Amazon Bedrock: Pioneering AI with Foundational Models

Amazon Bedrock: Pioneering AI with Foundational Models

Amazon Bedrock simplifies building scalable generative AI apps by offering access to foundational models and APIs from Amazon and top AI startups

Published Jan 18, 2024


Amazon Bedrock is a comprehensive management service designed to utilize foundational models, providing a unified API set for accessing models from Amazon and third-party sources, serving both text and image creation.
LangChain offers convenient functionalities for interacting with Amazon Bedrock’s models and related services like the vector database. It provides libraries in Python and JavaScript, and for the purpose of this workshop, we will be using the Python version of LangChain.
Streamlit helps us quickly develop web interfaces for our Python code, eliminating the need for front-end development skills. Streamlit is particularly useful for creating concept demonstration applications that can be shared with a wide audience, from technical to non-technical.
In this workshop, we will use LangChain to develop AI creation prototypes by leveraging Amazon Bedrock. The provided source code will guide attendees in building a powerful natural SQL query tool, powered by GenAI through Amazon Bedrock. This tool is intended for business users, including those who may not be skilled in writing SQL but have business knowledge about the enterprise, with limited technical knowledge.

Creating an AWS Cloud9 Environment

  • Click the Create environment button located in one of the following places:
    • If you do not have any AWS Cloud9 environments yet, this button is displayed on the welcome page.
    • If you already have AWS Cloud9 environments, the button appears as follows.
  • On the Create environment page, fill in:
    • Name: The name for your environment.
    • Description: A description of the environment. Example: “This environment is for AWS Cloud9 tutorials.”
  • Choose Environment type:
    • New EC2 instance: Create a new EC2 instance that AWS Cloud9 can directly connect to via SSH.
    • Existing compute: Use an existing EC2 instance, requiring SSH login information.
Note: Auto-off is not available for AWS Cloud9 environments created from existing EC2 instances.
Warning: Creating an EC2 instance may incur charges on your AWS account.* In the New EC2 instance section, keep the default settings for Instance type.
Warning: Choosing an instance type with more RAM and CPU can lead to additional costs.* Select Platform: Amazon Linux 2 or Ubuntu 22.04 LTS. AWS Cloud9 will create the instance and connect the environment to it.
Important: We recommend selecting Amazon Linux 2. Choose a duration for Timeout.
Warning: Selecting a longer duration may lead to additional costs.
  • In the Network settings section, choose how to access the environment: through AWS System Manager (SSM) or Secure Shell (SSH).
  • Select VPC Settings to display Amazon Virtual Private Cloud and Subnet for your environment.
  • Add up to 50 tags by providing Key and Value for each tag.
Warning: Updating tags after creation will not be reflected on the underlying resources.* Click Create to make the environment.* If the account is successfully created, a green notification bar will appear at the top of the AWS Cloud9 console.* If the account creation fails, a red notification bar will appear.
  • After about 3 minutes of creation, click Open
  • In the AWS Cloud9 interface:
  • Select Preferences
  • Select AWS Settings
  • In the Credentials section, toggle off AWS managed temporary credentials

Creating an IAM Policy for Amazon Bedrock

To grant access to Bedrock’s APIs, you need to create an IAM Policy following these steps:
  • Log in to AWS Management Console
  • Open the IAM Dashboard
    • On the AWS toolbar, select “Services” and search for IAM to open the IAM Dashboard.
  • Create a New IAM Policy
    • In the IAM Dashboard, select the Policies tab.
    • Click on Create policy.
  • Enter Policy Details
    • Switch to the JSON tab.
    • Copy and paste the following JSON snippet into the input field:
  • {
    "Version": "2012-10-17",
    "Statement": [
    "Sid": "Statement1",
    "Effect": "Allow",
    "Action": "bedrock:*",
    "Resource": "*"
  • Confirm and Create the Policy
    • Double-check the information entered.
    • Click on Review policy, name the policy, and click Create policy to complete.
  • With the above steps, you should be able to successfully create an IAM Policy for managing access to Amazon Bedrock’s APIs.

