Enforcing tenant segregation with Agents for Amazon Bedrock in a shared tenant setting | AWS Machine Learning Blog

Introduction to Generative Artificial Intelligence Features

The number of generative artificial intelligence (AI) features is increasing in software offerings, particularly with the availability of foundational models (FMs) through Amazon Bedrock. This service provides access to high-performing models from leading AI companies like AI21 Labs, Anthropic, Cohere, and Meta.

Tenant Isolation in Multi-Tenant Environments

Securing tenant isolation is crucial in multi-tenant offerings, such as software as a service (SaaS) products. Different multi-tenant architecture patterns can be used to achieve isolation, balancing between silo models and pooled resources with varying levels of access control.

Implementing Tenant Isolation with Amazon Bedrock Agents

Learn how to implement tenant isolation using Amazon Bedrock agents within a multi-tenant environment. Explore a sample e-commerce application employing AI assistants to provide tenant-specific information and user-related data securely and efficiently.

User and Tenant Data Isolation Process

User and tenant data isolation procedures are outlined, detailing the steps involved in processing requests throughout the system securely. Components like Amazon Cognito, Lambda functions, and session attributes play key roles in enforcing tenant-specific access controls.

Setting up the AI Assistant in Your AWS Account

Step-by-step instructions are provided to set up the sample AI assistant architecture in your AWS account. This includes prerequisites, enabling access to specific models, deploying the CDK project, configuring frontend applications, and verifying functionality within your environment.

Managing Access Control and Security

Security practices, such as scoped IAM roles, cryptographically signed tokens, and session attributes management, are essential for maintaining data privacy and preventing unauthorized access. Best practices are highlighted to ensure secure and isolated operations of AI assistants in multi-tenant environments.

Conclusion

Enabling secure multi-tenant capabilities in AI assistants is essential for ensuring data privacy and responsible AI usage. By following recommended practices and leveraging technologies like Amazon Bedrock, organizations can build personalized and secure AI-powered applications.