AWS bedrock high security documentation change
Summary
Expanded documentation for setting up Amazon Redshift as a query engine, configuring granular IAM permissions for knowledge base service roles, and adding security-focused SQL grant commands to limit data access
Security assessment
Added explicit IAM policies with least-privilege permissions (e.g., restricting to SELECT grants), warnings about avoiding CREATE/UPDATE/DELETE access, and SQL injection risk warnings. Includes security-focused authentication methods (Secrets Manager integration) and granular resource restrictions in policies.
Diff
diff --git a/bedrock/latest/userguide/knowledge-base-prereq-structured.md b/bedrock/latest/userguide/knowledge-base-prereq-structured.md index 425568c5c..384280b6a 100644 --- a//bedrock/latest/userguide/knowledge-base-prereq-structured.md +++ b//bedrock/latest/userguide/knowledge-base-prereq-structured.md @@ -5 +5 @@ -# Prerequisites for creating an Amazon Bedrock knowledge base with a structured data store +Create Amazon Redshift query engineConfigure Amazon Redshift query engine permissionsAllow knowledge base service role to access your data store @@ -7 +7,3 @@ -If you plan to connect a Amazon Bedrock knowledge base to a structured data store, you need to fulfill the prerequisites described in this topic. +# Set up your query engine and permissions for creating a knowledge base with structured data store + +This topic describes the permissions that you need when connecting your knowledge base to a structured data store. If you plan to connect a Amazon Bedrock knowledge base to a structured data store, you need to fulfill the prerequisites. For general permissions requirements to be fulfilled, see [Set up permissions for a user or role to create and manage knowledge bases](./knowledge-base-prereq-permissions-general.html). @@ -13 +15,354 @@ Executing arbitrary SQL queries can be a security risk for any Text-to-SQL appli -Review the following topics to ensure that you have all the necessary permissions set up. +Amazon Bedrock Knowledge Bases uses Amazon Redshift as the query engine for querying your data store. A query engine accesses metadata from a structured data store and uses the metadata to help generate SQL queries. Amazon Redshift is a data warehouse service that uses SQL to analyze structured data across data warehouses, databases, and data lakes. + +## Create Amazon Redshift query engine + +You can use Amazon Redshift Serverless or Amazon Redshift Provisioned depending on your use case, and connect to workgroups or clusters for your data warehouse. The underlying data that the Amazon Redshift engine can query can be data natively stored in Amazon Redshift clusters, or data located under the default AWS Glue Data Catalog (such as in Amazon S3 among others). + +If you've already created a query engine, you can skip this prerequisite. Otherwise, perform the following steps to set up your Amazon Redshift provisioned or Amazon Redshift Serverless query engine: + +###### To set up a query engine in Amazon Redshift provisioned + + 1. Follow the procedure in [Step 1: Create a sample Amazon Redshift cluster](https://docs.aws.amazon.com/redshift/latest/gsg/new-user.html#rs-gsg-launch-sample-cluster) in the Amazon Redshift Getting Started Guide. + + 2. Note the cluster ID. + + 3. (Optional) For more information about Amazon Redshift provisioned clusters, see [Amazon Redshift provisioned clusters](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html) in the Amazon Redshift Management Guide. + + + + +###### To set up a query engine in Amazon Redshift Serverless + + 1. Follow only the setup procedure in [Creating a data warehouse with Amazon Redshift Serverless](https://docs.aws.amazon.com/redshift/latest/gsg/new-user-serverless.html#serverless-console-resource-creation) in the Amazon Redshift Getting Started Guide and configure it with default settings. + + 2. Note the workgroup ARN. + + 3. (Optional) For more information about Amazon Redshift Serverless workgroups, see [Workgroups and namespaces](https://docs.aws.amazon.com/redshift/latest/mgmt/serverless-workgroup-namespace.html) in the Amazon Redshift Management Guide. + + + + +## Configure Amazon Redshift query engine permissions + +Depending on the Amazon Redshift query engine that you choose, you can