Bedrock security of prompt/responses

In the context of using Amazon Bedrock, it's indeed true that user prompts and responses leave the customer's Virtual Private Cloud (VPC) as they need to interact with the AWS Service Team Account where the foundational models are being hosted. However, there are robust measures in place to ensure the security and privacy of these interactions.

To ensure the security of the prompts/responses, AWS PrivateLink can be utilized to create a private connection between your VPC and Amazon Bedrock. This allows for the access of Amazon Bedrock as if it were within your own VPC, without needing an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Importantly, instances in your VPC do not require public IP addresses to access Amazon Bedrock, enhancing security. This setup involves creating an interface endpoint in your VPC, powered by AWS PrivateLink, which serves as the entry point for traffic intended for Amazon Bedrock​​​​.

In addition, I also want to note that when interacting with Bedrock your query and responses will not leave the AWS backbone. Your query and your response are secure and they are not used in the future to train and develop new models.

To summarize, while user prompts and responses do leave the customer's VPC to interact with AWS's foundational models, robust security measures via AWS PrivateLink and adherence to strict security protocols and compliance standards ensure the security and privacy of these interactions.

Additional References:

Securing your prompts/responses with Bedrock: https://aws.amazon.com/bedrock/security-compliance/

Configuring AWS PrivateLink with Amazon Bedrock: https://aws.amazon.com/blogs/machine-learning/use-aws-privatelink-to-set-up-private-access-to-amazon-bedrock/

Infrastructure Security in Amazon Bedrock: https://docs.aws.amazon.com/bedrock/latest/userguide/infrastructure-security.html