feat(aws): add bedrock_prompt_management_exists security check

[danibarranqueroo]

Context

Without centralized Prompt Management, prompts used with Bedrock foundation models are scattered across applications with no oversight, increasing the risk of prompt injection attacks, inconsistent model behavior, and a lack of auditability over instructions sent to models. Attackers or malicious insiders could exploit ungoverned prompts to manipulate model outputs, bypass safety controls, or exfiltrate sensitive information through crafted inputs.

Description

This check verifies whether Amazon Bedrock Prompt Management is actively being used by checking for the existence of managed prompts in each enabled region. It reports a PASS if at least one managed prompt exists in the region, indicating that prompt governance and standardization practices are in place, and a FAIL if no managed prompts are found. The recommended remediation is to adopt Bedrock Prompt Management to centralize prompt definitions, enforce versioning, and apply least-privilege access controls to restrict who can create or modify prompts.

Steps to review

1. Review the check implementation at prowler/providers/aws/services/bedrock/bedrock_prompt_management_exists/
2. Review the metadata file for correct severity, remediation, and compliance mappings
3. Review compliance framework mappings in prowler/compliance/aws/ to ensure the check is correctly mapped to relevant requirements
4. Run the check tests: poetry run pytest tests/providers/aws/services/bedrock/bedrock_prompt_management_exists/ -v
5. Run the check against a real environment (if possible):

   prowler aws --check bedrock_prompt_management_exists

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes
  • If so, do we need to update permissions for the provider? Please review this carefully.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

Compliance Mapping Review

This PR adds new checks. Please verify that they have been mapped to the relevant compliance framework requirements.

New checks already mapped in this PR

• bedrock_prompt_management_exists (aws): kisa_isms_p_2023_aws, kisa_isms_p_2023_korean_aws

Use the no-compliance-check label to skip this check.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 7.71%. Comparing base (86449fb) to head (44f39c0).
⚠️ Report is 2 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (86449fb) and HEAD (44f39c0). Click for more details.

HEAD has 6 uploads less than BASE

Flag	BASE (86449fb)	HEAD (44f39c0)
prowler-py3.11-vercel	1	0
prowler-py3.10-vercel	1	0
prowler-py3.12-vercel	1	0
prowler-py3.11-lib	1	0
prowler-py3.10-lib	1	0
prowler-py3.12-lib	1	0

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #10878       +/-   ##
===========================================
- Coverage   71.60%    7.71%   -63.89%     
===========================================
  Files         153      850      +697     
  Lines        9280    24669    +15389     
===========================================
- Hits         6645     1904     -4741     
- Misses       2635    22765    +20130     

Flag	Coverage Δ
prowler-py3.10-aws	7.71% <100.00%> (?)
prowler-py3.10-lib	?
prowler-py3.10-vercel	?
prowler-py3.11-aws	7.71% <100.00%> (?)
prowler-py3.11-lib	?
prowler-py3.11-vercel	?
prowler-py3.12-aws	7.71% <100.00%> (?)
prowler-py3.12-lib	?
prowler-py3.12-vercel	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	7.71% <100.00%> (-63.89%)	⬇️
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔒 Container Security Scan

Image: prowler:7f045b5
Last scan: 2026-05-04 08:21:47 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[HugoPBrito]

The PR title and description refer to bedrock_prompt_management_in_use, but the actual check (directory, file, ID, changelog entry, and compliance mappings) is named bedrock_prompt_management_exists. Could we align these before merging? My preference would be _in_use, since it matches the convention used by sibling Bedrock checks like bedrock_guardrails_configured and bedrock_model_invocation_logging_enabled, and it reads more naturally as a security control than _exists.

[HugoPBrito]

Quick question on permissions: this check introduces a new bedrock:ListPrompts API call via the bedrock-agent client, but I don't see the AWS provider's IAM permissions / docs being updated, and the "do we need to update permissions for the provider?" item in the PR template is left unchecked. Should bedrock:ListPrompts be added to the audit role permissions JSON and/or the documented least-privilege policy? Otherwise users running Prowler with a tightly scoped role will hit AccessDenied and silently get no findings for this check.

[danibarranqueroo]

The PR title and description refer to bedrock_prompt_management_in_use, but the actual check (directory, file, ID, changelog entry, and compliance mappings) is named bedrock_prompt_management_exists. Could we align these before merging? My preference would be _in_use, since it matches the convention used by sibling Bedrock checks like bedrock_guardrails_configured and bedrock_model_invocation_logging_enabled, and it reads more naturally as a security control than _exists.

Related to this, the check was renamed because it actually does not verify if the prompt management is being used or properly configured, it just verify that in each specific region the prompt management has one prompt configured, maybe in use is enough and we can go back to the old name.

[danibarranqueroo]

Quick question on permissions: this check introduces a new bedrock:ListPrompts API call via the bedrock-agent client, but I don't see the AWS provider's IAM permissions / docs being updated, and the "do we need to update permissions for the provider?" item in the PR template is left unchecked. Should bedrock:ListPrompts be added to the audit role permissions JSON and/or the documented least-privilege policy? Otherwise users running Prowler with a tightly scoped role will hit AccessDenied and silently get no findings for this check.

Not needed on this branch. Even though the check uses the bedrock-agent client, the required IAM action is bedrock:ListPrompts, and that is already covered by Prowler’s existing AWS permissions via bedrock:List* and bedrock:Get* in the scan role template / additions policy. So no extra audit-role or least-privilege policy update is required for this check.

[pedrooot]

Thanks for this! 🥇