloud region:

    aws bedrock-agent list-flows
      --region us-east-1
      --query 'flowSummaries[*].id'
    
  2. The command output should return the requested flow identifiers (IDs):

    [
        "ABCDACBDAB",
        "ABCABCABCA"
    ]
    
  3. Run get-flow command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock flow that you want to examine as the identifier parameter and custom output filters to describe the Amazon Resource Name (ARN) of the IAM execution role attached to the selected flow:

    aws bedrock-agent get-flow
      --region us-east-1
      --flow-identifier ABCDACBDAB
      --query 'executionRoleArn'
    
  4. The command output should return the ARN of the associated IAM execution role:

    "arn:aws:iam::123456789012:role/service-role/tm-bedrock-flow-role"
    
  5. Run list-attached-role-policies command (OSX/Linux/UNIX) using the name of the Amazon Bedrock flow execution role that you want to examine as the identifier parameter and custom output filters to list the Amazon Resource Name (ARN) of each managed policy attached to the selected execution role. The role name is the last segment of the executionRoleArn returned at step 4 (for example, tm-bedrock-flow-role from arn:aws:iam::123456789012:role/service-role/tm-bedrock-flow-role):

    aws iam list-attached-role-policies
      --role-name tm-bedrock-flow-role
      --query 'AttachedPolicies[*].PolicyArn'
    
  6. The command output should return the ARN of each managed policy attached to the selected role:

    [
        "arn:aws:iam::123456789012:policy/tm-bedrock-flow-managed-policy"
    ]
    

    If the command returns an empty array ([]), the role has no managed policies attached; skip the managed-policy checks (steps 7 - 10) and proceed to step 11 to inspect the role's inline policies.

  7. Run get-policy-version command (OSX/Linux/UNIX) using the ARN of the IAM managed policy that you want to examine as the identifier parameter and custom filtering to describe the policy document (JSON format) defined for the selected policy version:

    aws iam get-policy-version
      --policy-arn arn:aws:iam::123456789012:policy/tm-bedrock-flow-managed-policy
      --version-id v1
      --query 'PolicyVersion.Document'
    
  8. The command output should return the requested IAM policy document:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "*",
                "Resource": "*",
                "Effect": "Allow"
            }
        ]
    }
    
  9. Analyze the get-policy-version command output by performing the following actions:

    1. Identify the "Action" element defined for each policy statement and check the element value. If the "Action" element value is set to "*", all the supported actions can be performed by the cloud resource(s) defined within the policy statement, therefore, the selected Amazon IAM managed policy is too permissive.
    2. Find the "Action" element defined for each statement and check the element value. If the "Action" value is set to "iam:*", all the Identity and Access Management (IAM) actions can be performed by the resource(s) defined within the policy statement (i.e. full access to Amazon IAM service), therefore, the selected IAM managed policy is too permissive.
    3. Identify the "Action" and "Resource" elements defined for each statement and check their values. If the "Action" element value contains "iam:PassRole" and the "Resource" element value is set to "*" or ends with a wildcard character (*), the policy allows the role to pass other IAM role(s) to the associated resource, therefore, the selected IAM policy is too permissive.
    4. The "NotAction" policy element used in combination with "Effect": "Allow" often provides more privileges than desired. Search for "NotAction" elements defined in the selected policy document. If the document contains one or more "NotAction" elements used in combination with "Effect": "Allow", the selected IAM managed policy is too permissive.
  10. Repeat steps no. 7 – 9 to verify permissions for other managed policies attached to the selected IAM role.

