Amazon Bedrock is a fully managed service that offers a choice of foundation models (FMs) along with a broad set of capabilities for building generative AI applications.
This module includes resources to deploy Bedrock features.
With Knowledge Bases for Amazon Bedrock, you can give FMs and agents contextual information from your company’s private data sources for Retrieval Augmented Generation (RAG) to deliver more relevant, accurate, and customized responses.
A vector index on a vector store is required to create a Knowledge Base. This construct currently supports Amazon OpenSearch Serverless, Amazon RDS Aurora PostgreSQL, Pinecone, and MongoDB. By default, this resource will create an OpenSearch Serverless vector collection and index for each Knowledge Base you create, but you can provide an existing collection to have more control. For other resources you need to have the vector stores already created and credentials stored in AWS Secrets Manager.
The resource accepts an instruction prop that is provided to any Bedrock Agent it is associated with so the agent can decide when to query the Knowledge Base.
To create a knowledge base, make sure you pass in the appropriate variables and set the create_kb
variable to true
.
Example default Opensearch Serverless Agent with Knowledgebase
provider "opensearch" {
url = module.bedrock.default_collection[0].collection_endpoint
healthcheck = false
}
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.7"
create_kb = true
create_default_kb = true
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
Data sources are the various repositories or systems from which information is extracted and ingested into the knowledge base. These sources provide the raw content that will be processed, indexed, and made available for querying within the knowledge base system. Data sources can include various types of systems such as document management systems, databases, file storage systems, and content management platforms. Suuported Data Sources include Amazon S3 buckets, Web Crawlers, SharePoint sites, Salesforce instances, and Confluence spaces.
-
Amazon S3. You can either create a new data source by passing in the existing data source arn to the input variable
kb_s3_data_source
or create a new one by settingcreate_s3_data_source
to true. -
Web Crawler. You can create a new web crawler data source by setting the
create_web_crawler
input variable to true and passing in the necessary variables for urls, scope, etc. -
SharePoint. You can create a new SharePoint data source by setting the
create_sharepoint
input variable to true and passing in the necessary variables for site urls, filter patterns, etc. -
Salesforce. You can create a new Salesforce data source by setting the
create_salesforce
input variable to true and passing in the necessary variables for site urls, filter patterns, etc. -
Confluence. You can create a new Confluence data source by setting the
create_confluence
input variable to true and passing in the necessary variables for site urls, filter patterns, etc.
Enable generative AI applications to execute multistep tasks across company systems and data sources.
The following example creates an Agent with a simple instruction and without any action groups or knowedlge bases.
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.7"
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
To create an Agent with a default Knowledge Base you simply set create_kb
and create_default_kb
to true
:
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.7"
create_kb = true
create_default_kb = true
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
An action group defines functions your agent can call. The functions are Lambda functions. The action group uses an OpenAPI schema to tell the agent what your functions do and how to call them. You can configure an action group by passing in the appropriate input variables.
The Agent constructs take an optional parameter shouldPrepareAgent to indicate that the Agent should be prepared after any updates to an agent, Knowledge Base association, or action group. This may increase the time to create and update those resources. By default, this value is true.
Bedrock Agents allows you to customize the prompts and LLM configuration for its different steps. You can disable steps or create a new prompt template. Prompt templates can be inserted from plain text files.
Amazon Bedrock's Guardrails feature enables you to implement robust governance and control mechanisms for your generative AI applications, ensuring alignment with your specific use cases and responsible AI policies. Guardrails empowers you to create multiple tailored policy configurations, each designed to address the unique requirements and constraints of different use cases. These policy configurations can then be seamlessly applied across multiple foundation models (FMs) and Agents, ensuring a consistent user experience and standardizing safety, security, and privacy controls throughout your generative AI ecosystem.
With Guardrails, you can define and enforce granular, customizable policies to precisely govern the behavior of your generative AI applications. You can configure the following policies in a guardrail to avoid undesirable and harmful content and remove sensitive information for privacy protection.