configure certain permissions. The permissions that you configure depend on the authentication method. The following table shows the authentication methods that can be used for different query engines: + +Authentication method | Amazon Redshift Provisioned | Amazon Redshift Serverless +---|---|--- +IAM |  Yes |  Yes +Database username |  Yes |  No +AWS Secrets Manager |  Yes |  Yes + +Amazon Bedrock Knowledge Bases uses a [service role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html) to connect knowledge bases to structured data stores, retrieve data from these data stores, and generate SQL queries based on user queries and the structure of the data stores. + +###### Note + +If you plan to use the AWS Management Console to create a knowledge base, you can skip this prerequisite. The console will create an Amazon Bedrock Knowledge Bases service role with the proper permissions. + +To create a custom IAM service role with the proper permissions, follow the steps at [Create a role to delegate permissions to an AWS service](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html) and attach the trust relationship defined in [Trust relationship](./kb-permissions.html#kb-permissions-trust). + +Then, add permissions for your knowledge base to access your Amazon Redshift query engine and databases. Expand the section that applies to your use case: + +Attach the following policy to your custom service role to allow it to access your data and generate queries using it: + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "RedshiftDataAPIStatementPermissions", + "Effect": "Allow", + "Action": [ + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift-data:CancelStatement" + ], + "Resource": [ + "*" + ], + "Condition": { + "StringEquals": { + "redshift-data:statement-owner-iam-userid": "${aws:userid}" + } + } + }, + { + "Sid": "RedshiftDataAPIExecutePermissions", + "Effect": "Allow", + "Action": [ + "redshift-data:ExecuteStatement" + ], + "Resource": [ + "arn:aws:redshift:${Region}:${Account}:cluster:${Cluster}" + ] + }, + { + "Sid": "SqlWorkbenchAccess", + "Effect": "Allow", + "Action": [ + "sqlworkbench:GetSqlRecommendations", + "sqlworkbench:PutSqlGenerationContext", + "sqlworkbench:GetSqlGenerationContext", + "sqlworkbench:DeleteSqlGenerationContext" + ], + "Resource": "*" + }, + { + "Sid": "GenerateQueryAccess", + "Effect": "Allow", + "Action": [ + "bedrock:GenerateQuery" + ], + "Resource": "*" + } + ] + } + +You also need to add permissions to allow your service role to authenticate to the query engine. Expand a section to see the permissions for that method. + +IAM + + +To allow your service role to authenticate to your Amazon Redshift provisioned query engine with IAM, attach the following policy to your custom service role: + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "GetCredentialsWithFederatedIAMCredentials", + "Effect": "Allow", + "Action": "redshift:GetClusterCredentialsWithIAM", + "Resource": [ + "arn:aws:redshift:${region}:${account}:dbname:${cluster}/${database}" + ] + } + } + +Database user + + +To authenticate as an Amazon Redshift database user, attach the following policy to the service role: + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "GetCredentialsWithClusterCredentials", + "Effect": "Allow", + "Action": [ + "redshift:GetClusterCredentials" + ], + "Resource": [ + "arn:aws:redshift:${region}:${account}:dbuser:${cluster}/${dbuser}", + "arn:aws:redshift:${region}:${account}:dbname:${cluster}/${database}" + ] + } + ] + } + +AWS Secrets Manager + + +To allow your service role to authenticate to your Amazon Redshift provisioned query engine with an AWS Secrets Manager secret, do the following: + + * Attach the following policy to the role: + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "GetSecretPermissions", + "Effect": "Allow", + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "arn:aws:secretsmanager:${region}:${account}:secret:${secretName}" + ] + } + ] + } + + + + +The permissions to attach depend on your authentication method. Expand a section to see the permissions for a method. + +IAM + + +To allow your service role to authenticate to your Amazon Redshift serverless query engine with IAM, attach the following policy to your custom service role: + + + { + "Version": "2012-10-17", + "Statement": [