Community | Securing Amazon Bedrock | S02 E11

The architecture diagram of todays discussion — All this and more, if you follow the blog post and watch the live stream

Today, Darko is joined by Ram, as we look into the way to secure you Amazon Bedrock workloads. More specifically we discuss and demonstrate how to setup AWS PrivateLink to securely communicate with the Amazon Bedrock Service. Ram shows us how to configure the VPC, Permissions and anything else needed to have your Lambda functions communicate with Amazon Bedrock via the AWS PrivateLink.

If you want to follow along, there is a Blog Post available for your reading pleasure! 🥳

The thing that really stood out to me is the ability to setup Endpoint policies that only allow invoking a specific model 👏

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
	"Version": "2012-10-17",
	"Statement": [
		{
		    "Action": [
		        "bedrock:InvokeModel"
		        ],
		    "Resource": [
		        "arn:aws:bedrock:*::foundation-model/anthropic.claude-instant-v1"
		        ],
		    "Effect": "Allow",
		    "Principal": {
                "AWS": "arn:aws:iam::<accountid>:role/GenAIStack-Bedrock"
            }
		}
	]
}

To learn more, and see how we set all this up. Check out the recording here:

Links from today's episode

Reach out to the hosts and guests:

Site Terms, Privacy, and more.

Securing Amazon Bedrock | S02 E11 | Build On Generative AI

Making sure all that data going in and out of Bedrock does not go to the internet.

Links from today's episode