Amazon Bedrock is a fully managed service that offers a choice of foundation models (FMs) along with a broad set of capabilities for building generative AI applications.
This module includes resources to deploy Bedrock features.
With Knowledge Bases for Amazon Bedrock, you can give FMs and agents contextual information from your company’s private data sources for Retrieval Augmented Generation (RAG) to deliver more relevant, accurate, and customized responses.
A vector index on a vector store is required to create a Knowledge Base. This construct currently supports Amazon OpenSearch Serverless, Amazon RDS Aurora PostgreSQL, Pinecone, and MongoDB. By default, this resource will create an OpenSearch Serverless vector collection and index for each Knowledge Base you create, but you can provide an existing collection to have more control. For other resources you need to have the vector stores already created and credentials stored in AWS Secrets Manager.
The resource accepts an instruction prop that is provided to any Bedrock Agent it is associated with so the agent can decide when to query the Knowledge Base.
To create a knowledge base, make sure you pass in the appropriate variables and set the create_kb
variable to true
.
Example default Opensearch Serverless Agent with Knowledgebase
provider "opensearch" {
url = module.bedrock.default_collection[0].collection_endpoint
healthcheck = false
}
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.5"
create_kb = true
create_default_kb = true
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
Data sources are the various repositories or systems from which information is extracted and ingested into the knowledge base. These sources provide the raw content that will be processed, indexed, and made available for querying within the knowledge base system. Data sources can include various types of systems such as document management systems, databases, file storage systems, and content management platforms. Suuported Data Sources include Amazon S3 buckets, Web Crawlers, SharePoint sites, Salesforce instances, and Confluence spaces.
-
Amazon S3. You can either create a new data source by passing in the existing data source arn to the input variable
kb_s3_data_source
or create a new one by settingcreate_s3_data_source
to true. -
Web Crawler. You can create a new web crawler data source by setting the
create_web_crawler
input variable to true and passing in the necessary variables for urls, scope, etc. -
SharePoint. You can create a new SharePoint data source by setting the
create_sharepoint
input variable to true and passing in the necessary variables for site urls, filter patterns, etc. -
Salesforce. You can create a new Salesforce data source by setting the
create_salesforce
input variable to true and passing in the necessary variables for site urls, filter patterns, etc. -
Confluence. You can create a new Confluence data source by setting the
create_confluence
input variable to true and passing in the necessary variables for site urls, filter patterns, etc.
Enable generative AI applications to execute multistep tasks across company systems and data sources.
The following example creates an Agent with a simple instruction and without any action groups or knowedlge bases.
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.5"
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
To create an Agent with a default Knowledge Base you simply set create_kb
and create_default_kb
to true
:
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.5"
create_kb = true
create_default_kb = true
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
An action group defines functions your agent can call. The functions are Lambda functions. The action group uses an OpenAPI schema to tell the agent what your functions do and how to call them. You can configure an action group by passing in the appropriate input variables.
The Agent constructs take an optional parameter shouldPrepareAgent to indicate that the Agent should be prepared after any updates to an agent, Knowledge Base association, or action group. This may increase the time to create and update those resources. By default, this value is true.
Bedrock Agents allows you to customize the prompts and LLM configuration for its different steps. You can disable steps or create a new prompt template. Prompt templates can be inserted from plain text files.
Amazon Bedrock's Guardrails feature enables you to implement robust governance and control mechanisms for your generative AI applications, ensuring alignment with your specific use cases and responsible AI policies. Guardrails empowers you to create multiple tailored policy configurations, each designed to address the unique requirements and constraints of different use cases. These policy configurations can then be seamlessly applied across multiple foundation models (FMs) and Agents, ensuring a consistent user experience and standardizing safety, security, and privacy controls throughout your generative AI ecosystem.
With Guardrails, you can define and enforce granular, customizable policies to precisely govern the behavior of your generative AI applications. You can configure the following policies in a guardrail to avoid undesirable and harmful content and remove sensitive information for privacy protection.
