(Optional) Protect custom model import jobs using a VPC
When you run a custom model import job, the job accesses your Amazon S3 bucket to download the input data and to upload job metrics. To control access to your data, we recommend that you use a virtual private cloud (VPC) with Amazon VPC. You can further protect your data by configuring your VPC so that your data isn't available over the internet and instead creating a VPC interface endpoint with AWS PrivateLink to establish a private connection to your data. For more information about how Amazon VPC and AWS PrivateLink integrate with Amazon Bedrock, see Protect your data using Amazon VPC and AWS PrivateLink.
Carry out the following steps to configure and use a VPC for importing your custom models.
Topics
Set up a VPC
You can use a default VPC for your model import data or create a new VPC by following the guidance at Get started with Amazon VPC and Create a VPC.
When you create your VPC, we recommend that you use the default DNS settings for your
endpoint route table, so that standard Amazon S3 URLs (for example,
http://s3-aws-region.amazonaws.com/)
resolve.model-bucket
Create an Amazon S3 VPC Endpoint
If you configure your VPC with no internet access, you need to create an Amazon S3 VPC endpoint to allow your model import jobs to access the S3 buckets that store your training and validation data and that will store the model artifacts.
Create the S3 VPC endpoint by following the steps at Create a gateway endpoint for Amazon S3.
Note
If you don't use the default DNS settings for your VPC, you need to ensure that the URLs for the locations of the data in your training jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see Routing for Gateway endpoints.
(Optional) Use IAM policies to restrict access to your S3 files
You can use resource-based policies to more tightly control access to your S3 files. You can the following type of resource-based policy.
-
Endpoint policies – Endpoint policies restrict access through the VPC endpoint. The default endpoint policy allows full access to Amazon S3 for any user or service in your VPC. While creating or after you create the endpoint, you can optionally attach a resource-based policy to the endpoint to add restrictions, such as only allowing the endpoint to access a specific bucket or only allowing a specific IAM role to access the endpoint. For examples, see Edit the VPC endpoint policy.
The following is an example policy you can attach to your VPC endpoint to only allow it to access the bucket containing your model weights.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "RestrictAccessToModelWeightsBucket", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::model-weights-bucket", "arn:aws:s3:::model-weights-bucket/*" ] } ] }
Attach VPC permissions to a custom model import role.
After you finish setting up your VPC and endpoint, you need to attach the following permissions to your model import IAM role. Modify this policy to allow access to only the VPC resources that your job needs. Replace the subnet-ids and security-group-id with the values from your VPC.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", ], "Resource":[ "arn:aws:ec2:region:account-id:network-interface/*" ], "Condition": { "StringEquals": { "aws:RequestTag/BedrockManaged": ["true"] }, "ArnEquals": { "aws:RequestTag/BedrockModelImportJobArn": ["arn:aws:bedrock:region:account-id:model-import-job/*"] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", ], "Resource":[ "arn:aws:ec2:region:account-id:subnet/subnet-id", "arn:aws:ec2:region:account-id:subnet/subnet-id2", "arn:aws:ec2:region:account-id:security-group/security-group-id" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", ], "Resource": "*", "Condition": { "ArnEquals": { "ec2:Subnet": [ "arn:aws:ec2:region:account-id:subnet/subnet-id", "arn:aws:ec2:region:account-id:subnet/subnet-id2" ], "ec2:ResourceTag/BedrockModelImportJobArn": ["arn:aws:bedrock:region:account-id:model-import-job/*"] }, "StringEquals": { "ec2:ResourceTag/BedrockManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:region:account-id:network-interface/*", "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateNetworkInterface" ] }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "BedrockManaged", "BedrockModelImportJobArn" ] } } ] }
Add the VPC configuration when submitting a model import job
After you configure the VPC and the required roles and permissions as described in the previous sections, you can create a model import job that uses this VPC.
When you specify the VPC subnets and security groups for a job, Amazon Bedrock creates
elastic network interfaces (ENIs) that are associated with your
security groups in one of the subnets. ENIs allow the Amazon Bedrock job to connect to
resources in your VPC. For information about ENIs, see Elastic Network
Interfaces in the Amazon VPC User Guide. Amazon Bedrock tags
ENIs that it creates with BedrockManaged and
BedrockModelImportJobArn tags.
We recommend that you provide at least one subnet in each Availability Zone.
You can use security groups to establish rules for controlling Amazon Bedrock access to your VPC resources.
You can configure the VPC to use in either the console or through the API. Choose the tab for your preferred method, and then follow the steps:
