Amazon Onboarding with Learning Manager Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

Generative AI technology is poised to revolutionize various industries by driving innovation, enhancing content creation, elevating customer experiences, streamlining operations, and improving productivity. To tap into this transformative potential, Amazon Bedrock provides a fully managed service that integrates high-performance foundational models from top AI companies such as AI21 Labs, Anthropic, Cohere, Meta, Stability AI, Mistral AI, and Amazon itself. The service offers a unified API to access these advanced models while focusing on security, privacy, and ethical AI practices, empowering organizations to explore new avenues for innovation and enhance their offerings through the power of AI.

In this article, we will walk you through the process of establishing a fast, reusable, and repeatable Retrieval-Augmented Generation (RAG)-based generative AI infrastructure as code (IaC) using Terraform, with best practices in mind for a sample use case chatbot as a reference. This solution provides a foundational framework that can be customized and expanded to build robust, scalable, and efficient chatbot applications on the AWS Cloud utilizing Amazon Bedrock. You will learn how to automate the provisioning of essential components necessary for a generative AI chatbot, including Amazon Bedrock Agents, Amazon Bedrock Knowledge Bases, Amazon OpenSearch Serverless, AWS Lambda, Amazon Simple Storage Service (Amazon S3) buckets for Amazon Bedrock Knowledge Bases, Amazon Bedrock Guardrails, and the AWS Identity and Access Management (IAM) roles required to connect these services effectively.

We also delve into an automated custom logic lifecycle for preparing an agent, as well as creating and updating an agent alias when modifications occur to the agent action group Lambda code or instructions to the agent or knowledge base.

Solution Infrastructure Diagram

The diagram below depicts the solution infrastructure. This architecture illustrates the integration of Amazon Bedrock with various AWS services to create an intelligent, secure, and automated workflow. At its core, the Amazon Bedrock Agent utilizes Bedrock Knowledge Bases for query handling and Bedrock Agent Action Groups to invoke necessary actions through Open API schema, Lambda, and Amazon S3. It includes a VPC (Virtual Private Cloud) endpoint, securely connecting to resources within a private subnet. Within this subnet, a Lambda function automates tasks triggered by the Bedrock Agent. These functions interact with various AWS resources while maintaining security and compliance. This setup ensures that user requests are processed efficiently, securely, and in a scalable manner within the AWS environment.

Solution Setup

The code for the solution is accessible on the GitHub repository in aws-samples. You can clone the code to your machine using the following command:

git clone "git@github.com:aws-samples/intelligent-rag-bedrockagent-iac.git"

Package Structure

After cloning the repository, you will find the code structured as illustrated in the accompanying figure. Each service required for building the solution has its own module, conforming to best practices for writing repeatable IaC code. The code can be integrated into a DevOps tool or lifecycle process.

The root module invokes the submodules to construct the stack in the necessary sequence for setting up the solution. Each module references other modules as outputs, and the following list outlines the purpose of each module:

• knowledge_base_bucket module builds the knowledge base data source S3 bucket with encryption, access logging, versioning, object lifecycle configuration, and optional Amazon Simple Notification Service (Amazon SNS) alerting for object uploads. The resources can be configured based on your specific use case.
• roles module establishes roles with security best practices for the agent, knowledge bases, and Lambda functions, complete with KMS encryption and decryption permissions.
• bedrock_knowledge_base module creates a knowledge base and its data source, including a policy for integrating an OpenSearch Serverless collection with the knowledge base through the aoss module. This also sets up AWS Systems Manager parameters to store the knowledge base ID and data source ID.
• aoss module builds the OpenSearch Serverless collection with a FAISS index and three OpenSearch Serverless encryption, data, and network policies. It utilizes the roles created in the roles module.
• bedrock_agent module creates an Amazon Bedrock agent, associates it with a knowledge base, and establishes an action group Lambda function referencing the provided OpenAPI schema for the sample application. It also automates the storage of agent IDs, agent alias IDs, and the Lambda function’s last update status.
• bedrock_guardrail module creates Amazon Bedrock agent guardrails, allowing for the detection of sensitive information such as personally identifiable information (PII). This module evaluates user inputs and foundation model outputs according to specific guidelines.
• vpc_endpoints module creates interface and gateway endpoints for secure communication between the services and infrastructure.
• agent_update_lifecycle module implements custom logic that automates the creation of a new agent alias that points to the existing agent configuration.

Prerequisites

Access management: The operations team must delegate access carefully for the services created by the solution. Proper access control measures should be in place to secure and manage access, such as using Systems Manager, IAM roles for deployment, and service-based roles. It is crucial to disable public access to S3 buckets and set up a dead-letter queue.

AWS CLI version: Ensure that the AWS Command Line Interface (AWS CLI) v2 is installed and correctly configured in the deployment environment.

Provider versions: Before proceeding with the deployment, update the provider versions as necessary.

For additional insights and strategies on optimizing your online presence, check out this resource. Also, as discussed in this article, preventing burnout through empathy is crucial in today’s work environment. Lastly, for further information on the precautions Amazon takes, see this excellent resource.