Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Protect batch inference jobs using a VPC

PDF
RSS
Focus mode
Protect batch inference jobs using a VPC - Amazon Bedrock
Set up VPC to protect your data during batch inferenceAttach VPC permissions to a batch inference roleAdd the VPC configuration when submitting a batch inference job

When you run a batch inference job, the job accesses your Amazon S3 bucket to download the input data and to write the output data. To control access to your data, we recommend that you use a virtual private cloud (VPC) with Amazon VPC. You can further protect your data by configuring your VPC so that your data isn't available over the internet and instead creating a VPC interface endpoint with AWS PrivateLink to establish a private connection to your data. For more information about how Amazon VPC and AWS PrivateLink integrate with Amazon Bedrock, see Protect your data using Amazon VPC and AWS PrivateLink.

Carry out the following steps to configure and use a VPC for the input prompts and output model responses for your batch inference jobs.

Set up VPC to protect your data during batch inference

To set up a VPC, follow the steps at Set up a VPC. You can further secure your VPC by setting up an S3 VPC endpoint and using resource-based IAM policies to restrict access to the S3 bucket containing your batch inference data by following the steps at (Example) Restrict data access to your Amazon S3 data using VPC.

Attach VPC permissions to a batch inference role

After you finish setting up your VPC, attach the following permissions to your batch inference service role to allow it to access the VPC. Modify this policy to allow access to only the VPC resources that your job needs. Replace the subnet-ids and security-group-id with the values from your VPC.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeVpcs",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterface"
            ],
            "Resource": [
                "arn:aws:ec2:${{region}}:${{account-id}}:network-interface/*",
                "arn:aws:ec2:${{region}}:${{account-id}}:subnet/${{subnet-id}}",
                "arn:aws:ec2:${{region}}:${{account-id}}:security-group/${{security-group-id}}"
            ],
            "Condition": {
               "StringEquals": { 
                   "aws:RequestTag/BedrockManaged": ["true"]
                },
                "ArnEquals": {
                   "aws:RequestTag/BedrockModelInvocationJobArn": 
                   ["arn:aws:bedrock:${{region}}:${{account-id}}:model-invocation-job/*"]
               }
            }
        },
        {
            "Sid": "3",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterfacePermission",
                "ec2:DeleteNetworkInterface",
                "ec2:DeleteNetworkInterfacePermission"
            ],
            "Resource": [
                "*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:Subnet": [
                        "arn:aws:ec2:${{region}}:${{account-id}}:subnet/${{subnet-id}}"
                    ]
                },
                "ArnEquals": {
                    "ec2:ResourceTag/BedrockModelInvocationJobArn": [
                        "arn:aws:bedrock:${{region}}:${{account-id}}:model-invocation-job/*"
                    ]
                }
            }
        },
        {
            "Sid": "4",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": "arn:aws:ec2:${{region}}:${{account-id}}:network-interface/*",
            "Condition": {
                "StringEquals": {
                    "ec2:CreateAction": [
                        "CreateNetworkInterface"
                    ]    
                },
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "BedrockManaged",
                        "BedrockModelInvocationJobArn"
                    ]
                }
             }
        }
    ]
}

Add the VPC configuration when submitting a batch inference job

After you configure the VPC and the required roles and permissions as described in the previous sections, you can create a batch inference job that uses this VPC.

Note

Currently, when creating a batch inference job, you can only use a VPC through the API.

When you specify the VPC subnets and security groups for a job, Amazon Bedrock creates elastic network interfaces (ENIs) that are associated with your security groups in one of the subnets. ENIs allow the Amazon Bedrock job to connect to resources in your VPC. For information about ENIs, see Elastic Network Interfaces in the Amazon VPC User Guide. Amazon Bedrock tags ENIs that it creates with BedrockManaged and BedrockModelInvocationJobArn tags.

We recommend that you provide at least one subnet in each Availability Zone.

You can use security groups to establish rules for controlling Amazon Bedrock access to your VPC resources.

You can configure the VPC to use in either the console or through the API. Choose the tab for your preferred method, and then follow the steps:

Console

For the Amazon Bedrock console, you specify VPC subnets and security groups in the optional VPC settings section when you submit the batch inference job.

Note

For a job that includes VPC configuration, the console can't automatically create a service role for you. Follow the guidance at Create a custom service role for batch inference to create a custom role.

API

When you submit a CreateModelInvocationJob request, you can include a VpcConfig as a request parameter to specify the VPC subnets and security groups to use, as in the following example.

"vpcConfig": { 
    "securityGroupIds": [
        "sg-0123456789abcdef0"
    ],
    "subnets": [
        "subnet-0123456789abcdef0",
        "subnet-0123456789abcdef1",
        "subnet-0123456789abcdef2"
    ]
}
anchoranchor

For the Amazon Bedrock console, you specify VPC subnets and security groups in the optional VPC settings section when you submit the batch inference job.

Note

For a job that includes VPC configuration, the console can't automatically create a service role for you. Follow the guidance at Create a custom service role for batch inference to create a custom role.

On this page

Related resources

Amazon Bedrock API Reference
AWS CLI commands for Amazon Bedrock
SDKs & Tools 

Related resources

Amazon Bedrock API Reference
AWS CLI commands for Amazon Bedrock
SDKs & Tools 
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.