Encryption of model customization jobs and artifacts
Amazon Bedrock uses your training data with the CreateModelCustomizationJob action, or with the console, to create a custom model which is a fine tuned version of an Amazon Bedrock foundational model. Your custom models are managed and stored by AWS.
Amazon Bedrock uses the fine tuning data you provide only for fine tuning an Amazon Bedrock foundation model. Amazon Bedrock doesn't use fine tuning data for any other purpose. Your training data isn't used to train the base Titan models or distributed to third parties. Other usage data, such as usage timestamps, logged account IDs, and other information logged by the service, is also not used to train the models.
None of the training or validation data you provide for fine tuning is stored by Amazon Bedrock, once the fine tuning job completes.
Note that fine-tuned models can replay some of the fine tuning data while generating completions. If your app should not expose fine tuning data in any form, then you should first filter out confidential data from your training data. If you already created a customized model using confidential data by mistake, you can delete that custom model, filter out confidential information from the training data, and then create a new model.
By default, Amazon Bedrock encrypts the resulting custom model from the customization job with an AWS-managed AWS Key Management Service key that AWS owns. Optionally, you can encrypt the model by creating a customer managed key. For more information about AWS KMS keys, see Customer managed keys in the AWS Key Management Service Developer Guide. To use a customer managed key, carry out the following steps.
-
Create a customer managed key with the AWS Key Management Service.
-
Attach a resource-based policy with permissions for the specified-roles to create or use custom models.
Topics
Create a customer managed key
First ensure that you have CreateKey permissions. Then follow the steps at Creating keys to create a customer managed key either in the AWS KMS console or the CreateKey API operation. Make sure to create a symmetric encryption key.
Creation of the key returns an Arn for the key that you can use as the customModelKmsKeyId when submitting a model customization job.
Create a key policy and attach it to the customer managed key
Attach the following resource-based policy to the KMS key by following the steps at Creating a key policy. The policy contains two statements.
-
Permissions for a role to encrypt model customization artifacts. Add ARNs of custom model builder roles to the
Principalfield. -
Permissions for a role to use a custom model in inference. Add ARNs of custom model user roles to the
Principalfield.
{ "Version": "2012-10-17", "Id": "KMS Key Policy", "Statement": [ { "Sid": "Permissions for custom model builders", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::account-id:user/role" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey", "kms:DescribeKey", "kms:CreateGrant" ], "Resource": "*" }, { "Sid": "Permissions for custom model users", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::account-id:user/role" }, "Action": "kms:Decrypt", "Resource": "*" } }
Encryption of training, validation, and output data
When you use Amazon Bedrock to run a model customization job, you store the input files in your Amazon S3 bucket. When the job completes, Amazon Bedrock stores the output metrics files in the S3 bucket that you specifed when creating the job and the resulting custom model artifacts in an S3 bucket controlled by AWS.
The output files are encrypted with the encryption configurations of the S3 bucket. These are encrypted either with SSE-S3 server-side encryption or with AWS KMS SSE-KMS encryption, depending on how you set up the S3 bucket.
