To control access to your data, we recommend that you use a virtual private cloud (VPC) with Amazon VPC. Using a VPC protects your data and lets you monitor all network traffic in and out of the AWS job containers by using VPC Flow Logs.
You can further protect your data by configuring your VPC so that your data isn't available over the internet and instead creating a VPC interface endpoint with AWS PrivateLink to establish a private connection to your data.
The following lists some features of Amazon Bedrock in which you can use VPC to protect your data:
-
Model customization – (Optional) Protect your model customization jobs using a VPC
-
Batch inference – Protect batch inference jobs using a VPC
-
Amazon Bedrock Knowledge Bases – Access Amazon OpenSearch Serverless using an interface endpoint (AWS PrivateLink)
Set up a VPC
You can use a default VPC or create a new VPC by following the guidance at Get started with Amazon VPC and Create a VPC.
When you create your VPC, we recommend that you use the default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, http://s3-aws-region.amazonaws.com/) resolve.training-bucket
The following topics show how to set up VPC endpoint with the help of AWS PrivateLink and an example use case for using VPC to protect access to your S3 files.
Topics