Content filters – Adjust filter strengths to block input prompts or model responses containing harmful content.
Denied topics – Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses.
Word filters – Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc.
Sensitive information filters – Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses.
You can create a Guardrail by setting create_guardrail
to true and passing in the appropriate input variables:
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.7"
create_kb = false
create_default_kb = false
create_guardrail = true
blocked_input = "I can provide general info about services, but can't fully address your request here. For personalized help or detailed questions, please contact our customer service team directly. For security reasons, avoid sharing sensitive information through this channel. If you have a general product question, feel free to ask without including personal details."
blocked_output = "I can provide general info about services, but can't fully address your request here. For personalized help or detailed questions, please contact our customer service team directly. For security reasons, avoid sharing sensitive information through this channel. If you have a general product question, feel free to ask without including personal details."
filters_config = [
{
input_strength = "MEDIUM"
output_strength = "MEDIUM"
type = "HATE"
},
{
input_strength = "HIGH"
output_strength = "HIGH"
type = "VIOLENCE"
}
]
pii_entities_config = [
{
action = "BLOCK"
type = "NAME"
},
{
action = "BLOCK"
type = "DRIVER_ID"
},
{
action = "ANONYMIZE"
type = "USERNAME"
},
]
regexes_config = [{
action = "BLOCK"
description = "example regex"
name = "regex_example"
pattern = "^\\d{3}-\\d{2}-\\d{4}$"
}]
managed_word_lists_config = [{
type = "PROFANITY"
}]
words_config = [{
text = "HATE"
}]
topics_config = [{
name = "investment_topic"
examples = ["Where should I invest my money ?"]
type = "DENY"
definition = "Investment advice refers to inquiries, guidance, or recommendations regarding the management or allocation of funds or assets with the goal of generating returns ."
}]
foundation_model = "anthropic.claude-v2"
instruction = "You are an automotive assisant who can provide detailed information about cars to a customer."
}
Amazon Bedrock provides the ability to create and save prompts using Prompt management so that you can save time by applying the same prompt to different workflows. You can include variables in the prompt so that you can adjust the prompt for different use case.
Prompt variants in the context of Amazon Bedrock refer to alternative configurations of a prompt, including its message or the model and inference configurations used. Prompt variants allow you to create different versions of a prompt, test them, and save the variant that works best for your use case. You can add prompt variants to a prompt by passing in the values for the variants_list
variable:
variants_list = [
{
name = "variant-example"
template_type = "TEXT"
model_id = "amazon.titan-text-express-v1"
inference_configuration = {
text = {
temperature = 1
top_p = 0.9900000095367432
max_tokens = 300
stop_sequences = ["User:"]
top_k = 250
}
}
template_configuration = {
text = {
input_variables = [
{
name = "topic"
}
]
text = "Make me a {{genre}} playlist consisting of the following number of songs: {{number}}."
}
}
}
]
A prompt version is a snapshot of a prompt at a specific point in time that you create when you are satisfied with a set of configurations. Versions allow you to deploy your prompt and easily switch between different configurations for your prompt and update your application with the most appropriate version for your use-case.
You can create a Prompt version by setting create_prompt_version
to true and adding an optional prompt_version_description
and optional prompt_version_tags
.
Creating a prompt with a prompt version would look like:
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.7"
create_kb = false
create_default_kb = false
create_s3_data_source = false
create_agent = false
# Prompt Management
prompt_name = "prompt"
default_variant = "variant-example"
create_prompt = true
create_prompt_version = true
prompt_version_description = "Example prompt version"
variants_list = [
{
name = "variant-example"
template_type = "TEXT"
model_id = "amazon.titan-text-express-v1"
inference_configuration = {
text = {
temperature = 1
top_p = 0.9900000095367432
max_tokens = 300
stop_sequences = ["User:"]
top_k = 250
}
}
template_configuration = {
text = {
input_variables = [
{
name = "topic"
}
]
text = "Make me a {{genre}} playlist consisting of the following number of songs: {{number}}."
