Bedrock custom models should not train from publicly accessible s3 buckets

Documentos > Datadog Security > OOTB Rules > Bedrock custom models should not train from publicly accessible s3 buckets

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies that Amazon Bedrock custom models are not trained using data from publicly accessible Amazon S3 buckets. Training models from publicly accessible buckets introduces significant security and integrity risks, as unauthorized users may modify or inject malicious data. This can result in data poisoning, model corruption, and exposure of sensitive data, undermining the reliability and trustworthiness of your AI/ML workflows.

Remediation

Update the bucket permissions and policies to restrict public access permissions. For guidance, review the Block Public Access to S3 Buckets documentation.

For additional configuration and protection measures, please consult the How can I secure the files in my Amazon S3 buckets? documentation.