Introduction

In the rapidly evolving landscape of AI, many organizations face the challenge of using cutting-edge AI models while maintaining strict regulatory compliance.

According to the company's privacy policy on the DeepSeek website, DeepSeek collects user data and can store the data on servers in China. This policy applies to direct API access, the IOS app, and the Android app. Because of this policy, many customers have concerns about the privacy of their data on DeepSeek models.

Note: Standalone DeepSeek-R1 model functions are independent from DeepSeek's data collection systems and locally process data. This approach provides privacy and control for users over their confidential data.

In your AWS environment, you can use the following methods to deploy DeepSeek-R1 models:

• Amazon Bedrock Marketplace for the DeepSeek-R1 model

• Amazon SageMaker JumpStart for the DeepSeek-R1 model 

• Amazon Bedrock Custom Model Import for the DeepSeek-R1-Distill models 

• Amazon Elastic Compute Cloud (Amazon EC2) Trn1 instances for the DeepSeek-R1-Distill models

Control access to DeepSeek models

To control access to DeepSeek models that you deploy through Amazon Bedrock and Amazon SageMaker AI, use the following solutions.

Note: These solutions don't apply to custom-imported DeepSeek models or DeepSeek models that directly run on Amazon EC2 instances.

Implement SCPs

To control access to a model, you can implement Service Control Policies (SCPs) at the following levels:

• Individual accounts

• Organizational Units (OU)

• Across an AWS Organizations structure

Remove access to Amazon Bedrock foundation models

DeepSeek is available directly as a foundation model in Amazon Bedrock. You can deny invoking the model in Amazon Bedrock.

Example policy:

{
    "Version": "2012-10-17",
    "Statement": {
        "Sid": "DenyInference",
        "Effect": "Deny",
        "Action": [
            "bedrock:InvokeModel",
            "bedrock:InvokeModelWithResponseStream",
            "bedrock:CreateModelInvocationJob"
        ],
        "Resource": "arn:aws:bedrock:*::foundation-model/model-id"
    }
}

To create ALLOW or DENY SCPs for Amazon Bedrock and SageMaker AI, complete the following tasks:

• If you use FullAWSAccess and have explicit DENY SCPs, then use the following example policy:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "MarketplaceModelDeny",
			"Effect": "Deny",
			"Action": [
				"sagemaker:*",
				"bedrock:*"
			],
			"Resource": [
				"arn:aws:sagemaker:*:*:endpoint/*",
				"arn:aws:sagemaker:*:*:endpoint-config/*",
				"arn:aws:sagemaker:*:*:model/*"
			],
			"Condition": {
				"StringLike": {
					"aws:ResourceTag/sagemaker-studio:hub-content-arn": "arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/deepseek*"
				}
			}
		}
	]
}

• If you use explicit ALLOW SCPs, then use the following example policy:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "MarketplaceModelEndpointMutatingAPIs",
			"Effect": "Allow",
			"Action": [
				"sagemaker:CreateEndpoint",
				"sagemaker:CreateEndpointConfig",
				"sagemaker:CreateModel",
				"sagemaker:DeleteEndpoint",
				"sagemaker:UpdateEndpoint"
			],
			"Resource": [
				"arn:aws:sagemaker:*:*:endpoint/*",
				"arn:aws:sagemaker:*:*:endpoint-config/*",
				"arn:aws:sagemaker:*:*:model/*"
			],
			"Condition": {
				"StringEquals": {
					"aws:CalledViaLast": "bedrock.amazonaws.com",
					"aws:ResourceTag/sagemaker-sdk:bedrock": "compatible"
				},
				"StringNotLike": {
					"aws:ResourceTag/sagemaker-studio:hub-content-arn": "arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/deepseek*"
				}
			}
		},
		{
			"Sid": "SageamkerModelEndpointMutatingAPIs",
			"Effect": "Allow",
			"Action": [
				"sagemaker:CreateEndpoint",
				"sagemaker:CreateEndpointConfig",
				"sagemaker:CreateModel",
				"sagemaker:DeleteEndpoint",
				"sagemaker:UpdateEndpoint"
			],
			"Resource": [
				"arn:aws:sagemaker:*:*:endpoint/*",
				"arn:aws:sagemaker:*:*:endpoint-config/*",
				"arn:aws:sagemaker:*:*:model/*"
			],
			"Condition": {
				"StringEquals": {
					"aws:CalledViaLast": "sagemaker.amazonaws.com",
					"aws:ResourceTag/sagemaker-sdk:bedrock": "compatible"
				},
				"StringNotLike": {
					"aws:ResourceTag/sagemaker-studio:hub-content-arn": "arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/deepseek*"
				}
			}
		}
	]
}

Restrict access to subscription to marketplace models

Note: This solution denies access to other model subscriptions.

