Amazon Bedrock
The Amazon Bedrock connection allows the Intelligence Hub to interact with AWS Bedrock for generative AI and LLM workflows. This connection enables sending prompts and receiving responses from models hosted on Bedrock. Below are details on the connection and input settings.
Authentication Type
| Setting | Description |
|---|---|
| Token | Enter an IAM Access and Secret Key that have permissions to use Bedrock. See below section on IAM permission best practices. |
| Assume EC2 IAM Role | If running on an EC2 instance with an IAM role attached, automatically assumes that role. No credentials are required. See below section on IAM permission best practices. |
Region
The AWS region where the Bedrock service is hosted.
Endpoint (Optional)
Base URL for the Bedrock API. If not provided, the default endpoint is used.
Input Settings
| Setting | Description |
|---|---|
| Model Id | The model ID provided by AWS when creating a model in Bedrock. |
| Instructions | (Optional) The prompt or instructions to guide the model’s. response. |
| Message | The message to be sent to the model. This is the input the model will process based on the instructions. |
| Response Format | The format in which the model should respond. When set to JSON the connection will attempt to parse the response as JSON. If the response is not valid JSON the read fails. |
AWS IAM Best Practices
Please see AWS documentation on IAM best practices. HighByte strongly recommends following the policy of least privilege when granting the IAM role for the connection.
https://docs.aws.amazon.com/bedrock/latest/userguide/security_iam_service-with-iam.html It is also recommended that users occasionally rotate new IAM credentials and manually update the Intelligence Hub configuration with the new credentials.
The following IAM permissions are used by the S3 Connection.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": "*"
}
]
}