Content filters – Adjust filter strengths to block input prompts or model responses containing harmful content.
Denied topics – Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses.
Word filters – Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc.
Sensitive information filters – Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses.
You can create a Guardrail by setting create_guardrail
to true and passing in the appropriate input variables:
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.5"
create_kb = false
create_default_kb = false
create_guardrail = true
blocked_input = "Blocked input"
blocked_output = "Blocked output"
filters_config = [
{
input_strength = "MEDIUM"
output_strength = "MEDIUM"
type = "HATE"
},
{
input_strength = "HIGH"
output_strength = "HIGH"
type = "VIOLENCE"
}
]
pii_entities_config = [
{
action = "BLOCK"
type = "NAME"
},
{
action = "BLOCK"
type = "DRIVER_ID"
},
{
action = "ANONYMIZE"
type = "USERNAME"
},
]
regexes_config = [{
action = "BLOCK"
description = "example regex"
name = "regex_example"
pattern = "^\\d{3}-\\d{2}-\\d{4}$"
}]
managed_word_lists_config = [{
type = "PROFANITY"
}]
words_config = [{
text = "HATE"
}]
topics_config = [{
name = "investment_topic"
examples = ["Where should I invest my money ?"]
type = "DENY"
definition = "Investment advice refers to inquiries, guidance, or recommendations regarding the management or allocation of funds or assets with the goal of generating returns ."
}]
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
Name | Version |
---|---|
terraform | >= 1.0.7 |
aws | ~>5.0 |
awscc | >= 1.0.0 |
opensearch | = 2.2.0 |
random | >= 3.6.0 |
time | ~> 0.6 |
Name | Version |
---|---|
aws | ~>5.0 |
awscc | >= 1.0.0 |
opensearch | = 2.2.0 |
random | >= 3.6.0 |
time | ~> 0.6 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
foundation_model | The foundation model for the Bedrock agent. | string |
n/a | yes |
instruction | A narrative instruction to provide the agent as context. | string |
n/a | yes |
action_group_description | Description of the action group. | string |
null |
no |
action_group_name | Name of the action group. | string |
null |
no |
action_group_state | State of the action group. | string |
null |
no |
agent_alias_description | Description of the agent alias. | string |
null |
no |
agent_alias_name | The name of the guardrail. | string |
"TerraformBedrockAgentAlias" |
no |
agent_alias_tags | Tag bedrock agent alias resource. | map(string) |
null |
no |
agent_description | A description of agent. | string |
null |
no |
agent_id | Agent identifier. | string |
null |
no |
agent_name | The name of your agent. | string |
"TerraformBedrockAgents" |
no |
api_schema_payload | String OpenAPI Payload. | string |
null |
no |
api_schema_s3_bucket_name | A bucket in S3. | string |
null |
no |
api_schema_s3_object_key | An object key in S3. | string |
null |
no |
auth_type | The supported authentication type. | string |
null |
no |
base_prompt_template | Defines the prompt template with which to replace the default prompt template. | string |
null |
no |
bedrock_agent_version | Agent version. | string |
null |
no |
blocked_input_messaging | Messaging for when violations are detected in text. | string |
"Blocked input" |
no |
blocked_outputs_messaging | Messaging for when violations are detected in text. | string |
"Blocked output" |
no |
collection_arn | The ARN of the collection. | string |
null |
no |
collection_name | The name of the collection. | string |
null |
no |
confluence_credentials_secret_arn | The ARN of an AWS Secrets Manager secret that stores your authentication credentials for your Confluence instance URL. | string |
null |
no |
connection_string | The endpoint URL for your index management page. | string |
null |
no |
crawl_filter_type | The crawl filter type. | string |
null |
no |
crawler_scope | The scope that a web crawl job will be restricted to. | string |
null |
no |
create_ag | Whether or not to create an action group. | bool |
false |
no |
create_agent | Whether or not to deploy an agent. | bool |
true |
no |
create_agent_alias | Whether or not to create an agent alias. | bool |
false |
no |
create_confluence | Whether or not create a Confluence data source. | bool |
false |
no |
create_default_kb | Whether or not to create the default knowledge base. | bool |
false |
no |
create_guardrail | Whether or not to create a guardrail. | bool |
false |
no |
create_kb | Whether or not to attach a knowledge base. | bool |
false |
no |
create_kb_log_group | Whether or not to create a log group for the knowledge base. | bool |
false |
no |
create_mongo_config | Whether or not to use MongoDB Atlas configuration | bool |
false |
no |
create_opensearch_config | Whether or not to use Opensearch Serverless configuration | bool |
false |
no |
create_pinecone_config | Whether or not to use Pinecone configuration | bool |
false |
no |
create_rds_config | Whether or not to use RDS configuration | bool |
false |
no |
create_s3_data_source | Whether or not to create the S3 data source. | bool |
true |
no |
create_salesforce | Whether or not create a Salesforce data source. | bool |
false |
no |
create_sharepoint | Whether or not create a Share Point data source. | bool |
false |
no |
create_web_crawler | Whether or not create a web crawler data source. | bool |
false |
no |
credentials_secret_arn | The ARN of the secret in Secrets Manager that is linked to your database | string |
null |
no |
custom_control | Custom control of action execution. | string |
null |
no |
database_name | Name of the database. | string |
null |
no |
endpoint | Database endpoint | string |
null |
no |
endpoint_service_name | MongoDB Atlas endpoint service name. | string |
null |
no |
exclusion_filters | A set of regular expression filter patterns for a type of object. | list(string) |
[] |
no |
existing_kb | The ID of the existing knowledge base. | string |
null |
no |
filters_config | List of content filter configs in content policy. | list(map(string)) |
null |
no |
guardrail_description | Description of the guardrail. | string |
null |
no |
guardrail_kms_key_arn | KMS encryption key to use for the guardrail. | string |
null |
no |
guardrail_name | The name of the guardrail. | string |
"TerraformBedrockGuardrail" |
no |
guardrail_tags | A map of tags keys and values for the knowledge base. | list(map(string)) |
null |
no |
host_type | The supported host type, whether online/cloud or server/on-premises. | string |
null |
no |
host_url | The host URL or instance URL. | string |
null |
no |
idle_session_ttl | How long sessions should be kept open for the agent. | number |
600 |
no |
inclusion_filters | A set of regular expression filter patterns for a type of object. | list(string) |
[] |
no |
kb_description | Description of knowledge base. | string |
"Terraform deployed Knowledge Base" |
no |
kb_embedding_model_arn | The ARN of the model used to create vector embeddings for the knowledge base. | string |
"arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-embed-text-v1" |
no |
kb_log_group_retention_in_days | The retention period of the knowledge base log group. | number |
0 |
no |
kb_monitoring_arn | The ARN of the target for delivery of knowledge base application logs | string |
null |
no |
kb_name | Name of the knowledge base. | string |
"knowledge-base" |
no |
kb_role_arn | The ARN of the IAM role with permission to invoke API operations on the knowledge base. | string |
null |
no |
kb_s3_data_source | The S3 data source ARN for the knowledge base. | string |
null |
no |
kb_s3_data_source_kms_arn | The ARN of the KMS key used to encrypt S3 content | string |
null |
no |
kb_state | State of knowledge base; whether it is enabled or disabled | string |
"ENABLED" |
no |
kb_storage_type | The storage type of a knowledge base. | string |
null |
no |
kb_tags | A map of tags keys and values for the knowledge base. | map(string) |
null |
no |
kb_type | The type of a knowledge base. | string |
null |
no |
kms_key_arn | KMS encryption key to use for the agent. | string |
null |
no |
lambda_action_group_executor | ARN of Lambda. | string |
null |
no |
managed_word_lists_config | A config for the list of managed words. | list(map(string)) |
null |
no |
max_length | The maximum number of tokens to generate in the response. | number |
0 |
no |
metadata_field | The name of the field in which Amazon Bedrock stores metadata about the vector store. | string |
"AMAZON_BEDROCK_METADATA" |
no |
name_prefix | This value is appended at the beginning of resource names. | string |
"BedrockAgents" |
