Encryption of agent resources for agents created before January 22, 2025
Important
If you've created your agent after January 22, 2025, follow instructions for Encryption of agent resources
Amazon Bedrock encrypts your agent's session information. By default, Amazon Bedrock encrypts this data using an AWS managed key. Optionally, you can encrypt the agent artifacts using a customer managed key.
For more information about AWS KMS keys, see Customer managed keys in the AWS Key Management Service Developer Guide.
If you encrypt sessions with your agent with a custom KMS key, you must set up the following identity-based policy and resource-based policy to allow Amazon Bedrock to encrypt and decrypt agent resources on your behalf.
-
Attach the following identity-based policy to an IAM role or user with permissions to make
InvokeAgent
calls. This policy validates the user making anInvokeAgent
call has KMS permissions. Replace the${region}
,${account-id}
,${agent-id}
, and${key-id}
with the appropriate values.{ "Version": "2012-10-17", "Statement": [ { "Sid": "Allow Amazon Bedrock to encrypt and decrypt Agent resources on behalf of authorized users", "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:
${region}
:${account-id}
:key/${key-id}
", "Condition": { "StringEquals": { "kms:EncryptionContext:aws:bedrock:arn": "arn:aws:bedrock:${region}
:${account-id}
:agent/${agent-id}
" } } } ] } -
Attach the following resource-based policy to your KMS key. Change the scope of the permissions as necessary. Replace the
${region}
,${account-id}
,${agent-id}
, and${key-id}
with the appropriate values.{ "Version": "2012-10-17", "Statement": [ { "Sid": "Allow account root to modify the KMS key, not used by Amazon Bedrock.", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::
${account-id}
:root" }, "Action": "kms:*", "Resource": "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
" }, { "Sid": "Allow Amazon Bedrock to encrypt and decrypt Agent resources on behalf of authorized users", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
", "Condition": { "StringEquals": { "kms:EncryptionContext:aws:bedrock:arn": "arn:aws:bedrock:${region}
:${account-id}
:agent/${agent-id}
" } } }, { "Sid": "Allow the service role to use the key to encrypt and decrypt Agent resources", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::${account-id}
:role/${role}
" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", ], "Resource": "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
" }, { "Sid": "Allow the attachment of persistent resources", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } } ] }