}
}
}
]
}
You can create an application inference profile with one or more Regions to track usage and costs when invoking a model.
To create an application inference profile for one Region, specify a foundation model. Usage and costs for requests made to that Region with that model will be tracked.
To create an application inference profile for multiple Regions, specify a cross region (system-defined) inference profile. The inference profile will route requests to the Regions defined in the cross region (system-defined) inference profile that you choose. Usage and costs for requests made to the Regions in the inference profile will be tracked. You can find the system defined inference profiles by navigating to your console (Amazon Bedrock -> Cross-region inference).
# Get current AWS account ID
data "aws_caller_identity" "current" {}
# Get current AWS region
data "aws_region" "current" {}
module "bedrock" {
source = "aws-ia/bedrock/aws"
version = "0.0.7"
create_kb = false
create_default_kb = false
create_s3_data_source = false
create_agent = false
# Application Inference Profile
create_app_inference_profile = true
app_inference_profile_model_source = "arn:aws:bedrock:${data.aws_region.current.name}::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0"
}
Name | Version |
---|---|
terraform | >= 1.0.7 |
aws | ~>5.0 |
awscc | >= 1.0.0 |
opensearch | = 2.2.0 |
random | >= 3.6.0 |
time | ~> 0.6 |
Name | Version |
---|---|
aws | ~>5.0 |
awscc | >= 1.0.0 |
opensearch | = 2.2.0 |
random | >= 3.6.0 |
time | ~> 0.6 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
action_group_description | Description of the action group. | string |
null |
no |
action_group_name | Name of the action group. | string |
null |
no |
action_group_state | State of the action group. | string |
null |
no |
agent_alias_description | Description of the agent alias. | string |
null |
no |
agent_alias_name | The name of the guardrail. | string |
"TerraformBedrockAgentAlias" |
no |
agent_alias_tags | Tag bedrock agent alias resource. | map(string) |
null |
no |
agent_description | A description of agent. | string |
null |
no |
agent_id | Agent identifier. | string |
null |
no |
agent_name | The name of your agent. | string |
"TerraformBedrockAgents" |
no |
api_schema_payload | String OpenAPI Payload. | string |
null |
no |
api_schema_s3_bucket_name | A bucket in S3. | string |
null |
no |
api_schema_s3_object_key | An object key in S3. | string |
null |
no |
app_inference_profile_description | A description of application inference profile. | string |
null |
no |
app_inference_profile_model_source | Source arns for a custom inference profile to copy its regional load balancing config from. This can either be a foundation model or predefined inference profile ARN. | string |
null |
no |
app_inference_profile_name | The name of your application inference profile. | string |
"AppInferenceProfile" |
no |
app_inference_profile_tags | A map of tag keys and values for application inference profile. | list(map(string)) |
null |
no |
auth_type | The supported authentication type. | string |
null |
no |
base_prompt_template | Defines the prompt template with which to replace the default prompt template. | string |
null |
no |
bedrock_agent_version | Agent version. | string |
null |
no |
blocked_input_messaging | Messaging for when violations are detected in text. | string |
"Blocked input" |
no |
blocked_outputs_messaging | Messaging for when violations are detected in text. | string |
"Blocked output" |
no |
breakpoint_percentile_threshold | The dissimilarity threshold for splitting chunks. | number |
null |
no |
bucket_owner_account_id | Bucket account owner ID for the S3 bucket. | string |
null |
no |
chunking_strategy | Knowledge base can split your source data into chunks. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. You have the following options for chunking your data. If you opt for NONE, then you may want to pre-process your files by splitting them up such that each file corresponds to a chunk. | string |
null |
no |
chunking_strategy_max_tokens | The maximum number of tokens to include in a chunk. | number |
null |
no |
