Data encryption for model evaluation jobs - Amazon Bedrock

Data encryption for model evaluation jobs

During the model evaluation job, Amazon Bedrock makes a copy of your data that exists temporarily. Amazon Bedrock deletes the data after the job finishes. It uses an AWS KMS key to encrypt it. It either uses an AWS KMS key that you specify or an Amazon Bedrock owned key to encrypt the data.

Amazon Bedrock uses the following IAM and AWS Key Management Service permissions to use your AWS KMS key to decrypt your data and encrypt the temporary copy that it makes.

AWS Key Management Service support in model evaluation jobs

When you create a model evaluation job using the either the AWS Management Console, AWS CLI, or a supported AWS SDK you can choose to use an Amazon Bedrock owned KMS key or your own customer managed key. If no customer managed key is specified then an Amazon Bedrock owned key is used by default.

To use a customer managed key, you must add the required IAM actions and resources to the IAM service role's policy. You must also add the required AWS KMS key policy elements.

You also need to create a policy that can interact with your customer managed key. This is specified in a separate AWS KMS key policy.

Amazon Bedrock uses the following IAM and AWS KMS permissions to use your AWS KMS key to decrypt your files and access them. It saves those files to an internal Amazon S3 location managed by Amazon Bedrock and uses the following permissions to encrypt them.

IAM policy requirements

The IAM policy associated with the IAM role that you're using to make requests to Amazon Bedrock must have the following elements. To learn more about managing your AWS KMS keys, see Using IAM policies with AWS Key Management Service.

Model evaluation jobs in Amazon Bedrock use AWS owned keys. These KMS keys are owned by Amazon Bedrock. To learn more about AWS owned keys, see AWS owned keys in the AWS Key Management Service Developer Guide.

Required IAM policy elements
  • kms:Decrypt — For files that you've encrypted with your AWS Key Management Service key, provides Amazon Bedrock with permissions to access and decrypt those files.

  • kms:GenerateDataKey — Controls permission to use the AWS Key Management Service key to generate data keys. Amazon Bedrock uses GenerateDataKey to encrypt the temporary data it stores for the evaluation job.

  • kms:DescribeKey — Provides detailed information about a KMS key.

  • kms:ViaService — The condition key limits use of an KMS key to requests from specified AWS services. You must specify Amazon S3 as a service because Amazon Bedrock stores a temporary copy of your data in an Amazon S3 location that it owns.

The following is an example IAM policy that contains only the required AWS KMS IAM actions and resources.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "CustomKMSKeyProvidedToBedrock", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:{{region}}:{{accountId}}:key/[[keyId]]" ], "Condition": { "StringEquals": { "kms:ViaService": "s3.{{region}}.amazonaws.com" } } }, { "Sid": "CustomKMSDescribeKeyProvidedToBedrock", "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": [ "arn:aws:kms:{{region}}:{{accountId}}:key/[[keyId]]" ] } ] }

AWS KMS key policy requirements

Every AWS KMS key must have exactly one key policy. The statements in the key policy determine who has permission to use the AWS KMS key and how they can use it. You can also use IAM policies and grants to control access to the AWS KMS key, but every AWS KMS key must have a key policy.

Required AWS KMS key policy elements in Amazon Bedrock
  • kms:Decrypt — For files that you've encrypted with your AWS Key Management Service key, provides Amazon Bedrock with permissions to access and decrypt those files.

  • kms:GenerateDataKey — Controls permission to use the AWS Key Management Service key to generate data keys. Amazon Bedrock uses GenerateDataKey to encrypt the temporary data it stores for the evaluation job.

  • kms:DescribeKey — Provides detailed information about a KMS key.

You must add the following statement to your existing AWS KMS key policy. It provides Amazon Bedrock with permissions to temporarily store your data in a Amazon Bedrock service bucket using the AWS KMS that you've specified.

{ "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt", "kms:DescribeKey" ], "Resource": "*", "Condition": { "StringLike": { "kms:EncryptionContext:evaluationJobArn": "arn:aws:bedrock:{{region}}:{{accountId}}:evaluation-job/*", "aws:SourceArn": "arn:aws:bedrock:{{region}}:{{accountId}}:evaluation-job/*" } } }

The following is an example of a complete AWS KMS policy.

{ "Version": "2012-10-17", "Id": "key-consolepolicy-3", "Statement": [ { "Sid": "EnableIAMUserPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::{{CustomerAccountId}}:root" }, "Action": "kms:*", "Resource": "*" }, { "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt", "kms:DescribeKey" ], "Resource": "*", "Condition": { "StringLike": { "kms:EncryptionContext:evaluationJobArn": "arn:aws:bedrock:{{region}}:{{accountId}}:evaluation-job/*", "aws:SourceArn": "arn:aws:bedrock:{{region}}:{{accountId}}:evaluation-job/*" } } } ] }