cartography icon indicating copy to clipboard operation
cartography copied to clipboard
verified publisher icon lyft

[Feature] Add support for AWS Bedrock

Open kunaals opened this issue 2 weeks ago • 0 comments

Summary

Add support for ingesting AWS Bedrock resources into Cartography. Amazon Bedrock is AWS's fully managed service for building generative AI applications using foundation models. This feature would allow Cartography to track Bedrock model access, custom models, provisioned throughput, guardrails, and agents.

Motivation

AWS Bedrock is increasingly used for enterprise AI/ML workloads and represents a critical attack surface for organizations adopting generative AI. By ingesting Bedrock resources, Cartography can surface:

  • Which IAM principals have access to invoke foundation models
  • Custom models and their training data sources (S3 buckets)
  • Provisioned throughput configurations and costs
  • Guardrails configured for content filtering and safety
  • Bedrock Agents and their associated Lambda functions/knowledge bases
  • Model invocation logging configurations (CloudWatch/S3)

This unlocks graph-based security analysis such as:

  • Identifying over-permissioned access to expensive or sensitive models
  • Tracking data flows from S3 training data to custom models
  • Auditing guardrail coverage across model deployments
  • Mapping agent architectures and their attack surfaces

Proposed Solution

Extend the AWS intel module to call the Bedrock APIs and model the following resources:

New Nodes:

  • AWSBedrockFoundationModel - Available foundation models
  • AWSBedrockCustomModel - Custom fine-tuned models
  • AWSBedrockProvisionedModelThroughput - Provisioned throughput reservations
  • AWSBedrockGuardrail - Content filtering guardrails
  • AWSBedrockAgent - Bedrock agents
  • AWSBedrockKnowledgeBase - Knowledge bases for RAG

New Relationships:

  • (:AWSAccount)-[:RESOURCE]->(:AWSBedrockCustomModel)
  • (:AWSBedrockCustomModel)-[:TRAINED_FROM]->(:S3Bucket)
  • (:AWSBedrockAgent)-[:INVOKES]->(:AWSLambda)
  • (:AWSBedrockAgent)-[:USES_KNOWLEDGE_BASE]->(:AWSBedrockKnowledgeBase)
  • (:AWSBedrockKnowledgeBase)-[:BACKED_BY]->(:S3Bucket)
  • (:AWSBedrockGuardrail)-[:APPLIED_TO]->(:AWSBedrockCustomModel)

AWS APIs to integrate:

  • bedrock:ListFoundationModels
  • bedrock:ListCustomModels
  • bedrock:ListProvisionedModelThroughputs
  • bedrock:ListGuardrails
  • bedrock-agent:ListAgents
  • bedrock-agent:ListKnowledgeBases

Alternatives Considered

  • Relying solely on IAM permission analysis for Bedrock access - this misses the resource-level detail needed for comprehensive security analysis
  • Using CloudTrail logs only - this provides invocation history but not the resource configuration graph

Relevant Links

kunaals avatar Dec 08 '25 19:12 kunaals