chunking_strategy_overlap_percentage | The percentage of overlap between adjacent chunks of a data source. | number |
null |
no |
collection_arn | The ARN of the collection. | string |
null |
no |
collection_name | The name of the collection. | string |
null |
no |
confluence_credentials_secret_arn | The ARN of an AWS Secrets Manager secret that stores your authentication credentials for your Confluence instance URL. | string |
null |
no |
connection_string | The endpoint URL for your index management page. | string |
null |
no |
crawl_filter_type | The crawl filter type. | string |
null |
no |
crawler_scope | The scope that a web crawl job will be restricted to. | string |
null |
no |
create_ag | Whether or not to create an action group. | bool |
false |
no |
create_agent | Whether or not to deploy an agent. | bool |
true |
no |
create_agent_alias | Whether or not to create an agent alias. | bool |
false |
no |
create_app_inference_profile | Whether or not to create an application inference profile. | bool |
false |
no |
create_confluence | Whether or not create a Confluence data source. | bool |
false |
no |
create_custom_tranformation_config | Whether or not to create a custom transformation configuration. | bool |
false |
no |
create_default_kb | Whether or not to create the default knowledge base. | bool |
false |
no |
create_flow_alias | Whether or not to create a flow alias resource. | bool |
false |
no |
create_guardrail | Whether or not to create a guardrail. | bool |
false |
no |
create_kb | Whether or not to attach a knowledge base. | bool |
false |
no |
create_kb_log_group | Whether or not to create a log group for the knowledge base. | bool |
false |
no |
create_mongo_config | Whether or not to use MongoDB Atlas configuration | bool |
false |
no |
create_opensearch_config | Whether or not to use Opensearch Serverless configuration | bool |
false |
no |
create_parsing_configuration | Whether or not to create a parsing configuration. | bool |
false |
no |
create_pinecone_config | Whether or not to use Pinecone configuration | bool |
false |
no |
create_prompt | Whether or not to create a prompt resource. | bool |
false |
no |
create_prompt_version | Whether or not to create a prompt version. | bool |
false |
no |
create_rds_config | Whether or not to use RDS configuration | bool |
false |
no |
create_s3_data_source | Whether or not to create the S3 data source. | bool |
true |
no |
create_salesforce | Whether or not create a Salesforce data source. | bool |
false |
no |
create_sharepoint | Whether or not create a Share Point data source. | bool |
false |
no |
create_vector_ingestion_configuration | Whether or not to create a vector ingestion configuration. | bool |
false |
no |
create_web_crawler | Whether or not create a web crawler data source. | bool |
false |
no |
credentials_secret_arn | The ARN of the secret in Secrets Manager that is linked to your database | string |
null |
no |
custom_control | Custom control of action execution. | string |
null |
no |
customer_encryption_key_arn | A KMS key ARN. | string |
null |
no |
database_name | Name of the database. | string |
null |
no |
default_variant | Name for a variant. | string |
null |
no |
endpoint | Database endpoint | string |
null |
no |
endpoint_service_name | MongoDB Atlas endpoint service name. | string |
null |
no |
exclusion_filters | A set of regular expression filter patterns for a type of object. | list(string) |
[] |
no |
existing_kb | The ID of the existing knowledge base. | string |
null |
no |
filters_config | List of content filter configs in content policy. | list(map(string)) |
null |
no |
flow_alias_description | A description of the flow alias. | string |
null |
no |
flow_alias_name | The name of your flow alias. | string |
"BedrockFlowAlias" |
no |
flow_arn | ARN representation of the flow. | string |
null |
no |
flow_version | Version of the flow. | string |
null |
no |
flow_version_description | A description of flow version. | string |
null |
no |
foundation_model | The foundation model for the Bedrock agent. | string |
null |
no |
guardrail_description | Description of the guardrail. | string |
null |
no |
