AWS Certified AI Practitioner · Domain 5 · ~14%

Security, Compliance & Governance

Protecting AI workloads, data, and prompts; meeting compliance expectations; operating governance on AWS—per AIF-C01 public outline.

← → · Space

5.1 · Foundation

Shared responsibility for AI on AWS

AWS secures the cloud (facilities, hypervisor, regional services). Customers secure in the cloud: IAM policies, encryption choices, VPC design, data classification, application prompts, and model configuration.

flowchart TB
  AWS[AWS: infrastructure platform compliance] --- CUST[Customer: data IAM app config prompts]

Definitions

Defense in depth: Layer controls (identity, network, encryption, logging) so no single failure exposes the system.

5.1 · Identity & access

IAM for AI systems

Use least privilege roles for training jobs, inference endpoints, Lambda callers of Bedrock, and human operators. Separate data-access policies from model-invoke policies where possible.

Definitions

Service role: An IAM role an AWS service assumes to access S3, KMS keys, or other resources on your behalf.
Resource-based policy: Attached to resources (e.g. some model endpoints, buckets) defining who may access them—pairs with identity policies.

5.1 · Data protection

Encryption · Macie · PrivateLink

AWS KMS — customer-managed keys for sensitive training and artifact stores
Encryption at rest/in transit — defaults and mandatory TLS for APIs
Amazon Macie — discover and protect sensitive data (PII) in S3-scale repositories
AWS PrivateLink — private connectivity to AWS services without public internet exposure

Definitions

Data lineage: Traceability from raw datasets through features to model versions—supports audits and incident response.

5.1 · Documentation

Model Cards · catalogs · citations

SageMaker Model Cards and enterprise data catalogs document provenance, intended use, and evaluation results. GenAI apps should cite retrieved sources when claiming facts.

Definitions

Source citation: Linking generated statements to retrieval chunks or policy documents—reduces unsupported claims.

5.1 · Secure engineering

Data quality · privacy · integrity

Assess data quality, enforce access control on feature stores and vector indexes, and guard against poisoned uploads into RAG corpora.

Exam angle: Connect “vector store in OpenSearch” with fine-grained access and logging—not world-readable indexes for regulated data.

Definitions

Prompt injection: Untrusted input that manipulates model behavior—mitigate with isolation, tooling boundaries, and monitoring.

5.1 · Operations

Threat detection & monitoring

Combine CloudTrail (API audit), Amazon Inspector (workload vulnerabilities, where used), AWS Config (configuration compliance rules), and service-native logs for Bedrock/SageMaker to detect misuse.

5.2 · Compliance

Standards and assurance

Organizations map AI systems to programs like ISO family controls and SOC reports. Some jurisdictions emphasize algorithmic accountability—document decisions, testing, and oversight (high-level exam concept).

Definitions

AWS Artifact: Portal for on-demand compliance reports and agreements from AWS.

5.2 · Governance services

Audit Manager · Trusted Advisor

AWS Audit Manager helps collect evidence for audits continuously. AWS Trusted Advisor surfaces cost, fault tolerance, and security best-practice checks—useful hygiene, not a substitute for full AI risk review.

5.2 · Data governance

Lifecycle · residency · retention

Define policies for where data lives (Regions), how long it is retained, who can access embeddings and fine-tune datasets, and mandatory logging for sensitive invocations.

flowchart LR
  POL[Policies and standards] --> REV[Periodic review cadence]
  REV --> LOG[Logging monitoring evidence]

Frameworks such as the Generative AI Security Scoping Matrix (AWS discussion materials) help teams structure reviews across data, model, and application layers.

5.2 · People & process

Governance cadence

Governance is not only tools: policies, review boards, training for builders and operators, and clear escalation for model incidents.

Reference

Domain 5 glossary

Shared responsibility: AWS vs customer security duties.
IAM · KMS · TLS: Access; keys; transport encryption.
Macie · PrivateLink: Sensitive data discovery; private service access.
CloudTrail · Config · Audit Manager · Artifact: Audit logs; drift rules; evidence automation; compliance downloads.
Lineage · Model Card · retention: Provenance docs; regulated lifecycles.
Prompt injection: App-layer threat for LLM systems.

Recap

You finished all five domains

List three customer responsibilities under the shared responsibility model for AI
Match Macie vs PrivateLink vs KMS to a business problem
Name two services that support audit evidence collection
Explain why vector/RAG data stores need access control and logging
Define data residency vs retention in one line each

Use the separate 50-question practice exam HTML in this folder for mixed review.