Encryption of transient data storage during data ingestion Encryption of information passed to Amazon OpenSearch Service Encryption of knowledge base retrieval Permissions to decrypt your AWS KMS key for your data sources in Amazon S3 Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base

Encryption of knowledge base resources

Amazon Bedrock encrypts resources related to your knowledge bases. By default, Amazon Bedrock encrypts this data using an AWS managed key. Optionally, you can encrypt the model artifacts using a customer managed key.

Encryption with a KMS key can occur with the following processes:

Transient data storage while ingesting your data sources
Passing information to OpenSearch Service if you let Amazon Bedrock set up your vector database
Querying a knowledge base

The following resources used by your knowledge bases can be encrypted with a KMS key. If you encrypt them, you need to add permissions to decrypt the KMS key.

Data sources stored in an Amazon S3 bucket
Third-party vector stores

For more information about AWS KMS keys, see Customer managed keys in the AWS Key Management Service Developer Guide.

Topics

Encryption of transient data storage during data ingestion
Encryption of information passed to Amazon OpenSearch Service
Encryption of knowledge base retrieval
Permissions to decrypt your AWS KMS key for your data sources in Amazon S3
Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base

Encryption of transient data storage during data ingestion

When you set up a data ingestion job for your knowledge base, you can encrypt the job with a custom KMS key.

To allow the creation of a AWS KMS key for transient data storage in the process of ingesting your data source, attach the following policy to your Amazon Bedrock service role. Replace the region, account-id, and key-id with the appropriate values.


{
    "Version": "2012-10-17",
    "Statement": [
        {
          "Effect": "Allow",
          "Action": [
              "kms:GenerateDataKey",
              "kms:Decrypt"
          ],
          "Resource": [
              "arn:aws:kms:region:account-id:key/key-id"
          ]
        }
    ]
}

Encryption of information passed to Amazon OpenSearch Service

If you opt to let Amazon Bedrock create a vector store in Amazon OpenSearch Service for your knowledge base, Amazon Bedrock can pass a KMS key that you choose to Amazon OpenSearch Service for encryption. To learn more about encryption in Amazon OpenSearch Service, see Encryption in Amazon OpenSearch Service.

Encryption of knowledge base retrieval

You can encrypt sessions in which you generate responses from querying a knowledge base with a KMS key. To do so, include the ARN of a KMS key in the kmsKeyArn field when making a RetrieveAndGenerate request. Attach the following policy, replacing the values appropriately to allow Amazon Bedrock to encrypt the session context.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "bedrock.amazonaws.com"
            },
            "Action": [
                "kms:GenerateDataKey", 
                "kms:Decrypt"
            ],
            "Resource": "arn:aws:kms:region:account-id:key/key-id
        }
    ]
}

Permissions to decrypt your AWS KMS key for your data sources in Amazon S3

You store the data sources for your knowledge base in your Amazon S3 bucket. To encrypt these documents at rest, you can use the Amazon S3 SSE-S3 server-side encryption option. With this option, objects are encrypted with service keys managed by the Amazon S3 service.

For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service User Guide.

If you encrypted your data sources in Amazon S3 with a custom AWS KMS key, attach the following policy to your Amazon Bedrock service role to allow Amazon Bedrock to decrypt your key. Replace region and account-id with the region and account ID to which the key belongs. Replace key-id with the ID of your AWS KMS key.


{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action": [
            "KMS:Decrypt",
        ],
        "Resource": [
            "arn:aws:kms:region:account-id:key/key-id"
        ],
        "Condition": {
            "StringEquals": {
                "kms:ViaService": [
                    "s3.region.amazonaws.com"
               ]
           }
        }
    }]
}

Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base

If the vector store containing your knowledge base is configured with an AWS Secrets Manager secret, you can encrypt the secret with a custom AWS KMS key by following the steps at Secret encryption and decryption in AWS Secrets Manager.

If you do so, you attach the following policy to your Amazon Bedrock service role to allow it to decrypt your key. Replace region and account-id with the region and account ID to which the key belongs. Replace key-id with the ID of your AWS KMS key.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:region:account-id:key/key-id"
            ]
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Encryption of agent resources

Encryption of Amazon Bedrock Studio