guardrail_kms_key_arn | KMS encryption key to use for the guardrail. | string |
null |
no |
guardrail_name | The name of the guardrail. | string |
"TerraformBedrockGuardrail" |
no |
guardrail_tags | A map of tags keys and values for the knowledge base. | list(map(string)) |
null |
no |
heirarchical_overlap_tokens | The number of tokens to repeat across chunks in the same layer. | number |
null |
no |
host_type | The supported host type, whether online/cloud or server/on-premises. | string |
null |
no |
host_url | The host URL or instance URL. | string |
null |
no |
idle_session_ttl | How long sessions should be kept open for the agent. | number |
600 |
no |
inclusion_filters | A set of regular expression filter patterns for a type of object. | list(string) |
[] |
no |
instruction | A narrative instruction to provide the agent as context. | string |
"" |
no |
kb_description | Description of knowledge base. | string |
"Terraform deployed Knowledge Base" |
no |
kb_embedding_model_arn | The ARN of the model used to create vector embeddings for the knowledge base. | string |
"arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-embed-text-v1" |
no |
kb_log_group_retention_in_days | The retention period of the knowledge base log group. | number |
0 |
no |
kb_monitoring_arn | The ARN of the target for delivery of knowledge base application logs | string |
null |
no |
kb_name | Name of the knowledge base. | string |
"knowledge-base" |
no |
kb_role_arn | The ARN of the IAM role with permission to invoke API operations on the knowledge base. | string |
null |
no |
kb_s3_data_source | The S3 data source ARN for the knowledge base. | string |
null |
no |
kb_s3_data_source_kms_arn | The ARN of the KMS key used to encrypt S3 content | string |
null |
no |
kb_state | State of knowledge base; whether it is enabled or disabled | string |
"ENABLED" |
no |
kb_storage_type | The storage type of a knowledge base. | string |
null |
no |
kb_tags | A map of tags keys and values for the knowledge base. | map(string) |
null |
no |
kb_type | The type of a knowledge base. | string |
null |
no |
kms_key_arn | KMS encryption key to use for the agent. | string |
null |
no |
lambda_action_group_executor | ARN of Lambda. | string |
null |
no |
level_configurations_list | Token settings for each layer. | list(object({ max_tokens = number })) |
null |
no |
managed_word_lists_config | A config for the list of managed words. | list(map(string)) |
null |
no |
max_length | The maximum number of tokens to generate in the response. | number |
0 |
no |
metadata_field | The name of the field in which Amazon Bedrock stores metadata about the vector store. | string |
"AMAZON_BEDROCK_METADATA" |
no |
name_prefix | This value is appended at the beginning of resource names. | string |
"BedrockAgents" |
no |
namespace | The namespace to be used to write new data to your pinecone database | string |
null |
no |
override_lambda_arn | The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. | string |
null |
no |
parent_action_group_signature | Action group signature for a builtin action. | string |
null |
no |
parser_mode | Specifies whether to override the default parser Lambda function. | string |
null |
no |
parsing_config_model_arn | The model's ARN. | string |
null |
no |
parsing_prompt_text | Instructions for interpreting the contents of a document. | string |
null |
no |
parsing_strategy | The parsing strategy for the data source. | string |
null |
no |
pattern_object_filter_list | List of pattern object information. | list(object({ |
[] |
no |
pii_entities_config | List of entities. | list(map(string)) |
null |
no |
primary_key_field | The name of the field in which Bedrock stores the ID for each entry. | string |
null |
no |
prompt_creation_mode | Specifies whether to override the default prompt template. | string |
null |
no |
prompt_description | Description for a prompt resource. | string |
null |
no |
prompt_name | Name for a prompt resource. | string |
null |
no |
prompt_override | Whether to provide prompt override configuration. | bool |
false |
no |
prompt_state | Specifies whether to allow the agent to carry out the step specified in the promptType. | string |
null |
no |
