Protect your data using Amazon VPC and AWS PrivateLink

To control access to your data, we recommend that you use a virtual private cloud (VPC) with Amazon VPC. Using a VPC protects your data and lets you monitor all network traffic in and out of the AWS job containers by using VPC Flow Logs.

You can further protect your data by configuring your VPC so that your data isn't available over the internet and instead creating a VPC interface endpoint with AWS PrivateLink to establish a private connection to your data.

The following lists some features of Amazon Bedrock in which you can use VPC to protect your data:

Model customization – [Optional] Protect your model customization jobs using a VPC
Batch inference – Protect batch inference jobs using a VPC
Amazon Bedrock Knowledge Bases – Access Amazon OpenSearch Serverless using an interface endpoint (AWS PrivateLink)

Set up a VPC

You can use a default VPC or create a new VPC by following the guidance at Get started with Amazon VPC and Create a VPC.

When you create your VPC, we recommend that you use the default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, http://s3-aws-region.amazonaws.com/training-bucket) resolve.

The following topics show how to set up VPC endpoint with the help of AWS PrivateLink and an example use case for using VPC to protect access to your S3 files.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Encryption of Amazon Bedrock Studio

Use AWS PrivateLink to create a private connection