Search Login
Sign In Sign Up for Free

Interactive Product Tour

interactive tour Start a Tour Get a Demo

Interactive Product Tour

interactive tour Start a Tour Get a Demo
AI GOVERNANCE WORKSHOP SERIES

Securing AI in AWS: MCP servers, Bedrock API keys, AgentCore privilege escalation

A hands-on workshop on the SCPs and Bedrock Policies that let your team move fast with AI, without losing control of production.

Part 2 in our series on AI Governance.

Whether agents are already running through your cloud, or you’re just starting to turn on services like Bedrock, you’re probably worried about AI Governance. In part 1 (which you can watch here), we covered some foundational issues. Now in part 2, we’re diving deeper into things like MCP access, blocking long-lived Bedrock API keys, controls in Kiro, and more. It’s not required to watch part 1 – but it may position you well for this conversation.

Materials you’ll get from our AI Governance series:

1. SCP to block MCP server activity in production OUs
2. Bedrock Policy to enforce org-level content guardrails
3. SCPs to restrict AI service availability by OU
4. SCPs to control foundation model access (deny-list and allow-list)
5. SCP to block long-term Bedrock API key creation

Date
May 20, 2026
Time
1:00 PM ET
Duration
45 Minutes

Meet Your Speakers

Christophe

Christophe Limpalair

Founder & AWS Trainer

Cybr

Can't teach enough AWS classes

Expert Speaker
Captain Nigel

Nigel Sood

Cloud Security Researcher

Sonrai Security

Flies Planes, Finds Permissions Esoterica

Expert Speaker

Register here

  • Instant confirmation email
  • Bonus materials included
  • No spam, unsubscribe anytime

By registering, you agree to receive webinar updates and marketing emails. You can opt-out at any time.

What You’ll Learn in This Workshop

Areas covered in Part 2 of our series

1

MCP server activity control

SCP to block MCP activity in production OUs — denies ssmmcp:* actions where AI agents shouldn’t operate

2

Bedrock API key control

SCP to block long-term Bedrock API key creation – prevent static credentials while allowing short-term keys

3

Agentcore code interpreter control

SCP to restrict AgentCore Code Interpreter invocation – locks down which identities can invoke specific Code Interpreters to prevent privilege escalation

Materials from our series you’ll walk away with

SCP to block MCP server activity in production OUs

Bedrock Policy to enforce org-level content guardrails

SCPs to restrict AI service availability by OU

SCPs to control foundation model access (deny-list and allow-list)

SCP to block long-term Bedrock API key creation

Want to Learn More? Take Cybr’s AWS Security Course

A AWS Certified Security Specialty SCS-C03 Prep Course, sponsored by Sonrai Security for free access to everyone

Explore the free course on YouTube
Sonrai Main Logo

© 2026 Sonrai Security. All rights reserved

Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307, 11,134,085, and 12,218,982, together with other domestic and international patents pending. All rights reserved.