Encryption of knowledge base resources
Amazon Bedrock encrypts resources related to your knowledge bases. By default, Amazon Bedrock encrypts this data using an AWS managed key. Optionally, you can encrypt the model artifacts using a customer managed key.
Encryption with a KMS key can occur with the following processes:
-
Transient data storage while ingesting your data sources
-
Passing information to OpenSearch Service if you let Amazon Bedrock set up your vector database
-
Querying a knowledge base
The following resources used by your knowledge bases can be encrypted with a KMS key. If you encrypt them, you need to add permissions to decrypt the KMS key.
-
Data sources stored in an Amazon S3 bucket
-
Third-party vector stores
For more information about AWS KMS keys, see Customer managed keys in the AWS Key Management Service Developer Guide.
Note
Amazon Bedrock knowledge bases uses TLS encryption for communication with third-party vector stores where the provider permits and supports TLS encryption in transit.
Topics
- Encryption of transient data storage during data ingestion
- Encryption of information passed to Amazon OpenSearch Service
- Encryption of knowledge base retrieval
- Permissions to decrypt your AWS KMS key for your data sources in Amazon S3
- Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base
Encryption of transient data storage during data ingestion
When you set up a data ingestion job for your knowledge base, you can encrypt the job with a custom KMS key.
To allow the creation of a AWS KMS key for transient data storage in the process of ingesting your data source, attach the following policy to your Amazon Bedrock service role. Replace the region
, account-id
, and key-id
with the appropriate values.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": [ "arn:aws:kms:
region
:account-id
:key/key-id
" ] } ] }
Encryption of information passed to Amazon OpenSearch Service
If you opt to let Amazon Bedrock create a vector store in Amazon OpenSearch Service for your knowledge base, Amazon Bedrock can pass a KMS key that you choose to Amazon OpenSearch Service for encryption. To learn more about encryption in Amazon OpenSearch Service, see Encryption in Amazon OpenSearch Service.
Encryption of knowledge base retrieval
You can encrypt sessions in which you generate responses from querying a knowledge base with a KMS key. To do so, include the ARN of a KMS key in the kmsKeyArn
field when making a RetrieveAndGenerate request. Attach the following policy, replacing the values
appropriately to allow Amazon Bedrock to encrypt the session context.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:
region
:account-id
:key/key-id
} ] }
Permissions to decrypt your AWS KMS key for your data sources in Amazon S3
You store the data sources for your knowledge base in your Amazon S3 bucket. To encrypt these documents at rest, you can use the Amazon S3 SSE-S3 server-side encryption option. With this option, objects are encrypted with service keys managed by the Amazon S3 service.
For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service User Guide.
If you encrypted your data sources in Amazon S3 with a custom AWS KMS key, attach the following policy to your Amazon Bedrock service role to allow Amazon Bedrock to decrypt your key. Replace region
and account-id
with the region and account ID to which the key belongs. Replace key-id
with the ID of your AWS KMS key.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "KMS:Decrypt", ], "Resource": [ "arn:aws:kms:
region
:account-id
:key/key-id
" ], "Condition": { "StringEquals": { "kms:ViaService": [ "s3.region
.amazonaws.com" ] } } }] }
Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base
If the vector store containing your knowledge base is configured with an AWS Secrets Manager secret, you can encrypt the secret with a custom AWS KMS key by following the steps at Secret encryption and decryption in AWS Secrets Manager.
If you do so, you attach the following policy to your Amazon Bedrock service role to allow it to decrypt your key. Replace region
and account-id
with the region and account ID to which the key belongs. Replace key-id
with the ID of your AWS KMS key.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:
region
:account-id
:key/key-id
" ] } ] }