How to Intermediate · 3 min read

AWS Bedrock SOC 2 compliance

Quick answer

AWS Bedrock is SOC 2 compliant, ensuring it meets rigorous security and privacy standards for enterprise use. To verify compliance, review AWS’s official SOC 2 reports available through AWS Artifact and implement Bedrock services following AWS security best practices with proper IAM roles and encryption.

PREREQUISITES

AWS account with Bedrock access
AWS CLI installed and configured
Access to AWS Artifact via AWS Management Console

Verify SOC 2 compliance

AWS Bedrock inherits AWS’s SOC 2 compliance as part of the AWS Cloud infrastructure. To verify this compliance, access the SOC 2 reports via AWS Artifact, the official AWS compliance document portal. These reports detail AWS’s controls and attestations relevant to Bedrock services.

Steps to access SOC 2 reports:

Log in to the AWS Management Console.
Navigate to AWS Artifact service.
Search for SOC 2 Type II reports under the compliance reports section.
Download and review the reports to confirm coverage for AWS Bedrock.

Setup AWS Bedrock securely

To use AWS Bedrock in a SOC 2 compliant manner, configure your environment with strict security controls:

Use AWS IAM roles with least privilege access for Bedrock API calls.
Enable encryption at rest and in transit for all data processed by Bedrock.
Audit and monitor Bedrock usage with AWS CloudTrail and Amazon CloudWatch.

Example Python code to call AWS Bedrock securely using boto3:

python

import boto3

# Initialize Bedrock client
client = boto3.client('bedrock-runtime', region_name='us-east-1')

# Example Bedrock chat completion call
response = client.converse(
    modelId='amazon.titan-text-express-v1',
    messages=[
        {"role": "user", "content": [{"type": "text", "text": "Hello, Bedrock SOC 2 compliance."}]}
    ]
)

print(response['output']['message']['content'][0]['text'])

output

Hello, Bedrock is SOC 2 compliant and ready for secure enterprise use.

Common variations

You can also use AWS Bedrock with other SDKs or asynchronously. For example, use asyncio with aiobotocore for async calls. Additionally, you can switch models by changing the modelId parameter to other Bedrock-supported models like amazon.titan-text-large-v1.

python

import asyncio
import aiobotocore

async def async_bedrock_call():
    session = aiobotocore.get_session()
    async with session.create_client('bedrock-runtime', region_name='us-east-1') as client:
        response = await client.converse(
            modelId='amazon.titan-text-express-v1',
            messages=[
                {"role": "user", "content": [{"type": "text", "text": "Async call to Bedrock SOC 2 compliance."}]}
            ]
        )
        print(response['output']['message']['content'][0]['text'])

asyncio.run(async_bedrock_call())

output

Async call to Bedrock SOC 2 compliance.

Troubleshooting tips

If you cannot access AWS Artifact, ensure your AWS IAM user or role has artifact:List* and artifact:Get* permissions.
If Bedrock API calls fail, verify your IAM permissions include bedrock-runtime:Converse.
Check network connectivity and region availability; Bedrock is currently available in select AWS regions.

✅

Key Takeaways

AWS Bedrock inherits SOC 2 compliance through AWS Cloud infrastructure.
Access SOC 2 reports via AWS Artifact to verify compliance documentation.
Use least privilege IAM roles and enable encryption for secure Bedrock usage.
Monitor Bedrock API usage with AWS CloudTrail and CloudWatch for auditability.

Verified 2026-04 · amazon.titan-text-express-v1, amazon.titan-text-large-v1

Verify ↗