Before you can request access or modify access to Amazon Bedrock foundation models, you must attach an AWS Identity and Access Management (IAM) policy. Attach the policy to the IAM role that allows access to Amazon Bedrock, and make sure that the policy allows the following AWS Marketplace actions:

• aws-marketplace:Subscribe

• aws-marketplace:Unsubscribe

• aws-marketplace:ViewSubscriptions

Based on your organization's need to control access to model subscriptions, you can create additional SCPs.

Establish a SageMaker JumpStart private model hub

In SageMaker JumpStart, you can create a curated repository of approved models in private hubs. Organizations can use these private hubs to align their AI initiatives with corporate policies and regulatory requirements. The private hub decouples model curation from model consumption. With this separation, administrators can manage the model inventory, and data scientists can develop AI solutions. For more information on private hubs, see Manage Amazon SageMaker JumpStart foundation model access with private hubs.

Monitor your solutions

To monitor your solutions, use one of the following options:

• AWS CloudTrail logs

• Amazon SageMaker Model dashboard

• Amazon CloudWatch Logs

For detailed insights, administrators can use specific parameters to query consolidated CloudTrail logs. For example, you can use sagemaker.amazonaws.com as the eventSource, and CreateModel as the eventName to query the logs.

You can also use resource tags like %deepseek% or Model S3uri, such as %deepseek% to query.

Example CloudTrail Lake query: 

SELECT *
FROM #########
WHERE eventname = 'CreateModel'
    AND eventsource = 'sagemaker.amazonaws.com'
    AND (
        element_at(requestParameters, 'primaryContainer') like '%deepseek%'
    )
    AND eventtime >= '2025-02-13 00:00:00'
    AND eventtime <= '2025-02-14 23:00:00';

Use AI responsibly

Amazon Bedrock delivers enterprise-level security features that protect your data and applications. Amazon Bedrock keeps your information confidential, and doesn't share the information with model providers or use the information to improve models. Model containers undergo vulnerability scanning. Additionally, Amazon Bedrock Serverless and Amazon Bedrock Marketplace both force network isolation to prevent unauthorized egress of customer data from model containers.

To safely build generative AI applications at scale, Amazon Bedrock Guardrails uses content filtering, Personally Identifiable Information (PII) redaction, and enhanced safety and privacy measures. You can customize policies to meet specific needs and responsible AI standards. These policies can include the following actions:

• Block unwanted topics

• Filter specific content and words

• Remove PII

• Conduct contextual grounding checks

• Identify AI hallucinations

AWS facilitates robust security and compliance in its AI services through built-in safeguards in Amazon Bedrock and SageMaker AI. These safeguards include the following:

• Encryption to protect data, both at rest and in transit

• Access management through IAM

• Network security with Amazon Virtual Private Cloud (Amazon VPC) and AWS PrivateLink

• Security groups and network access control lists (network ACLs) to restrict access

• CloudWatch and CloudTrail to monitor Amazon Bedrock performance and Amazon Bedrock API calls.

Conclusion

This article demonstrates how to restrict DeepSeek models to follow best practices for the security of your data across your organization.

To get the most out of your AWS environment, contact AWS Cloud Support Engineers and Technical Account Managers (TAMs). They can help you with general guidance, best practices, troubleshooting, and operational support on AWS. To learn more about our plans and offerings, see AWS Support. To learn more about the suggested solution, contact your TAM or AWS account team.

---

About the author

Mojgan Toth

Mojgan is a Sr. Cloud TAM who proactively supports customers with strategic technical guidance and AWS cloud best practices. She loves putting together solutions around well-architecture framework, security, and resiliency. Her passion lies in solving problems, enhancing efficiency, and reducing operational overhead. When it comes to her personal life, she loves cooking, painting, gardening, and outdoor activities such as bike rides and hikes.