Protect batch inference jobs using a VPC

When you run a batch inference job, the job accesses your Amazon S3 bucket to download the input data and to write the output data. To control access to your data, we recommend that you use a virtual private cloud (VPC) with Amazon VPC. You can further protect your data by configuring your VPC so that your data isn't available over the internet and instead creating a VPC interface endpoint with AWS PrivateLink to establish a private connection to your data. For more information about how Amazon VPC and AWS PrivateLink integrate with Amazon Bedrock, see Protect your data using Amazon VPC and AWS PrivateLink.

Carry out the following steps to configure and use a VPC for the input prompts and output model responses for your batch inference jobs.

Set up VPC to protect your data during batch inference

To set up a VPC, follow the steps at Set up a VPC. You can further secure your VPC by setting up an S3 VPC endpoint and using resource-based IAM policies to restrict access to the S3 bucket containing your batch inference data by following the steps at (Example) Restrict data access to your Amazon S3 data using VPC.

Attach VPC permissions to a batch inference role

After you finish setting up your VPC, attach the following permissions to your batch inference service role to allow it to access the VPC. Modify this policy to allow access to only the VPC resources that your job needs. Replace the subnet-ids and security-group-id with the values from your VPC.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeVpcs",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterface"
            ],
            "Resource": [
                "arn:aws:ec2:${{region}}:${{account-id}}:network-interface/*",
                "arn:aws:ec2:${{region}}:${{account-id}}:subnet/${{subnet-id}}",
                "arn:aws:ec2:${{region}}:${{account-id}}:security-group/${{security-group-id}}"
            ],
            "Condition": {
               "StringEquals": { 
                   "aws:RequestTag/BedrockManaged": ["true"]
                },
                "ArnEquals": {
                   "aws:RequestTag/BedrockModelInvocationJobArn": 
                   ["arn:aws:bedrock:${{region}}:${{account-id}}:model-invocation-job/*"]
               }
            }
        },
        {
            "Sid": "3",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterfacePermission",
                "ec2:DeleteNetworkInterface",
                "ec2:DeleteNetworkInterfacePermission"
            ],
            "Resource": [
                "*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:Subnet": [
                        "arn:aws:ec2:${{region}}:${{account-id}}:subnet/${{subnet-id}}"
                    ]
                },
                "ArnEquals": {
                    "ec2:ResourceTag/BedrockModelInvocationJobArn": [
                        "arn:aws:bedrock:${{region}}:${{account-id}}:model-invocation-job/*"
                    ]
                }
            }
        },
        {
            "Sid": "4",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": "arn:aws:ec2:${{region}}:${{account-id}}:network-interface/*",
            "Condition": {
                "StringEquals": {
                    "ec2:CreateAction": [
                        "CreateNetworkInterface"
                    ]    
                },
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "BedrockManaged",
                        "BedrockModelInvocationJobArn"
                    ]
                }
             }
        }
    ]
}

Add the VPC configuration when submitting a batch inference job

After you configure the VPC and the required roles and permissions as described in the previous sections, you can create a batch inference job that uses this VPC.

When you specify the VPC subnets and security groups for a job, Amazon Bedrock creates elastic network interfaces (ENIs) that are associated with your security groups in one of the subnets. ENIs allow the Amazon Bedrock job to connect to resources in your VPC. For information about ENIs, see Elastic Network Interfaces in the Amazon VPC User Guide. Amazon Bedrock tags ENIs that it creates with BedrockManaged and BedrockModelInvocationJobArn tags.

We recommend that you provide at least one subnet in each Availability Zone.

You can use security groups to establish rules for controlling Amazon Bedrock access to your VPC resources.

You can configure the VPC to use in either the console or through the API. Select the tab corresponding to your method of choice and follow the steps.

Console

For the Amazon Bedrock console, you specify VPC subnets and security groups in the optional VPC settings section when you submit the batch inference job.

Note

For a job that includes VPC configuration, the console can't automatically create a service role for you. Follow the guidance at Create a service role for batch inference to create a custom role.

API

When you submit a CreateModelInvocationJob request, you can include a VpcConfig as a request parameter to specify the VPC subnets and security groups to use, as in the following example.

"vpcConfig": { 
    "securityGroupIds": [
        "sg-0123456789abcdef0"
    ],
    "subnets": [
        "subnet-0123456789abcdef0",
        "subnet-0123456789abcdef1",
        "subnet-0123456789abcdef2"
    ]
}