5.4. Reflection Checkpoint

Key Takeaways

• Defense-in-depth for FM safety requires three independent layers: input sanitization (Comprehend), content policy enforcement (Guardrails), and output validation (Lambda + grounding check). No single layer is sufficient.
• Guardrails and IAM are independent controls at different layers. IAM = who can call Bedrock. Guardrails = what content flows through Bedrock. Both required.
• Prompt injection can come from retrieved documents (indirect injection), not just user inputs. Validate retrieved content before including it in FM context.
• VPC endpoints prevent FM traffic from leaving the AWS network. This is distinct from HTTPS encryption. Both are required but solve different problems.
• Bedrock Model Invocation Logs = data plane audit (what was sent, what was returned). CloudTrail = control plane audit (who changed what configuration). Both needed for complete governance.
• Responsible AI monitoring requires statistical evaluation across demographic groups, tracked with CloudWatch over time. Guardrails alone cannot detect subtle demographic bias.

Connecting Forward

Phase 6 covers Operational Efficiency and Optimization (Domain 4, 12%) — cost optimization strategies, performance tuning, and the monitoring systems that tie everything together. This is the domain where architectural decisions made in earlier phases (model selection, caching, chunking strategy) manifest as cost and performance outcomes.

Self-Check Questions

• You receive a security incident report: an attacker uploaded a document to your public file submission portal. Within 3 hours, other users began receiving responses containing the attacker's promotional text. Trace the attack vector, identify the exact failure point in your architecture, and describe four controls that would have prevented this.
• Your CISO asks for a report demonstrating that your FM application complies with GDPR Article 22 (automated decision-making). What four categories of documentation would you produce, and which AWS services provide the underlying data for each?