  11. Run list-role-policies command (OSX/Linux/UNIX) using the name of the Amazon Bedrock flow execution role that you want to examine as the identifier parameter and custom output filtering to describe the name of each inline policy attached to the selected IAM role:

    aws iam list-role-policies
      --role-name tm-bedrock-flow-role
      --query 'PolicyNames'
    
  12. The command output should return the name of each inline policy associated with the selected role:

    [
        "tm-bedrock-flow-inline-policy"
    ]
    
  13. Run get-role-policy command (OSX/Linux/UNIX) using the name of the IAM inline policy that you want to examine as the identifier parameter, to describe the policy document (JSON format) defined for the selected inline policy:

    aws iam get-role-policy
      --role-name tm-bedrock-flow-role
      --policy-name tm-bedrock-flow-inline-policy
      --query 'PolicyDocument'
    
  14. The command output should return the requested inline policy document:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "*"
                ],
                "Resource": [
                    "*"
                ],
                "Effect": "Allow",
                "Sid": "FullAccess"
            }
        ]
    }
    
  15. Perform the following actions for the get-role-policy command output:

    1. Identify the "Action" element defined for each policy statement and check the element value. If the "Action" element value is set to "*", all the supported actions can be performed by the cloud resource(s) defined within the policy statement, therefore, the selected Amazon IAM inline policy is too permissive.
    2. Find the "Action" element defined for each statement and check the element value. If the "Action" value is set to "iam:*", all the Identity and Access Management (IAM) actions can be performed by the resource(s) defined within the policy statement (i.e. full access to Amazon IAM service), therefore, the selected IAM inline policy is too permissive.
    3. Identify the "Action" and "Resource" elements defined for each statement and check their values. If the "Action" element value contains "iam:PassRole" and the "Resource" element value is set to "*" or ends with a wildcard character (*), the policy allows the role to pass other IAM role(s) to the associated resource, therefore, the selected IAM policy is too permissive.
    4. The "NotAction" policy element used in combination with "Effect": "Allow" often provides more privileges than desired. Search for "NotAction" elements defined within the selected policy document. If the document contains one or more "NotAction" elements used in combination with "Effect": "Allow", the selected IAM inline policy is too permissive.
  16. Repeat steps no. 13 – 15 to check permissions for other inline policies embedded within the selected IAM role.

  17. Repeat steps no. 3 - 16 for each Amazon Bedrock flow available in the selected AWS region.

  18. Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 17 to perform the Audit process for other regions.

Remediation / Resolution

To update your Amazon Bedrock flow execution role permissions through IAM policies in order to implement the Principle of Least Privilege (POLP), perform the following operations:

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

  3. In the main navigation panel, under Build, select Flows.

  4. In the Flows section, click on the name (link) of the flow that you want to configure, available in the Name column.

  5. On the flow details page, in the Flow details section, locate the Service role attribute to identify the name of the IAM execution role associated with the selected flow. Because the role name is displayed as plain text (not a clickable link), note the role name, then open the IAM console available at https://console.aws.amazon.com/iam/, select Roles, and open the IAM role with that name.

  6. Select the Permissions tab to access the identity-based policies attached to the flow execution role.

  7. In the Permissions policies section, perform the following actions based on the policy type:

    1. For managed IAM policies (AWS-managed and customer-managed policies):

      1. Select the overly permissive policy that you want to detach from your IAM execution role and choose Remove.
      2. Inside the confirmation box, choose Remove to detach the selected policy.
      3. Choose Add permissions and select Attach policies to attach managed IAM policies to your execution role. Select one or more IAM policies from the Other permissions policies list based on your role access requirements. Follow the Principle of Least Privilege (the security concept of providing every identity the minimal set of permissions required to successfully perform its tasks) when selecting the managed policies to attach to your IAM execution role. Choose Add permissions to confirm the attachment.
    2. For inline IAM policies, either scope down the existing policy in place (recommended) or remove and recreate it. When defining the least-privilege policy, follow the Principle of Least Privilege (POLP): restrict the "Action" element to only the specific actions required by the nodes in your flow, such as "bedrock:InvokeModel" (invoke the foundation model used by a prompt node), "bedrock:Retrieve" (query a knowledge base node), or "lambda:InvokeFunction" (invoke a Lambda function node), and scope the "Resource" element to the exact ARNs of the resources referenced by the flow.

