Is it possible to make AWS Bedrock's knowledge bases completely private?

0

designed it with the following architecture. 여기에 이미지 설명 입력

I created only one Subnet in VPC. I connected Lambda to that Subnet and set the Endpoints of Bedrock, Opensearch Serverless, and S3. I set S3 as an Interface type Endpoint. When I looked at it with Cloud Trail, it seems that Bedrock accesses S3 as a public access. I blocked all public access to S3.

Is there a good alternative? Is it impossible, but they are trying?

1 Answer
1
Accepted Answer

Hello.

Unfortunately, as of November 2024, there is no setting for S3 data sources to go through VPC from the Bedrock Knowledge Base, so there is no way to use VPC endpoints to access S3.
https://docs.aws.amazon.com/bedrock/latest/userguide/s3-data-source-connector.html

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
  • Thanks for the reply. So, is the communication between S3 and Bedrock public communication like the internet? Or is it AWS's backbone network communication?

  • Since the communication is between AWS services, I think the communication is over the AWS backbone network. https://aws.amazon.com/vpc/faqs/?nc1=h_ls

    No. When using public IP addresses, all communication between instances and services hosted in AWS use AWS's private network. Packets that originate from the AWS network with a destination on the AWS network stay on the AWS global network, except traffic to or from AWS China Regions.

  • 100% correct.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions