This repository enables you to set up a secure chatbot using Amazon Bedrock in an AWS GovCloud account. The solution implements a Retrieval-Augmented Generation (RAG) pattern using Amazon Bedrock Knowledge Bases and OpenSearch Serverless.
The chatbot data flow follows this secure path:
- Client requests are sent to the Private API Gateway through the VPC Endpoint
- API Gateway forwards requests to the Lambda function
- Lambda queries the Bedrock Knowledge Base through the Bedrock VPC Endpoint
- Responses are returned through the same secure path
This architecture ensures that all data and API calls remain within your AWS network boundary, providing enhanced security for sensitive information and compliance with GovCloud requirements.
Before deploying this solution, ensure you have the following:
-
AWS Account Access:
- An AWS GovCloud account with required IAM permissions
- AWS CLI configured with appropriate credentials
-
Amazon Bedrock Access:
- Access to Amazon Bedrock service in your region
- Model access granted for the foundation models to be used in the demo
-
Development Environment:
- Python 3.11 or later
- Node.js 14.x or later (for AWS CDK)
- AWS CDK v2 installed (
npm install -g aws-cdk)
-
S3 Bucket:
- An existing S3 bucket for document storage or permissions to create a new one
- Sample documents to upload (PDF, TXT, or other supported formats)
-
Clone the GitHub repository containing the solution files:
git clone <git repository> -
Navigate to the solution directory:
cd bedrock-apps -
Create and activate the virtual environment:
python3 -m venv .venv source .venv/bin/activateNote: The activation of the virtual environment differs based on the operating system; refer to the AWS CDK workshop for activating in other environments.
-
Install the required dependencies:
pip install -r requirements-dev.txt -
Export your AWS credentials for a role or user with necessary permissions for CDK deployment:
export AWS_REGION="<region>" export AWS_ACCESS_KEY_ID="<access-key>" export AWS_SECRET_ACCESS_KEY="<secret-key>" -
If you're deploying the AWS CDK for the first time, bootstrap your environment:
cdk bootstrap aws://ACCOUNT-NUMBER/REGION
-
View and update configurations in
config.py:- Go to Amazon Bedrock console and enable the models
- Update the
S3_BUCKET_NAMEinconfig.pyto the bucket name where your files are stored
-
Synthesize the CloudFormation template: cdk synthesize developer guide
cdk synth -
Deploy the stacks in the following order: cdk deploy developer guide
cdk deploy lambdalayerstack cdk deploy aossstack cdk deploy knowledgebasestack cdk deploy apistack -
Once deployment is finished, you can see these deployed stacks in the AWS CloudFormation console.
- On the Amazon Bedrock console, choose Knowledge bases in the navigation page.
- Select the knowledge base you created.
- Choose Sync to initiate the data ingestion job.
- After the data ingestion job is complete, choose the desired foundation model to use for retrieval and generation.This requires model access to be granted in Amazon Bedrock before using.AWS Documenation to modify model access in Amazon Bedrock
- Start querying your data using natural language queries. AWS Documentation to test your knowledge base
Additional testing options:
- From Lambda, navigate to
apistack-Query...lambda and test with this Event JSON:{ "body": "{\"question\":\"<your question>\"}" } - From Privae API Gateway in AWS Console, execute "POST" on the resource
/questionwith this request body:{"question": "<your question>"}
To avoid incurring future charges on your AWS account:
-
Delete all files within the provisioned S3 bucket.
-
Delete the CloudFormation stacks using one of these methods:
Option 1: Delete all stacks at once:
cdk destroy --allOption 2: Delete stacks individually in reverse order:
cdk destroy apistack cdk destroy knowledgebasestack cdk destroy aossstack cdk destroy lambdalayerstack
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.