The scenario
A startup shipped a Bedrock-backed customer-support assistant fast. It calls
Amazon Nova Lite (amazon.nova-lite-v1:0) with a system prompt that includes
some "internal notes" — never meant for customers — and simply tells the model
not to repeat them. That's it. No independent control backs up that instruction.
Your job: prove the leak, then close it.
What you'll do
First you'll break it — prompt-inject the assistant into revealing the restricted notes (this step just proves the vulnerability; it isn't graded). Then you'll close three real gaps: no Guardrail, an over-broad invoke role, and no invocation logging — and verify each fix with Check my work (panel on the right).
Launch the lab (panel on the right) to spin up your own isolated AWS account — the full step-by-step walkthrough unlocks the moment it's ready.
Your step-by-step walkthrough
Hit Launch lab on the right — your own isolated AWS account spins up and the full guide opens right here, with 🖱️ Console and ⌨️ CLI for every fix.
- 1Meet the assistant
- 2Break it: prompt-inject the assistant
- 3Fix it: create and attach a Bedrock Guardrail
- 4Fix it: scope the invoke role to least privilege
- 5Fix it: turn on model-invocation logging
- 6Verify: the injection is blocked
- Check my work — auto-graded against your live account