prompt_tags | A map of tag keys and values for prompt resource. | map(string) |
null |
no |
prompt_type | The step in the agent sequence that this prompt configuration applies to. | string |
null |
no |
prompt_version_description | Description for a prompt version resource. | string |
null |
no |
prompt_version_tags | A map of tag keys and values for a prompt version resource. | map(string) |
null |
no |
rate_limit | Rate of web URLs retrieved per minute. | number |
null |
no |
regexes_config | List of regex. | list(map(string)) |
null |
no |
resource_arn | The ARN of the vector store. | string |
null |
no |
s3_inclusion_prefixes | List of S3 prefixes that define the object containing the data sources. | list(string) |
null |
no |
s3_location_uri | A location for storing content from data sources temporarily as it is processed by custom components in the ingestion pipeline. | string |
null |
no |
salesforce_credentials_secret_arn | The ARN of an AWS Secrets Manager secret that stores your authentication credentials for your Salesforce instance URL. | string |
null |
no |
seed_urls | A list of web urls. | list(object({url = string})) |
[] |
no |
semantic_buffer_size | The buffer size. | number |
null |
no |
semantic_max_tokens | The maximum number of tokens that a chunk can contain. | number |
null |
no |
share_point_credentials_secret_arn | The ARN of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site/sites. | string |
null |
no |
share_point_domain | The domain of your SharePoint instance or site URL/URLs. | string |
null |
no |
share_point_site_urls | A list of one or more SharePoint site URLs. | list(string) |
[] |
no |
skip_resource_in_use | Specifies whether to allow deleting action group while it is in use. | bool |
null |
no |
stop_sequences | A list of stop sequences. | list(string) |
[] |
no |
table_name | The name of the table in the database. | string |
null |
no |
tags | Tag bedrock agent resource. | map(string) |
null |
no |
temperature | The likelihood of the model selecting higher-probability options while generating a response. | number |
0 |
no |
tenant_id | The identifier of your Microsoft 365 tenant. | string |
null |
no |
text_field | The name of the field in which Amazon Bedrock stores the raw text from your data. | string |
"AMAZON_BEDROCK_TEXT_CHUNK" |
no |
top_k | Sample from the k most likely next tokens. | number |
50 |
no |
top_p | Cumulative probability cutoff for token selection. | number |
0.5 |
no |
topics_config | List of topic configs in topic policy | list(object({ |
null |
no |
transformations_list | A list of Lambda functions that process documents. | list(object({ |
null |
no |
variants_list | List of prompt variants. | list(object({ |
null |
no |
vector_field | The name of the field where the vector embeddings are stored | string |
"bedrock-knowledge-base-default-vector" |
no |
vector_index_name | The name of the vector index. | string |
"bedrock-knowledge-base-default-index" |
no |
words_config | List of custom word configs. | list(map(string)) |
null |
no |
Name | Description |
---|---|
bedrock_agent | The Amazon Bedrock Agent if it is created. |
cloudwatch_log_group | The name of the CloudWatch log group for the knowledge base. If no log group was requested, value will be null |
datasource_identifier | The unique identifier of the data source. |
default_collection | Opensearch default collection value. |
default_kb_identifier | The unique identifier of the default knowledge base that was created. If no default KB was requested, value will be null |
mongo_kb_identifier | The unique identifier of the MongoDB knowledge base that was created. If no MongoDB KB was requested, value will be null |
opensearch_kb_identifier | The unique identifier of the OpenSearch knowledge base that was created. If no OpenSearch KB was requested, value will be null |
pinecone_kb_identifier | The unique identifier of the Pinecone knowledge base that was created. If no Pinecone KB was requested, value will be null |
rds_kb_identifier | The unique identifier of the RDS knowledge base that was created. If no RDS KB was requested, value will be null |
s3_data_source_arn | The Amazon Bedrock Data Source for S3. |