      1. To scope it down in place (recommended), select the overly permissive inline policy embedded within your execution role and choose Edit. Select the JSON tab, replace the policy document with the least-privilege version, then choose Next and Save changes.
      2. Alternatively, to remove and recreate the policy, select the overly permissive inline policy and choose Remove (the inline policy is deleted immediately; no confirmation input is required). Then choose Add permissions and select Create inline policy, select the JSON tab, configure the least-privilege policy document, choose Next, provide a meaningful name to identify the new policy, then choose Create policy to save it.
  8. Repeat steps no. 4 - 7 for each Amazon Bedrock flow that you want to configure, available within the current AWS region.

  9. Change the AWS cloud region from the navigation bar to repeat the Remediation process for other regions.

Using AWS CLI

  1. Define the new identity-based policy that will replace the overly permissive policy associated with your IAM execution role, and save the policy document to a JSON file named tm-flow-role-policy.json. You can update the existing, overly permissive policies with the appropriate permissions, or you can use the AWS Policy Generator available at https://awspolicygen.s3.amazonaws.com/policygen.html to build custom policies for your IAM roles. To adhere to IAM security best practices, the new identity-based IAM policy should implement the Principle of Least Privilege (POLP) and provide the minimal set of permissions required to perform successfully the tasks defined by the flow's nodes. For example, the following IAM policy grants permissions to invoke a specific foundation model and query a specific knowledge base used by the flow:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "InvokeModel",
                "Effect": "Allow",
                "Action": "bedrock:InvokeModel",
                "Resource": [
                    "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2"
                ]
            },
            {
                "Sid": "QueryKnowledgeBase",
                "Effect": "Allow",
                "Action": "bedrock:Retrieve",
                "Resource": [
                    "arn:aws:bedrock:us-east-1:123456789012:knowledge-base/abcd1234abcd"
                ]
            }
        ]
    }
    
  2. Depending on whether you need to update a managed IAM policy or an inline IAM policy, execute one of the following sets of commands:

    1. If the policy attached to your execution role is a managed policy, run create-policy-version command (OSX/Linux/UNIX) using the policy document created at the previous step (i.e. tm-flow-role-policy.json) to create a new and compliant version of the attached managed policy. The following command request example creates a new version of an IAM managed policy identified by the ARN "arn:aws:iam::123456789012:policy/tm-bedrock-flow-managed-policy" and makes it the default version:

      aws iam create-policy-version
        --policy-arn arn:aws:iam::123456789012:policy/tm-bedrock-flow-managed-policy
        --policy-document file://tm-flow-role-policy.json
        --set-as-default
      
    2. The command output should return the information available for the new managed policy version:

      {
          "PolicyVersion": {
              "CreateDate": "2024-07-15T10:00:00Z",
              "VersionId": "v2",
              "IsDefaultVersion": true
          }
      }
      
    3. If the policy associated with your Amazon IAM role is an inline policy, run put-role-policy command (OSX/Linux/UNIX) using the policy document created at the previous step (i.e. tm-flow-role-policy.json) to update the permissions of the selected inline policy. The following command request example updates an inline IAM policy named "tm-bedrock-flow-inline-policy" (the command does not produce an output):

      aws iam put-role-policy
        --role-name tm-bedrock-flow-role
        --policy-name tm-bedrock-flow-inline-policy
        --policy-document file://tm-flow-role-policy.json
      
  3. Repeat steps no. 1 and 2 to change permissions for other overly permissive IAM policies associated with the selected IAM execution role.

  4. Repeat steps no. 1 - 3 for each Amazon Bedrock flow that you want to configure, available in the selected AWS region.

  5. To perform the Remediation process for Amazon Bedrock flows in other AWS regions, re-run the Audit section's list-flows and get-flow commands (updating their --region parameter) to identify the flows and their execution roles in each region, then repeat steps no. 1 – 4. Note that the IAM commands used in this section (create-policy-version, put-role-policy) are global and do not take a --region parameter.

References

Publication date Jul 13, 2026