Protect model customization jobs using a VPC
When you run a model customization job, the job accesses your Amazon S3 bucket to download the input data and to upload job metrics. To control access to your data, we recommend that you use a virtual private cloud (VPC) with Amazon VPC. You can further protect your data by configuring your VPC so that your data isn't available over the internet and instead creating a VPC interface endpoint with AWS PrivateLink to establish a private connection to your data. For more information about how Amazon VPC and AWS PrivateLink integrate with Amazon Bedrock, see Protect your data using Amazon VPC and AWS PrivateLink.
Carry out the following steps to configure and use a VPC for the training, validation, and output data for your model customization jobs.
Topics
Set up a VPC
You can use a default VPC for your model customization data or create a new VPC by following the guidance at Get started with Amazon VPC and Create a VPC.
When you create your VPC, we recommend that you use the default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, http://s3-aws-region.amazonaws.com/
) resolve.training-bucket
Create an Amazon S3 VPC Endpoint
If you configure your VPC with no internet access, you need to create an Amazon S3 VPC endpoint to allow your model customization jobs to access the S3 buckets that store your training and validation data and that will store the model artifacts.
Create the S3 VPC endpoint by following the steps at Create a gateway endpoint for Amazon S3.
Note
If you don't use the default DNS settings for your VPC, you need to ensure that the URLs for the locations of the data in your training jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see Routing for Gateway endpoints.
(Optional) Use IAM policies to restrict access to your S3 files
You can use resource-based policies to more tightly control access to your S3 files. You can use any combination of the following types of resource-based policies.
-
Endpoint policies – Endpoint policies restrict access through the VPC endpoint. The default endpoint policy allows full access to Amazon S3 for any user or service in your VPC. While creating or after you create the endpoint, you can optionally attach a resource-based policy to the endpoint to add restrictions, such as only allowing the endpoint to access a specific bucket or only allowing a specific IAM role to access the endpoint. For examples, see Edit the VPC endpoint policy.
The following is an example policy you can attach to your VPC endpoint to only allow it to access the bucket containing your training data.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "RestrictAccessToTrainingBucket", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::
training-bucket
", "arn:aws:s3:::training-bucket/*
" ] } ] } -
Bucket policies – Bucket policies restrict access to S3 buckets. You can use a bucket policy to restrict access to traffic that comes from your VPC. To attach a bucket policy, follow the steps at Using bucket policies and use the aws:sourceVpc, aws:sourceVpce, or aws:VpcSourceIp condition keys. For examples, see Control access using bucket policies.
The following is an example policy you can attach to the S3 bucket that will contain your output data to deny all traffic to the bucket unless it comes from your VPC.
{ "Version": "2012-10-17", "Statement": [{ "Sid": "RestrictAccessToOutputBucket", "Effect": "Deny", "Principal": "*", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::
output-bucket
", "arn:aws:s3:::output-bucket/*
" ], "Condition": { "StringNotEquals": { "aws:sourceVpc": "your-vpc-id
" } } } ] }
Attach VPC permissions to a model customization role
After you finish setting up your VPC and endpoint, you need to attach the following permissions to your model customization IAM role. Modify this policy to allow access to only the VPC resources that your job needs. Replace the subnet-ids
and security-group-id
with the values from your VPC.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", ], "Resource":[ "arn:aws:ec2:
region
:account-id
:network-interface/*" ], "Condition": { "StringEquals": { "aws:RequestTag/BedrockManaged": ["true"] }, "ArnEquals": { "aws:RequestTag/BedrockModelCustomizationJobArn": ["arn:aws:bedrock:region
:account-id
:model-customization-job/*"] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", ], "Resource":[ "arn:aws:ec2:region
:account-id
:subnet/subnet-id
", "arn:aws:ec2:region
:account-id
:subnet/subnet-id2
", "arn:aws:ec2:region
:account-id
:security-group/security-group-id
" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", ], "Resource": "*", "Condition": { "ArnEquals": { "ec2:Subnet": [ "arn:aws:ec2:region
:account-id
:subnet/subnet-id
", "arn:aws:ec2:region
:account-id
:subnet/subnet-id2
" ], "ec2:ResourceTag/BedrockModelCustomizationJobArn": ["arn:aws:bedrock:region
:account-id
:model-customization-job/*"] }, "StringEquals": { "ec2:ResourceTag/BedrockManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:region
:account-id
:network-interface/*", "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateNetworkInterface" ] }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "BedrockManaged", "BedrockModelCustomizationJobArn" ] } } ] }
Add the VPC configuration when submitting a model customization job
After you configure the VPC and the required roles and permissions as described in the previous sections, you can create a model customization job that uses this VPC.
When you specify the VPC subnets and security groups for a job, Amazon Bedrock creates
elastic network interfaces (ENIs) that are associated with your
security groups in one of the subnets. ENIs allow the Amazon Bedrock job to connect to
resources in your VPC. For information about ENIs, see Elastic Network
Interfaces in the Amazon VPC User Guide. Amazon Bedrock tags
ENIs that it creates with BedrockManaged
and
BedrockModelCusomizationJobArn
tags.
We recommend that you provide at least one subnet in each Availability Zone.
You can use security groups to establish rules for controlling Amazon Bedrock access to your VPC resources.
You can configure the VPC to use in either the console or through the API. Select the tab corresponding to your method of choice and follow the steps.