From 0b373fc282e7a5a66cba763cc905f82bda6e1a5b Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 9 Jan 2026 15:28:17 -0500 Subject: [PATCH] udpate scp --- aws/documentation/services/bedrock/scp.md | 30 ++++++++++------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/aws/documentation/services/bedrock/scp.md b/aws/documentation/services/bedrock/scp.md index cad7d3f2..152aa47f 100644 --- a/aws/documentation/services/bedrock/scp.md +++ b/aws/documentation/services/bedrock/scp.md @@ -43,33 +43,27 @@ This policy denies all Bedrock model invocations *unless* the resource matches y "Version": "2012-10-17", "Statement": [ { - "Sid": "RestrictBedrockModelsAndProfiles", + "Sid": "DenyUnapprovedFoundationModels", "Effect": "Deny", "Action": [ - "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream", + "bedrock:InvokeModel", "bedrock:CreateModelInvocationJob", - "bedrock:UseInferenceProfile" + "bedrock:ConverseStream", + "bedrock:Converse" ], "NotResource": [ - "arn:*:bedrock:*:*:foundation-model/amazon.titan*", - "arn:*:bedrock:*:*:foundation-model/anthropic.claude-4-5-sonnet*", - "arn:*:bedrock:*:*:foundation-model/anthropic.claude-3-7-sonnet*", - "arn:*:bedrock:*:*:foundation-model/anthropic.claude-3-5-sonnet-20240620*", - "arn:*:bedrock:*:*:foundation-model/anthropic.claude-3-haiku*", - "arn:*:bedrock:*:*:foundation-model/meta.llama3-8b*", - "arn:*:bedrock:*:*:foundation-model/meta.llama3-70b*", - "arn:*:bedrock:*:*:inference-profile/*anthropic.claude-4-5-sonnet*", - "arn:*:bedrock:*:*:inference-profile/*anthropic.claude-3-7-sonnet*", - "arn:*:bedrock:*:*:inference-profile/*anthropic.claude-3-5-sonnet-20240620*", - "arn:*:bedrock:*:*:inference-profile/*anthropic.claude-3-haiku*", - "arn:*:bedrock:*:*:inference-profile/*meta.llama3*", - "arn:*:bedrock:*:*:provisioned-model/*" + "arn:*:bedrock:*::foundation-model/meta.llama3-8b*", + "arn:*:bedrock:*::foundation-model/meta.llama3-70b*", + "arn:*:bedrock:*::foundation-model/anthropic.claude-4-5-sonnet*", + "arn:*:bedrock:*::foundation-model/anthropic.claude-3-haiku*", + "arn:*:bedrock:*::foundation-model/anthropic.claude-3-7-sonnet*", + "arn:*:bedrock:*::foundation-model/anthropic.claude-3-5-sonnet*", + "arn:*:bedrock:*::foundation-model/amazon.titan*" ] } ] } - ``` #### 1. Managing Inference Profiles @@ -111,3 +105,5 @@ GovCloud handles Bedrock slightly differently than Commercial regions: * 1.0.0 -- 2026-01-07 - develop guide and document +* 1.0.1 -- 2026-01-09 + - update SCP to one that partially works (from lab testing)