Search Login
Sign In Sign Up for Free

Interactive Product Tour

interactive tour Start a Tour Get a Demo

Interactive Product Tour

interactive tour Start a Tour Get a Demo
AI GOVERNANCE WORKSHOP SERIES

Securing AI in AWS: Guardrails for Bedrock Workloads, SCPs for Claude Code and Kiro

A hands-on workshop on the SCPs and Bedrock Policies that let your team move fast with AI, without losing control of production.

Part 1 in our series on AI Governance.

Your developers want to build with Bedrock. Your platform team wants to ship AI workloads without a six-month review cycle. And your security team wants to know that AI agents aren’t running wild in production.

You need a posture to control this. It starts with some basic guardrails that won’t trip up AI workload production but keep your cloud safe. We’ll cover restricting foundation model access, enforcing Bedrock Guardrails at the org level, and controlling which AI services are available where.

This workshop will go control-by-control through the governance mechanisms available in AWS Organizations and show you exactly how to deploy them. We’ll also provide deployable policy templates you can use today.

Materials you’ll get from our AI Governance series:

1. SCP to block MCP server activity in production OUs
2. Bedrock Policy to enforce org-level content guardrails
3. SCPs to restrict AI service availability by OU
4. SCPs to control foundation model access (deny-list and allow-list)
5. SCP to block long-term Bedrock API key creation

Date
May 6, 2026
Time
1:00 PM ET
Duration
45 Minutes

Meet Your Speakers

Christophe

Christophe Limpalair

Founder & AWS Trainer

Cybr

Can't teach enough AWS classes

Expert Speaker
Birdman

Sandy Bird

CTO & Co-Founder

Sonrai Security

The Wizard of Fredericton

Expert Speaker

Register here

  • Instant confirmation email
  • Bonus materials included
  • No spam, unsubscribe anytime

By registering, you agree to receive webinar updates and marketing emails. You can opt-out at any time.

What You’ll Learn in This Workshop

Areas covered in Part 1 of our series

1

Restrict foundation model access

Allow Bedrock but limit which models can actually be invoked. We’ll show both a deny-list approach (block specific models) and an allow-list approach (only permit approved vendors like Anthropic).

2

Enforce Bedrock Guardrails at the org level

Account-level guardrails can be overridden by anyone with the right IAM permissions. Bedrock Policies enforce content filtering and safety controls from the management account, so developers can’t undo them.

3

Control which AI services are available where

Not every account needs access to Bedrock AgentCore, SageMaker, or other AI services. Use SCPs to define which services are available in which OUs — the same pattern you already use for region restrictions.

Materials from our series you’ll walk away with

SCP to block MCP server activity in production OUs

Bedrock Policy to enforce org-level content guardrails

SCPs to restrict AI service availability by OU

SCPs to control foundation model access (deny-list and allow-list)

SCP to block long-term Bedrock API key creation

Want to Learn More? Take Cybr’s AWS Security Course

A AWS Certified Security Specialty SCS-C03 Prep Course, sponsored by Sonrai Security for free access to everyone

Explore the free course on YouTube
Sonrai Main Logo

© 2026 Sonrai Security. All rights reserved

Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307, 11,134,085, and 12,218,982, together with other domestic and international patents pending. All rights reserved.