Sold by: Mphasis
Deployed on AWS
RBAC layer for GenAI chatbots: Secure every end-user natural language interaction with role-based, policy-driven authorization
Overview
In modern conversational systems (GenAI chatbots), service requests expressed in natural language must be interpreted to identify both the resource an end user wants to access and the action they intend to perform. This agent takes a user query and an access token (from Amazon Cognito), uses an LLM to extract the intended action and resource, and then evaluates the request through Amazon Verified Permissions (AVP). With AVP as the central authorization engine - backed by Cognito as the identity source and Cedar-based policy definitions -the agent delivers consistent, policy-driven RBAC enforcement.
Designed to run alongside other agents within AWS Agents for Bedrock, this RBAC enforcement agent can serve as the front-facing authorization layer for GenAI applications, helping developers ensure compliance and deliver secure, end-user-aware conversational experiences.
Highlights
- In UI-based systems, resources and actions are well-defined through buttons, forms, and APIs, making it straightforward to enforce RBAC. In LLM based chatbots, the same information is buried in unstructured natural language, creating the challenge of accurately extracting intent before authorization can even happen. Our solution is designed to address this challenge.
- This authorization agent combines LLM powered intent extraction with enterprise-grade access control to secure end-user natural language interactions. It converts user queries into structured action - resource pairs and evaluates them against fine-grained Cedar policies via Amazon Verified Permissions (AVP). With native integration to Amazon Cognito, end-user identities flow directly from access tokens into the authorization logic, ensuring compliant and centrally managed access decisions.
- With every industry moving towards the fast-paced adoption of Generative AI, taking the right steps in your digital transformation journey is even more critical. Whether it is accelerating innovation, improving productivity, bringing in process efficiencies, or increasing revenue, we can help you evaluate if Gen AI is the technology of choice to help you achieve your business objective. Our consulting service enables you to offer personalized experiences and explore newer business models.
Details
Sold by
Categories
Delivery method
Type
Supported services
Delivery option
RBAC Agent for end user
Latest version
Operating system
Linux
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/request |
|---|---|---|
GenAI RBAC Authorizer | The API takes the Natural language query and returns the Allow/Deny flag for the request | $0.01 |
Vendor refund policy
Currently we do not support refunds, but you can cancel your subscription to the service at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
RBAC Agent for end user
Supported services: Learn more
- Amazon Bedrock AgentCore
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
Release version 1.
Additional details
Usage instructions
Refer to the instructions mentioned here: https://github.com/Mphasis-ML-Marketplace/RBAC-Enforcement-Agent-for-End-Users/blob/main/RBAC%20for%20conversational%20systems.pdf
Resources
Vendor resources
Support
Vendor support
For any assistance reach out to us at:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Agent ITOps is an AI-powered, natural language–driven IT operations platform built on AWS. It enables enterprise teams to execute complex IT tasks through a secure, chat-based interface powered by Amazon Bedrock and containerized agents running on Amazon EKS. With Agent Mode, operators simply describe actions in plain language—such as scaling infrastructure, applying patches, resolving incidents, or updating configurations—and the system automatically interprets, plans, and executes them with full policy enforcement and real-time feedback. Agent ITOps reduces manual effort, accelerates incident resolution, eliminates scripting overhead, and ensures all changes are secure, auditable, and compliant across hybrid cloud environments.
RBAC Management Suite Container for WebApps Turnkey role-based access control to enhance security and streamline user permissions.
Up-to-date, customizable, and secure. kube-rbac-proxy is an HTTP proxy that can perform RBAC authorization against the Kubernetes API based on the SubjectAccessReview authorization resource.
Evaluate privacy awareness with RBAC for an LLM based chatbot such that responses to information seeking queries respect access controls.
This is a repackaged open source software product wherein additional charges apply for patching the operating system and the maintenance provided by Kurian. This AMI has Keycloak installed as a service with PostgreSQL as the backend database.
Choose AMI for the target OS and version.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.