no |
namespace | The namespace to be used to write new data to your pinecone database | string |
null |
no |
override_lambda_arn | The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. | string |
null |
no |
parent_action_group_signature | Action group signature for a builtin action. | string |
null |
no |
parser_mode | Specifies whether to override the default parser Lambda function. | string |
null |
no |
pattern_object_filter_list | List of pattern object information. | list(object({ |
[] |
no |
pii_entities_config | List of entities. | list(map(string)) |
null |
no |
primary_key_field | The name of the field in which Bedrock stores the ID for each entry. | string |
null |
no |
prompt_creation_mode | Specifies whether to override the default prompt template. | string |
null |
no |
prompt_override | Whether to provide prompt override configuration. | bool |
false |
no |
prompt_state | Specifies whether to allow the agent to carry out the step specified in the promptType. | string |
null |
no |
prompt_type | The step in the agent sequence that this prompt configuration applies to. | string |
null |
no |
rate_limit | Rate of web URLs retrieved per minute. | number |
null |
no |
regexes_config | List of regex. | list(map(string)) |
null |
no |
resource_arn | The ARN of the vector store. | string |
null |
no |
salesforce_credentials_secret_arn | The ARN of an AWS Secrets Manager secret that stores your authentication credentials for your Salesforce instance URL. | string |
null |
no |
seed_urls | A list of web urls. | list(object({url = string})) |
[] |
no |
share_point_credentials_secret_arn | The ARN of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site/sites. | string |
null |
no |
share_point_domain | The domain of your SharePoint instance or site URL/URLs. | string |
null |
no |
share_point_site_urls | A list of one or more SharePoint site URLs. | list(string) |
[] |
no |
skip_resource_in_use | Specifies whether to allow deleting action group while it is in use. | bool |
null |
no |
stop_sequences | A list of stop sequences. | list(string) |
[] |
no |
table_name | The name of the table in the database. | string |
null |
no |
tags | Tag bedrock agent resource. | map(string) |
null |
no |
temperature | The likelihood of the model selecting higher-probability options while generating a response. | number |
0 |
no |
tenant_id | The identifier of your Microsoft 365 tenant. | string |
null |
no |
text_field | The name of the field in which Amazon Bedrock stores the raw text from your data. | string |
"AMAZON_BEDROCK_TEXT_CHUNK" |
no |
top_k | Sample from the k most likely next tokens. | number |
50 |
no |
top_p | Cumulative probability cutoff for token selection. | number |
0.5 |
no |
topics_config | List of topic configs in topic policy | list(object({ |
null |
no |
vector_field | The name of the field where the vector embeddings are stored | string |
"bedrock-knowledge-base-default-vector" |
no |
vector_index_name | The name of the vector index. | string |
"bedrock-knowledge-base-default-index" |
no |
words_config | List of custom word configs. | list(map(string)) |
null |
no |
Name | Description |
---|---|
bedrock_agent | The Amazon Bedrock Agent if it is created. |
cloudwatch_log_group | The name of the CloudWatch log group for the knowledge base. If no log group was requested, value will be null |
datasource_identifier | The unique identifier of the data source. |
default_collection | Opensearch default collection value. |
default_kb_identifier | The unique identifier of the default knowledge base that was created. If no default KB was requested, value will be null |
mongo_kb_identifier | The unique identifier of the MongoDB knowledge base that was created. If no MongoDB KB was requested, value will be null |
opensearch_kb_identifier | The unique identifier of the OpenSearch knowledge base that was created. If no OpenSearch KB was requested, value will be null |
pinecone_kb_identifier | The unique identifier of the Pinecone knowledge base that was created. If no Pinecone KB was requested, value will be null |
rds_kb_identifier | The unique identifier of the RDS knowledge base that was created. If no RDS KB was requested, value will be null |
s3_data_source_arn | The Amazon Bedrock Data Source for S3. |