Mapping HIPAA and GLBA requirements to AWS services, from WAF perimeters and VPC segmentation to KMS rotation, Bedrock Guardrails, and S3 Object Lock audit trails.