Creating an IAM Role for Amazon Bedrock

After creating an IAM Policy for Amazon Bedrock, you can create an IAM Role and assign this policy along with administrator privileges.
  • Log in to the AWS Management Console
  • Open the IAM Dashboard
    • On the AWS toolbar, select “Services” and search for IAM to open the IAM Dashboard.
  • Create a New IAM Role
    • In the IAM Dashboard, select the Roles tab.
    • Click the Create role button.
  • Choose Entity Type and Use Case
    • Select AWS service in the entity type section.
    • Choose the appropriate use case for the role (e.g., EC2 if you want this role for EC2 instances).
    • Click Next: Permissions.
  • Attach Policy to Role
    • In the Attach permissions policies section, find and select the policy you created for Bedrock (BedrockAccessPolicy if you named it so).
    • Find and select AdministratorAccess to provide administrator privileges.
    • Click Next: Tags (you can add tags if needed).
    • Click Next: Review.
  • Name and Create the Role
    • Name the role (e.g., BedrockAdminRole).
    • Review the configuration and click Create role to complete.
With the above steps, you should be able to successfully create an IAM Role with access to the APIs of Amazon Bedrock and administrator privileges.

Attaching IAM Role to AWS Cloud9

After creating an IAM Role with access to Amazon Bedrock and administrator permissions, you can attach this role to the EC2 instance used in AWS Cloud9.
  • Log in to the AWS Management Console
  • Open the EC2 Dashboard
    • On the AWS toolbar, select “Services” and search for EC2 to open the EC2 Dashboard.
  • Select Instances
    • In the EC2 Dashboard, select Instances from the left menu.
  • Choose the Instance to Attach the Role
    • Find the EC2 instance you wish to attach the IAM Role to (this instance should be used in AWS Cloud9).
    • Click on that instance to select it.
  • Attach IAM Role
    • With the selected instance, press the Actions button.
    • In the dropdown menu, choose Security and then Modify IAM role.
    • In the Modify IAM role window, select the IAM Role you created earlier from the dropdown list (e.g., BedrockAdminRole).
    • Click Save to apply the changes.
  • Confirm and Use the Role
    • Double-check to ensure that the IAM Role has been correctly attached.
    • Now, your EC2 instance in Cloud9 has access rights according to the selected IAM Role.
Remember, after attaching an IAM Role, any applications or services running on this EC2 instance will have access rights according to the permissions of that Role.

Updating Security Group for EC2 in AWS Cloud9

To update the Security Group for an EC2 instance used in AWS Cloud9, allowing communication through ports 8080, 80, and 22, you can follow these steps:
  • Log in to the AWS Management Console
  • Open EC2 Dashboard
    • On the AWS toolbar, select “Services” and search for EC2 to open the EC2 Dashboard.
  • Select Security Groups
    • In the EC2 Dashboard, select Security Groups from the left-side menu.
  • Choose the Security Group to Update
    • Locate the Security Group linked with the EC2 instance you are using in Cloud9.
    • Click on that Security Group to select it.
  • Edit Inbound Rules
    • With the selected Security Group, click the Actions button.
    • Choose Edit inbound rules.
  • Add Rules for the Necessary Ports
    • Click Add rule to add a new rule.
    • For each port (8080, 80, and 22), add a rule:
      • Type: Select Custom TCP for ports 8080 and 80, SSH for port 22.
      • Port Range: Enter the corresponding port number (8080, 80, or 22).
      • Source: Choose Anywhere or restrict to specific IP addresses if necessary.
    • Repeat for each required port.
  • Save the Changes
    • After adding the rules, click Save rules to apply the changes.
After updating, ports 8080, 80, and 22 will be opened, allowing communication through these ports for your EC2 instance in Cloud9.

