Search Login
Sign In Sign Up for Free

Interactive Product Tour

interactive tour Start a Tour Get a Demo

Interactive Product Tour

interactive tour Start a Tour Get a Demo
FREE WORKSHOP

Securing AI in AWS: Guardrails for Bedrock Workloads, SCPs for Claude Code and Kiro

A hands-on workshop on the SCPs and Bedrock Policies that let your team move fast with AI, without losing control of production.

Your developers want to build with Bedrock. Your platform team wants to ship AI workloads without a six-month review cycle. And your security team wants to know that AI agents aren’t running wild in production.

The default posture in most AWS Organizations does nothing to reconcile these three initiatives. MCP servers are accessible in production accounts. Foundation models can be invoked without restriction. Claude Code and Kiro can create access keys and take actions in environments they were never meant to touch. And Bedrock Guardrails configured at the account level can be overridden by anyone with the right permissions.

The good news: AWS gives you the controls to fix all of this. The bad news: almost nobody has wired them up yet.

In this workshop, Sandy Bird (CTO & Cofounder, Sonrai Security) and Christophe Limpalair (Cybr) go control by control through the governance mechanisms available in AWS Organizations – and show you exactly how to deploy them.

Date
May 6, 2026
Time
1:00 PM ET
Duration
45 Minutes

Meet Your Speakers

Christophe

Christophe Limpalair

Founder & AWS Trainer

Cybr

Can't teach enough AWS classes

Expert Speaker
Birdman

Sandy Bird

CTO & Co-Founder

Sonrai Security

The Wizard of Fredericton

Expert Speaker

Register here

  • Instant confirmation email
  • Bonus materials included
  • No spam, unsubscribe anytime

By registering, you agree to receive webinar updates and marketing emails. You can opt-out at any time.

What You’ll Learn in This Workshop

Leave with useful policies and techniques to use in your cloud

1

Lock down MCP servers in production

Write an SCP that denies AWS-managed MCP server activity in any OU where AI agents shouldn’t be operating. Keep Claude Code and Kiro in sandbox accounts where they belong.

2

Enforce Bedrock Guardrails at the org level

Account-level guardrails can be overridden by anyone with the right IAM permissions. Bedrock Policies enforce content filtering and safety controls from the management account, so developers can’t undo them.

3

Control which AI services are available where

Not every account needs access to Bedrock AgentCore, SageMaker, or other AI services. Use SCPs to define which services are available in which OUs — the same pattern you already use for region restrictions.

4

Block long-lived Bedrock API keys

AWS released Bedrock API Keys in 2025, including long-term static credentials. These are the access key problem all over again. We’ll show you the SCP to prevent their creation.

Materials you’ll walk away with

SCP to block MCP server activity in production OUs

Bedrock Policy to enforce org-level content guardrails

SCPs to restrict AI service availability by OU

SCPs to control foundation model access (deny-list and allow-list)

SCP to block long-term Bedrock API key creation

Want to Learn More? Take Christophe’s AWS Security Course

A AWS Certified Security Specialty SCS-C03 Prep Course, sponsored by Sonrai Security for free access to everyone

Explore the free course on YouTube

Sonrai Main Logo

© 2026 Sonrai Security. All rights reserved

Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307, 11,134,085, and 12,218,982, together with other domestic and international patents pending. All rights reserved.