Self-Hosted AI/ML Security & Governance Best Practices

This conformance pack is intended to provide a baseline of security configurations for self-hosted AI/ML workloads (inclusive of AI, ML, generative AI, agentic AI, and physical AI) running on AWS compute, storage, and networking infrastructure. Expected to be deployed in conjunction with the AI/ML Security & Governance Supporting Infrastructure Best Practices conformance pack. For a list of all managed rules supported by AWS Config, see List of AWS Config Managed Rules.

See the Parameters section in the following template for the names and descriptions of the required parameters.

The template is available on GitHub: Self-Hosted AI/ML Security & Governance Best Practices.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Security Best Practices for AWS WAF

Example Templates with Remediation Action