Administer Amazon Bedrock Studio
Amazon Bedrock Studio is in preview release for Amazon Bedrock and is subject to change. |
Amazon Bedrock Studio is a web application that lets users in your organization easily experiment with Amazon Bedrock models and build applications, without having to use an AWS account. It also avoids the complexity of your users having to set up and use a developer environment. For more information, see the Amazon Bedrock Studio user guide.
To enable Bedrock Studio for your users, you use the Amazon Bedrock console to create a Bedrock Studio workspace and invite users as members to that workspace. Within the workspace, users create projects in which they can experiment with Amazon Bedrock models and features, such as Knowledge Bases and guardrails.
As part of granting user access to Amazon Bedrock Studio, you need to set up Single Sign On (SSO) integration with IAM Identity Center and your company's Identity Provider (IDP). Workspace members can be users or groups of users in your organization.
Your users sign in to Amazon Bedrock Studio by using a link that you send to them.
You need permissions to administer Bedrock Studio workspaces. For more information, see Identity-based policy examples for Amazon Bedrock Studio.
Amazon Bedrock Studio is supported in the following Regions (for more information about Regions supported in Amazon Bedrock see Amazon Bedrock endpoints and quotas):
-
US East (N. Virginia)
-
US West (Oregon)
-
Asia Pacific (Tokyo)
-
Asia Pacific (Singapore) (Gated)
-
Asia Pacific (Sydney)
-
Europe (Frankfurt)
-
Europe (Ireland) (Gated)
Topics
- Amazon Bedrock Studio and Amazon DataZone
- Create an Amazon Bedrock Studio workspace
- Add or remove Amazon Bedrock Studio workspace members
- Update a workspace for Prompt management and Amazon Bedrock Flows
- Update a workspace for app export
- Delete a project from an Amazon Bedrock Studio workspace
- Delete an Amazon Bedrock Studio workspace
Amazon Bedrock Studio and Amazon DataZone
Amazon Bedrock uses resources created in Amazon DataZone to integrate with AWS IAM Identity Center, and to provide a secure environment for builders to log in and develop their apps. When an account administrator creates an Amazon Bedrock Studio workspace, an Amazon DataZone domain is created in your AWS account. We recommend that you manage the workspaces you create through the Amazon Bedrock console and not by directly modifying the Amazon DataZone domain.
When builders use Amazon Bedrock Studio, the projects, apps, and components they create are built using resources created in your AWS account. The name and description of projects, apps, or components are visible to all members of the Amazon Bedrock Studio workspace. We recommend that you don't store sensitive data in these two fields. Project-based access control ensures only authorized members of a project can edit the name, description, and other fields in the project.
The following is a list of the services where Amazon Bedrock Studio creates resources in your account:
AWS CloudFormation — Amazon Bedrock Studio uses CloudFormation stacks to securely create resources in your account. The CloudFormation stack for a resource (project, app, or component) is created when the resource is created in your Amazon Bedrock Studio workspace, and is deleted when the resource is deleted. All CloudFormation stacks are deployed in your account using the provisioning role you specify when you create the workspace. Cloudformation stacks are used to create and delete all of the other resources created by Amazon Bedrock Studio in your account.
-
AWS Identity and Access Management — dynamically creates IAM roles when Amazon Bedrock Studio resources are created. Some of the roles created are used internally by components, while some roles are used to let Amazon Bedrock Studio builders perform certain actions. Roles used by builders are scoped-down to the minimum resources necessary by default, and are created using the permission boundary
AmazonDataZoneBedrockPermissionsBoundary
in your AWS account.
-
Amazon S3 — Amazon Bedrock Studio creates a Amazon S3 bucket in your account for each project. The bucket stores app and component definitions, as well as data files you upload such Knowledge Base files or api schemas for functions.
Amazon Bedrock Studio — Apps and components in Amazon Bedrock Studio can create Amazon Bedrock agents, Knowledge Bases, and guardrails.
-
AWS Lambda — Lambda functions are used as part of the Amazon Bedrock Studio function and knowledgebase components.
-
AWS Secrets Manager — Amazon Bedrock Studio uses a Secrets Manager secret to store API credentials for the functions component.
-
Amazon CloudWatch — Amazon Bedrock Studio creates log groups in your account to store information about the Lambda functions that components create. For more information, see Monitor Amazon Bedrock Studio using CloudWatch Logs.