Clone Repository from GitHub

  • Install Git First, you need to make sure that Git is installed on your computer. If not, you can download and install it from Git’s homepage.
  • Open Terminal or Command Prompt
    • On Windows, you can use Command Prompt or PowerShell.
    • On macOS or Linux, you can use Terminal.
    • On Cloud9, you can run directly.
  • Navigate to Desired Folder Use the cd command to navigate to the directory where you want to save the repository. For example:
cd path
  • Clone Repository Once in the desired directory, use the following command to clone the repository:
git clone https://github.com/AWS-First-Cloud-Journey/aws-bedrock-rag-stock.git
  • Check Results After the cloning process is completed, use the ls or dir command to check if the repository has been cloned to your computer.
  • Install the necessary libraries for the application
To start using the aws-bedrock-rag-stock project, you need to do the following:
  • Clone and Go to Project Folder
First, clone the project and go to the project directory:
cd aws-bedrock-rag-stock
  • Install Necessary Libraries
  • Use pip3 to install necessary libraries from requirements.txt file:
pip3 install -r requirements.txt

Creating an Access Key

  • Log into the AWS Management Console.
    • Use your AWS account to log in.
  • Access IAM (Identity and Access Management).
    • In the AWS Management Console, find and select “IAM” to access Identity and Access Management.
  • Create a new user or use an existing user.
    • If you don’t have a user, you need to create a new one.
    • If you already have one, you can use the existing user.
  • Create an Access Key for the user.
    • In the user’s ‘Security credentials’ tab, find and select ‘Create access key’.
    • Save the ‘Access Key ID’ and ‘Secret Access Key’ when displayed.

Configuring Credentials for Cloud9

  • Open AWS Cloud9 Environment.
    • In the AWS Management Console, find and select “Cloud9”.
    • Open your Cloud9 environment.
  • Open a terminal in Cloud9.
    • In the Cloud9 environment, open a terminal or command window.
  • Run the AWS Configure command.
    • In the terminal, enter the following command:aws configure
    • Enter the ‘Access Key ID’ and ‘Secret Access Key’ you saved in step 1.
    • Enter the region information and output format if needed.
By following these steps, you can create an Access Key and configure AWS for your Cloud9 environment.

Setting Up Amazon Bedrock

In this workshop, we will be using Amazon Bedrock to access foundation models.
Below are the steps to configure model access in Amazon Bedrock for building and running generative AI applications. Amazon Bedrock provides a variety of foundation models from multiple providers.
  • In the AWS console interface, select the region where you wish to access Amazon Bedrock.At the time of writing this guide, the workshop will work best in the us-west-2 (Oregon) or us-east-1 (N. Virginia) regions.
  • Find Amazon Bedrock by searching within the AWS console.
  • Expand the side menu.
  • From the side menu, select Model access.
  • Click the Edit button.
  • Use the checkboxes to select the models you want to activate. Most of the model providers listed will be used in the workshop. There is no cost to activate models - you only pay for what you use in the labs. Review applicable EULAs as needed. Click Save changes to activate the models in your account.
  • Review the model access status.

 To run the application, use the following command on AWS Cloud9:

Application Experience

  • Application 1: RAG with Document (Architecture - RAG with document)
Named “Architecture 01,” this application focuses on using the RAG (Retrieval-Augmented Generation) model for processing and analyzing documents. This model combines the ability to search information from large documents with natural language generation capabilities, promising to deliver deeper and more accurate insights in data analysis.
  • Application 2: Converting Text to SQL Query (Architecture - Text To SQL Query)
Referred to as “Architecture 02,” this application focuses on converting natural language text into SQL queries. This allows non-expert users to interact with databases more easily, opening up the possibility of accessing information quickly and efficiently without needing to understand complex query languages.
  • Applications 3 and 4: ReAct and Agents (Architecture - ReAct and Agents)
These two applications represent a combination of the ReAct and Agents models, emphasizing the creation of reactions and actions based on received data and information. These applications can be used in various fields, ranging from automated data management to creating intelligent and flexible decision support systems.

Resource Cleanup

We will proceed with the deletion of resources in the following order:
  • In the Cloud9 admin interface.
    • Select the Cloud9 instance you created.
    • Click Delete.
  • Type Delete to confirm.
    • Click Delete to remove the created Cloud9 instance.

Reference Materials

This is a simple demo of Amazon Bedrock, utilizing AI21 and Anthropic Claude models with the langchain library. For more details, please refer to the following links:

Installation References