Securing AI in AWS: MCP servers, Bedrock API keys, AgentCore privilege escalation

A hands-on workshop on the SCPs and Bedrock Policies that let your team move fast with AI, without losing control of production.

Part 2 in our series on AI Governance.

Whether agents are already running through your cloud, or you’re just starting to turn on services like Bedrock, you’re probably worried about AI Governance. In part 1 (which you can watch here), we covered some foundational issues. Now in part 2, we’re diving deeper into things like MCP access, blocking long-lived Bedrock API keys, controls in Kiro, and more. It’s not required to watch part 1 – but it may position you well for this conversation.

Materials you’ll get from our AI Governance series:

1. SCP to block MCP server activity in production OUs
2. Bedrock Policy to enforce org-level content guardrails
3. SCPs to restrict AI service availability by OU
4. SCPs to control foundation model access (deny-list and allow-list)
5. SCP to block long-term Bedrock API key creation

Meet Your Speakers

Christophe Limpalair

Founder & AWS Trainer

Cybr

Can't teach enough AWS classes

Expert Speaker

Nigel Sood

Cloud Security Researcher

Sonrai Security

Flies Planes, Finds Permissions Esoterica

Expert Speaker

What You’ll Learn in This Workshop

Areas covered in Part 2 of our series

SCP to block MCP server activity in production OUs

Bedrock Policy to enforce org-level content guardrails

SCPs to restrict AI service availability by OU

SCPs to control foundation model access (deny-list and allow-list)

SCP to block long-term Bedrock API key creation

Want to Learn More? Take Cybr’s AWS Security Course

A AWS Certified Security Specialty SCS-C03 Prep Course, sponsored by Sonrai Security for free access to everyone

Explore the free course on YouTube

Interactive Product Tour