How to basic · 3 min read

AWS Bedrock compliance certifications

Quick answer
AWS Bedrock holds key compliance certifications such as SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, and FedRAMP Moderate. These certifications ensure that AWS Bedrock meets stringent security and privacy standards required for enterprise and government workloads.

PREREQUISITES

  • AWS account with Bedrock access
  • Familiarity with AWS compliance documentation
  • Basic knowledge of cloud security standards

Overview of AWS Bedrock compliance

AWS Bedrock is designed to meet rigorous compliance standards to support enterprise and regulated workloads. It inherits the compliance certifications of the underlying AWS infrastructure and services, ensuring data security, privacy, and operational controls.

Key certifications include:

  • SOC 1, SOC 2, SOC 3: Service Organization Controls reports for security, availability, and confidentiality.
  • ISO 27001, 27017, 27018: International standards for information security management and cloud privacy.
  • FedRAMP Moderate: U.S. government standard for cloud service providers handling sensitive data.

How to verify AWS Bedrock compliance

To verify AWS Bedrock compliance certifications for your organization:

  1. Access the AWS Compliance Programs page to review detailed audit reports and certifications.
  2. Use the AWS Artifact service to download compliance reports such as SOC and ISO certifications.
  3. Confirm that your AWS region supports Bedrock and its compliance scope.
  4. Review the AWS Shared Responsibility Model to understand your security obligations when using Bedrock.

Example: Accessing compliance reports via AWS Artifact

Use the AWS CLI or AWS Management Console to access compliance reports:

bash
aws artifact get-report --report-id <report-id> --output json
output 
{
  "reportId": "SOC2-2025",
  "reportName": "SOC 2 Type II",
  "status": "AVAILABLE",
  "downloadUrl": "https://artifact.aws.amazon.com/reports/soc2-2025.pdf"
}

Common compliance considerations

  • Data residency: Verify Bedrock availability in regions compliant with your data residency requirements.
  • Encryption: Bedrock supports encryption at rest and in transit using AWS KMS.
  • Access control: Use AWS IAM policies to restrict Bedrock API access.
  • Audit logging: Enable AWS CloudTrail to log Bedrock API calls for compliance auditing.

Key Takeaways

  • AWS Bedrock inherits AWS’s SOC, ISO, and FedRAMP compliance certifications for enterprise security.
  • Use AWS Artifact to access official compliance reports for Bedrock and related AWS services.
  • Implement encryption, access control, and audit logging to maintain compliance when using Bedrock.
Verified 2026-04
Verify ↗

People also ask

🛠 AWS Bedrock HIPAA compliance aws-bedrock-enterprise 🛠 AWS Bedrock SOC 2 compliance aws-bedrock-enterprise 🛠 GDPR compliance for financial AI ai-for-finance 🛠 HIPAA compliance for AI in healthcare ai-for-healthcare 🛠 AI for regulatory compliance monitoring ai-for-legal

Up next

🛠 AWS Bedrock cost monitoring with CloudWatch 🛠 AWS Bedrock cost optimization strategies 🛠 AWS Bedrock data privacy and security 🛠 AWS Bedrock encryption explained

More in Guides

🛠 AWS Bedrock audit logging 🛠 AWS Bedrock CloudTrail integration 🛠 AWS Bedrock cost monitoring with CloudWatch 🛠 AWS Bedrock cost optimization strategies