Automating Compliance Workflows: Leveraging AI and Browser Automation with Amazon Bedrock

Streamlining Audit Processes for Efficiency and Accuracy

Introduction to Compliance Audits and Automation

Solution Overview

Architecture of the System

UI Layer

AI Agent Layer

Workflow Engine

Storage and Services

AI-Powered Workflow Designer

Prerequisites

Deployment and Setup

Browser Extension Configuration

Solution Demo

Automated Workflow Execution

Clean Up

Conclusion

About the Authors

Automating Compliance Audits with AI-Powered Workflows

Compliance audits are a necessary but often burdensome process for organizations. The requirement for a comprehensive evidence trail can lead compliance teams to spend countless hours manually navigating through various systems, from GitHub repositories to AWS consoles. This labor-intensive method is time-consuming, prone to errors, and can vary significantly from one audit cycle to another. In this blog post, we will explore how we have automated audit workflows using Amazon Bedrock and browser automation, making the entire process more efficient and reliable.

The Challenge of Manual Compliance Audits

Gathering evidence for compliance involves capturing hundreds of screenshots, often across multiple platforms. Compliance teams are tasked with manually navigating systems, taking screenshots at each step, and hoping nothing is missed or misconfigured along the way. This not only consumes valuable time but also can invite inconsistencies and inaccuracies, risking compliance breaches.

Our Automated Solution

We developed a browser extension designed to streamline evidence collection through pre-defined compliance workflows. By leveraging Amazon Bedrock’s Amazon Nova 2 Lite model, our extension can execute workflows automatically, capturing timestamped screenshots, analyzing compliance documents, and generating new workflows via natural language processing (NLP). Here, we will outline how to implement a similar system in your organization, discussing the architecture, implementation, and deployment process.

Solution Overview

Our solution uses a browser extension for Chrome and Firefox that integrates various features:

1. Evidence Collector: Executes workflows, navigating through web applications, taking timestamped screenshots, and storing evidence in Amazon S3.
2. AI-Powered Workflow Designer: Communicates with Amazon Bedrock to analyze uploaded compliance documents and generates executable workflow JSON.
3. Report Delivery: After a workflow reaches completion, Amazon Simple Email Service (SES) sends a compliance report to designated email addresses.

On the infrastructure side, two AWS Lambda functions manage initial prompts and bucket cleanup. Amazon Cognito ensures secure user authentication and authorization, maintaining a least-privilege access model for compliance evidence gathering.

Architecture

Understanding the architectural framework is crucial for deploying this solution effectively. The browser extension is structured in four layers:

1. UI Layer: This includes a conversational chat interface for compliance inquiries, a workflow management panel, and an authentication UI for Amazon Cognito login.

2. AI Agent Layer: Utilizing Amazon Nova 2 Lite, this layer operates in three modes:

   • Chat Mode: Allows for ad-hoc questions and quick automation.
   • Designer Mode: Creates new workflows by analyzing compliance texts.
   • Report Generation Mode: Generates comprehensive compliance reports after workflow execution.

3. Workflow Engine: This engine processes workflow JSON, manages navigation and screenshot capture, and includes intelligent error recovery to suggest alternatives if any steps fail.

4. Storage and Services: Amazon S3 stores evidence in a structured folder hierarchy, including screenshots, workflows, chat logs, and audit trails.

AI-Powered Workflow Designer

One of the critical components of our solution is the AI-powered workflow designer. It solves the challenge of quickly creating workflows from compliance documents by analyzing a text file and generating executable workflows in JSON format.

Follow these three steps:

1. Document Upload: Submit a text file of compliance requirements.
2. AI Analysis: The system identifies evidence points and systems to evaluate.
3. Workflow Generation: The AI produces a complete workflow JSON ready for execution.

Deployment Process

To set up this automated solution, begin by cloning the GitHub repository:

git clone https://github.com/aws-samples/sample-ai-powered-compliance-evidence-collector
cd sample-ai-powered-compliance-evidence-collector

Utilize the provided AWS CloudFormation template to deploy the full infrastructure. Ensure you customize the template with your email addresses and desired browser configurations.

After setting up your AWS infrastructure, you’ll need to configure the browser extension for both Chrome and Firefox. This process includes installing necessary dependencies, building the extension, and configuring it with appropriate AWS credentials.

Demonstration of Workflow Execution

Let’s walk through a typical audit workflow. For this example, we will use the extension to conduct an AWS IAM Access Review:

1. Open the browser extension and choose the Evidence Collector.
2. Select the desired workflow and start execution.
3. The workflow navigates to the AWS IAM console and prompts for login.
4. Once authenticated, the extension captures and uploads screenshots of relevant content, organizing them neatly in S3.
5. At completion, the extension generates a compliance report and sends it via email.

Clean Up

Once testing and development are complete, you can delete the CloudFormation stack to remove resources:

aws cloudformation delete-stack --stack-name evidence-collector --region us-east-1

Conclusion

In this post, we showcased how to automate compliance evidence collection by building an AI-powered system that leverages Amazon Bedrock and browser automation. The solution provides a robust framework for executing workflows seamlessly, adapting to modern web applications while ensuring consistent evidence capture. Deploy the CloudFormation stack today, customize workflows to your organization’s needs, and streamline your compliance audits significantly.

About the Authors

Ravi Kumar is a Senior Technical Account Manager at AWS with over 20 years of experience in IT, focusing on generative AI applications in cloud computing.

Salman Ahmed specializes in guiding organizations in implementing AWS solutions, blending networking expertise with a passion for new technologies.

Sergio Barraza has over 25 years of software development experience, assisting customers in optimizing their cloud solutions while enjoying music and martial arts in his free time.