feat(aws): add bedrock_prompt_encrypted_with_cmk security check

[danibarranqueroo]

Context

Amazon Bedrock prompts managed via Prompt Management can contain sensitive instructions, business logic, and references to downstream tooling. When a prompt is left with the AWS-owned default key, the tenant has no control over the key policy that governs decrypt permissions, no control over rotation cadence, and no auditable trail tied to a customer-managed KMS key. Multiple frameworks (ISO 27001 A.8.24, NIST CSF PR.DS-1, KISA-ISMS-P 2.7.2) require customer-managed cryptographic keys for sensitive data at rest, so prompts encrypted only with the default key create both a control gap and a compliance gap.

Description

This check verifies that each Amazon Bedrock prompt is encrypted at rest with a customer-managed KMS key (CMK). For every prompt collected from ListPrompts, the service layer calls GetPrompt and reads customerEncryptionKeyArn. The check reports a PASS when that ARN is present and a FAIL when it is absent (i.e. the prompt falls back to the AWS-owned key). The recommended remediation is to call bedrock-agent update-prompt --customer-encryption-key-arn <kms_key_arn> against an org-controlled CMK whose key policy is scoped to the principals that legitimately need to author or invoke prompts.

This PR also extends BedrockAgent in bedrock_service.py with a _get_prompt threading call and adds customer_encryption_key_arn to the Prompt model. The _list_prompts collection is kept aligned with #10878 (same shape, same defensive accessors, same prompt_scanned_regions tracking, no audit_resources filtering) so the two PRs compose cleanly: regardless of merge order, the second one only contributes its additive piece without conflicting on the shared scaffolding.

Note on previous direction

This branch originally implemented bedrock_prompt_have_multiple_variants. That check was dropped after review — the AWS [CreatePrompt(https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreatePrompt.html) and
GetPrompt APIs both cap the variants array at "Maximum 1 item", which made the original PASS condition (len(variants) > 1) unreachable in real AWS and the resilience-control compliance mappings unsupportable. Pivoting to CMK encryption preserves the per-prompt scaffolding while moving the check onto an attribute the API actually persists, with compliance mappings that align cleanly to data-at-rest controls.

Steps to review

1. Review the check implementation at prowler/providers/aws/services/bedrock/bedrock_prompt_encrypted_with_cmk/
2. Review the metadata file for correct severity, remediation, and compliance mappings
3. Review the changes to prowler/providers/aws/services/bedrock/bedrock_service.py — confirm that _list_prompts is byte-identical to the version proposed in
   #10878 and that _get_prompt + customer_encryption_key_arn are purely additive
4. Review compliance mappings: ISO 27001 A.8.24 (Use of Cryptography), NIST CSF PR.DS-1 (Data-at-rest is protected), KISA-ISMS-P 2.7.2 (Cryptographic Key Management) — and confirm the
   resilience-control mappings from the previous direction are removed
5. Run the check tests: poetry run pytest tests/providers/aws/services/bedrock/bedrock_prompt_encrypted_with_cmk/ -v
6. Run the check against a real environment (if possible):

prowler aws --check bedrock_prompt_encrypted_with_cmk

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes
  • If so, do we need to update permissions for the provider? Please review this carefully.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

Compliance Mapping Review

This PR adds new checks. Please verify that they have been mapped to the relevant compliance framework requirements.

New checks already mapped in this PR

• bedrock_prompt_encrypted_with_cmk (aws): c5_aws, ccc_aws, csa_ccm_4.0_aws, iso27001_2022_aws, kisa_isms_p_2023_aws, kisa_isms_p_2023_korean_aws, nis2_aws, nist_csf_2.0_aws

Use the no-compliance-check label to skip this check.

[codecov]

Codecov Report

❌ Patch coverage is 95.23810% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 7.72%. Comparing base (380b89c) to head (9701c2d).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10905      +/-   ##
==========================================
+ Coverage    6.61%    7.72%   +1.10%     
==========================================
  Files         849      850       +1     
  Lines       24579    24621      +42     
==========================================
+ Hits         1627     1901     +274     
+ Misses      22952    22720     -232     

Flag	Coverage Δ
prowler-py3.10-aws	7.72% <95.23%> (+1.10%)	⬆️
prowler-py3.11-aws	7.72% <95.23%> (+1.10%)	⬆️
prowler-py3.12-aws	7.72% <95.23%> (+1.10%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	7.72% <95.23%> (+1.10%)	⬆️
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔒 Container Security Scan

Image: prowler:347f237
Last scan: 2026-04-29 11:08:05 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy