Setting Up Private Access to Amazon Bedrock with AWS PrivateLink
Introduction:
Amazon Bedrock, a fully managed service provided by AWS, allows developers to access and customize foundation models (FMs) for generative AI applications. With Amazon Bedrock, developers can build and scale AI applications without managing infrastructure. The service offers various FMs from Amazon and leading AI startups. It also provides a private connection through VPC endpoints for secure data access. This article demonstrates how to set up private access to Amazon Bedrock APIs using VPC endpoints and secure your generative AI applications with your own data.
Full News:
Setting Up Private Access to Amazon Bedrock APIs with Amazon VPC Endpoints
Amazon Bedrock is a powerful tool provided by AWS that allows developers to access foundation models (FMs) and customize them for specific applications. With this fully managed service, developers can build and scale generative AI applications using FMs through an API, without the need to manage infrastructure. In addition to models from Amazon, developers can also choose from FMs by leading AI startups such as AI21 Labs, Anthropic, Cohere, and Stability AI to find the best fit for their use case.
To ensure the security of their data when accessing Amazon Bedrock APIs, customers are looking for a way to set up a data perimeter without exposing their data to the internet. This helps to mitigate potential threat vectors from internet exposure. The solution to this is the Amazon Bedrock VPC endpoint powered by AWS PrivateLink. This endpoint allows customers to establish a private connection between their VPC and the Amazon Bedrock service account, enabling communication between VPC instances and service resources without the need for public IP addresses.
In this article, we will demonstrate how to set up private access to Amazon Bedrock APIs over VPC endpoints powered by PrivateLink. This setup will allow you to build generative AI applications securely with your own data.
Solution Overview
Generative AI can be used for a wide range of applications, including text summarization, content moderation, and more. When building these applications using FMs or base models, customers often need to generate responses without going over the public internet or based on their proprietary data that may reside in their enterprise databases.
The architecture we will use to set up the infrastructure is illustrated in the diagram below. It shows how to read proprietary data residing in Amazon Relational Database Service (Amazon RDS) and augment the Amazon Bedrock API request with product information when answering product-related queries from the generative AI application.
[INSERT DIAGRAM HERE]
Please note that while we will use Amazon RDS for illustration purposes, you can test the private access of the Amazon Bedrock APIs end to end using the instructions provided in this article.
The workflow steps are as follows:
1. AWS Lambda running in your private VPC subnet receives the prompt request from the generative AI application.
2. Lambda makes a call to the proprietary RDS database and augments the prompt query context, for example, by adding product information.
3. Lambda then invokes the Amazon Bedrock API with the augmented query request.
4. The API call is routed to the Amazon Bedrock VPC endpoint associated with the VPC endpoint policy that allows permissions for Amazon Bedrock APIs.
5. The Amazon Bedrock service API endpoint receives the API request over PrivateLink without traversing the public internet.
To validate that Amazon Bedrock APIs calls are denied, you can change the Amazon Bedrock VPC endpoint policy to deny permissions. You can also privately access Amazon Bedrock APIs over the VPC endpoint from your corporate network through an AWS Direct Connect gateway.
Prerequisites
Before you begin, ensure that you have the following prerequisites:
1. An AWS account
2. An AWS Identity and Access Management (IAM) federation role with sufficient access privileges
3. A specified foundation model access via the Amazon Bedrock console
4. The us-east-1 Region specified
Set Up the Private Access Infrastructure
To set up the necessary infrastructure, such as VPC, private subnets, security groups, and Lambda function, you can use the provided AWS CloudFormation template. This template will create the required resources, including:
1. A VPC with two private subnets in separate Availability Zones
2. Security groups and routing tables
3. IAM role and policies for Lambda, Amazon Bedrock, and Amazon EC2
Please refer to the template named “Bedrock-GenAI-Stack” to create the infrastructure stack in your AWS account.
Set Up the VPC Endpoint for Amazon Bedrock
To establish a private connection between your VPC and Amazon Bedrock, follow these steps:
1. Navigate to the Amazon VPC console and select “Endpoints” under the “Virtual private cloud” section in the navigation pane.
2. Click “Create endpoint.”
3. Enter “bedrock-vpce” as the name tag.
4. Under Services, search for “bedrock-runtime” and select the relevant option for your region (e.g., com.amazonaws.us-east-1.bedrock-runtime).
5. Specify the VPC created through the CloudFormation stack in the previous step as the VPC for the endpoint.
6. Choose the desired subnets and corresponding subnet IDs from the drop-down menu.
7. Select the security group that allows TLS for the VPC endpoint. This security group will only allow traffic originating from the security group attached to your VPC private subnets, adding an extra layer of protection.
8. Click “Create endpoint.”
Once created, the interface endpoint may take up to 2 minutes to be available. You can refresh the page to check the status.
Set Up the Lambda Function Over Private VPC Subnets
To configure the Lambda function, follow these steps:
1. Go to the Lambda console and select “Functions” in the navigation pane.
2. Choose the appropriate function for your purpose, such as “gen-ai-lambda-stack-BedrockTestLambdaFunction-XXXXXXXXXXXX.”
3. On the Configuration tab, select “Permissions” in the left pane.
4. Under Execution role, click the link for the relevant role.
5. You’ll be redirected to the IAM console. In the Permissions policies section, click “Add permissions” and then “Create inline policy.”
6. Modify the policy on the JSON tab to allow the necessary actions for Lambda, such as creating network interfaces, describing network interfaces, deleting network interfaces, and managing VPC endpoints.
7. Click “Next” and provide a name for the policy (e.g., “enivpce-policy”). Then click “Create policy.”
8. Add another inline policy to restrict Lambda access to Amazon Bedrock APIs only via VPC endpoints. Provide the source VPC endpoints in the policy to ensure access control.
9. Save the changes.
Test Private Access Controls
To test the private access controls for Amazon Bedrock APIs over VPC endpoints, follow these steps:
1. Go to the Lambda console and select “Functions” in the navigation pane.
2. Choose the relevant function, such as “gen-ai-lambda-stack-BedrockTestLambdaFunction-XXXXXXXXXXXX.”
3. On the Code tab, click “Test.”
4. You should see a successful response from the Amazon Bedrock API call.
5. To deny access, go to the Amazon VPC console and select “Endpoints” under “Virtual private cloud” in the navigation pane.
6. Find your policy and navigate to the Policy tab. Change the policy from “Allow” to “Deny” and save the changes.
By following these steps, you can set up private access to Amazon Bedrock APIs using Amazon VPC endpoints powered by AWS PrivateLink. This ensures the secure and efficient communication between your VPC and Amazon Bedrock, allowing you to build generative AI applications with ease.
Remember to thoroughly test and validate your setup to ensure the desired level of security and functionality. Following AWS best practices and utilizing available resources will help you optimize your solution and achieve the desired results.
Conclusion:
In conclusion, Amazon Bedrock, a fully managed service provided by AWS, offers developers access to foundation models and tools for building and scaling generative AI applications. With the help of the Amazon Bedrock VPC endpoint powered by PrivateLink, developers can establish a private connection between their VPC and the Amazon Bedrock service account, ensuring secure access to generative AI models without exposing their data to the internet. By following the step-by-step instructions provided, developers can set up private access to Amazon Bedrock APIs, test the connectivity, and build innovative generative AI applications using their own data.
Frequently Asked Questions:
1. What is AWS PrivateLink?
AWS PrivateLink is a networking technology that allows you to securely access services hosted on AWS privately, without the need for internet gateways or exposing your resources to the public internet.
2. How does AWS PrivateLink work?
AWS PrivateLink creates a private network connection between your VPC and the AWS service you wish to access privately. This connection is achieved using AWS PrivateLink endpoints, which act as a proxy, routing traffic securely within the AWS network.
3. What are the benefits of using AWS PrivateLink?
Using AWS PrivateLink offers several benefits, including enhanced security by keeping your traffic within the AWS network, reduced exposure to threats from the public internet, improved network performance, and simplified network architectures without the need for VPN connections or NAT gateways.
4. How can I use AWS PrivateLink with Amazon Bedrock?
To set up private access to Amazon Bedrock using AWS PrivateLink, you would first create a VPC endpoint for the required Bedrock service, such as Amazon Elastic Container Service (ECS). Then, associate the VPC endpoint with the target VPC, configure relevant route tables, and update security groups to allow traffic through the endpoint.
5. Do I need to make any changes to my application code to use AWS PrivateLink?
In most cases, no changes to your application code are required when using AWS PrivateLink. Your application will simply communicate with the AWS service endpoints using the standard APIs or SDKs provided by the service.
6. Can I use AWS PrivateLink across different AWS accounts?
Yes, AWS PrivateLink can be used to establish private connectivity between services in different AWS accounts, as long as appropriate VPC peering or cross-account IAM permissions are set up.
7. Is the traffic between my VPC and the AWS service encrypted?
Yes, all traffic between your VPC and the AWS service through AWS PrivateLink is automatically encrypted using AWS-managed SSL/TLS certificates.
8. Are there any additional costs associated with using AWS PrivateLink?
There are no additional charges for using AWS PrivateLink itself. However, standard charges for data transfer, VPC endpoints, and the specific AWS services you are using still apply.
9. Can I monitor and log the traffic flowing through my AWS PrivateLink connections?
Yes, AWS provides various monitoring and logging options through AWS CloudTrail and Amazon CloudWatch, allowing you to track and analyze traffic patterns and troubleshoot any issues that may arise.
10. Is AWS PrivateLink available in all AWS regions and for all services?
AWS PrivateLink is available in most AWS regions and supports a wide range of AWS services. However, it’s always a good idea to check the AWS documentation for the specific service you are interested in to ensure that PrivateLink is supported.
