Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
Integrations · Amazon Bedrock

Attest any foundation model on Bedrock.

Claude, Llama, Mistral, Titan, Cohere, Jamba. One wrapper around the Bedrock Runtime client turns every invocation into signed, IAM-aware evidence.

A standardized attestation layer across Amazon Bedrock's multiple foundation model providers — four API methods, every provider, one evidence pipeline.

Four methods, every provider

The integration covers InvokeModel, InvokeModelWithResponseStream, Converse, and ConverseStream across every provider published on Bedrock. Uses existing IAM roles and AWS KMS customer-managed keys; PrivateLink routing keeps traffic within cloud boundaries. No additional egress points or credentials required.

python
import boto3
import veridra

client = boto3.client("bedrock-runtime", region_name="us-east-1")
wrapped = veridra.wrap_bedrock(client, system_id="fraud-risk-v2")

resp = wrapped.converse(
    modelId="anthropic.claude-sonnet-4-v1:0",
    messages=[{"role": "user", "content": [{"text": "..."}]}],
)

What Veridra captures

Provider-normalized payloads

Different Bedrock providers use distinct schemas; Veridra normalizes these into canonical form while preserving raw payloads for replay accuracy. A decision signed against Claude on Bedrock is comparable, byte for byte, to the same decision signed against Mistral on Bedrock.

Converse API semantics

Full support for the unified Converse and ConverseStream APIs, including tool configuration, guardrail identifiers, system blocks, and inference configuration.

Bedrock Guardrails

Guardrail intervention records — PII redactions, topic blocks, content filters — are signed alongside model exchanges. The intervention itself becomes evidence.

IAM and account context

Caller IAM role ARN, account id, region, and Bedrock model ARN captured for compliance frameworks like FedRAMP and ISMAP.

Deployment

Implementation uses standard AWS SDKs (boto3, JavaScript, Go, Java) with the wrapper call veridra.wrap_bedrock(client, system_id="..."). Deployment requires two Terraform resources: an IAM policy granting the Veridra signer role kms:Sign, and a PrivateLink endpoint in workload VPCs.

  • Single wrapper across all Bedrock providers — no provider-specific code paths.
  • Compatible with Bedrock Agents (action groups, knowledge bases).
  • VPC-endpoint policies can restrict traffic to specific AWS accounts.
  • The signing key remains customer-controlled — the Veridra signer role has kms:Sign only against the designated CMK.
Vendor switches as policy events
Provider changes don't break the audit trail
When a customer migrates from one Bedrock provider to another (Llama → Claude, Titan → Mistral), the switch registers as a signed policy event in Govern. Attest's provider-normalized evidence prevents audit trail breaks during transitions. Watch compares metric distributions pre- and post-migration so the cutover itself is evidenced.
AWS-native custody
KMS, IAM, CloudTrail — all yours
Signing keys sit in your AWS KMS under your CMK policies. The Veridra signer role has only the minimum IAM permissions. CloudTrail gives you a line-item record of every kms:Sign Veridra requested. If you revoke the role, signing stops immediately — and that stop is itself a signed log entry in your tenant transparency log.
Talk to an engineer Azure AI & Vertex Anthropic integration