prowler-cloud/prowler

[New Check]: Bedrock agent execution roles follow least privilege

Open

#11011 opened on May 5, 2026

View on GitHub
 (2 comments) (0 reactions) (1 assignee)Python (8,957 stars) (1,322 forks)batch import
feature-requestgood first issuenew-checkprovider/aws

Description

Existing check search

  • I have searched existing issues, Prowler Hub, and the public roadmap, and this check does not already exist.

Provider

AWS

New provider name

No response

Service or product area

bedrock

Suggested check name

bedrock_agent_role_least_privilege

Context and goal

  • Security condition to validate: Bedrock Agent execution roles (agentResourceRoleArn) follow least privilege — no full-access managed policies, no Resource: "*" wildcards, a permissions boundary set, and VPC condition keys when applicable.
  • Why it matters: A permissive agent execution role turns prompt injection into privilege escalation — the agent can be steered into any action the role allows.
  • Resource involved: Bedrock Agent → IAM execution role (attached/inline policies, permissions boundary, condition keys).

Expected behavior

  • Resource or scope to evaluate: Each Bedrock Agent's execution role.
  • PASS when: no full-access managed policy, no Allow + Resource: "*" with broad actions, a permissions boundary is set, and VPC conditions are present when the role acts on VPC resources.
  • FAIL when: any of the above is violated.

References

Suggested severity

High

Additional implementation notes

No response

Contributor guide

Tech stack
pythonaws
Domain
securitycloud
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
3-5 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
blocked
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PythonAWS IAMProwler frameworkAWS Bedrock
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
This issue requests a new Prowler check to ensure Bedrock agent execution roles follow least privilege. The implementation should mimic existing checks (e.g., check bedrock agent roles in the referenced aws samples repo). Start by reading the Prowler contribution guide and examining a similar check file in `prowler/providers/aws/services/bedrock/`. The check must use boto3 to call `bedrock agent:GetAgent` to retrieve `agentResourceRoleArn`, then call IAM APIs (`ListAttachedRolePolicies`, `ListRolePolicies`, `GetRolePolicy`, `GetRole`) to verify no full access policies, no `Resource: "*"` wildcards, presence of a permissions boundary, and VPC condition keys. Refer to the provided AWS docs and the sample repository for logic. Create a new file `bedrock agent role least privilege.py` following the existing check patterns. The issue is assigned, so coordinate with the assignee or maintainer before proceeding.