AI/ML, AWS, Cloud Computing

4 Mins Read

Building GenAI Applications Using Amazon Bedrock with AWS PrivateLink

Voiced by Amazon Polly


Data privacy is a critical concern in data analytics and machine learning, especially with the rise of Generative AI. Without security measures, these tools can be vulnerable to data breaches, leading to unauthorized access or misuse of sensitive information. Amazon Bedrock and AWS PrivateLink provide a secure environment for developing Generative AI applications, ensuring data privacy and regulatory compliance.


The importance of protecting data privacy cannot be overstated in the modern data-driven landscape. This is particularly true when dealing with advanced technologies such as Generative AI, which are increasingly utilized across various sectors. As these technologies evolve, so do the risks associated with data breaches and unauthorized access to sensitive information.

Generative AI has revolutionized fields like natural language processing and image generation, but its rapid adoption raises significant security concerns. Ensuring that sensitive data remains secure and private is paramount. This guide delves into how Amazon Bedrock, a fully managed service with AWS PrivateLink, offers a secure and compliant solution for building and deploying Generative AI applications.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Amazon Bedrock

Amazon Bedrock is designed to help developers create Generative AI applications securely, adhering to rigorous data privacy standards and compliance requirements such as GDPR and HIPAA.

The service offers several features to ensure data security and privacy:

  • Data Security: Amazon Bedrock ensures that your content, including prompt data, fine-tuning data, and vector store data with Retrieval Augmented Generation (RAG), is not shared with third-party model providers, including AWS. This isolation helps prevent unauthorized access to your data.
  • Private Connectivity: AWS PrivateLink lets you establish private connections between Foundation Models (FMs) and your on-premises networks or Amazon VPCs. This setup avoids exposing your traffic to the public internet, significantly reducing the risk of data breaches.
  • Encryption: All data handled by Amazon Bedrock is encrypted in transit and at rest using TLS1.2. You can choose to use your encryption keys or those provided by AWS Key Management Service (KMS), ensuring that you have full control over your data security.
  • Custom Model Security: You can encrypt and store fine-tuned models using the AWS KMS key, which AWS or you manage. This feature ensures that any customization you perform on models is secure and isolated.
  • VPC Configuration: Amazon Bedrock supports configuring Amazon VPCs for fine-tuning jobs, which prevents the training data from being accessible over the internet. This adds an extra layer of security by keeping your data within a controlled environment.

Step-by-Step Guide

  1. Create AWS Lambda Functions: Develop AWS Lambda functions as part of your Generative AI application that interacts with Foundation Models via Amazon Bedrock. These functions will serve as the core components of your application, handling tasks such as text generation and data processing.
  2. Create VPC with Private Subnets: Set up Amazon VPC with private subnets. Ensure the Amazon VPC has at least two Availability Zones (AZs) for resilience. Not all AZs support Amazon Bedrock VPC endpoints, so verify the supported AZs in your region.
  3. Create a Security Group: Configure a security group within the Amazon VPC to control traffic. Set inbound rules to allow HTTPS traffic and restrict access to specific IP addresses if necessary.
  4. Connect AWS Lambda Functions to Your Amazon VPC: Attach your AWS Lambda functions to your Amazon VPC using Hyperplane ENIs.


5. Create Amazon Bedrock VPC Endpoint: Establish an interface Amazon VPC endpoint to connect your Amazon VPC to the Amazon Bedrock service using AWS PrivateLink. Configure endpoint policies to control access to the Amazon Bedrock service.


6. Test Your GenAI Application: Invoke your AWS Lambda functions to test the private link connection to Amazon Bedrock. Ensure that the setup works correctly by running tests from your client or AWS Lambda console.


Amazon Bedrock and AWS PrivateLink provide a robust solution for building Generative AI applications with strong data privacy and security controls. By leveraging these tools, you can ensure your data remains protected and compliant with regulatory standards.

This setup secures your applications and provides a streamlined approach to integrating AI capabilities within your existing infrastructure.

Drop a query if you have any questions regarding Amazon Bedrock or AWS PrivateLink and we will get back to you quickly

Empowering organizations to become ‘data driven’ enterprises with our Cloud experts.

  • Reduced infrastructure costs
  • Timely data-driven decisions
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery PartnerAWS Microsoft Workload PartnersAmazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. Can I use my encryption keys with Amazon Bedrock?

ANS: – Yes, you can use your encryption keys or AWS KMS keys to encrypt data both in transit and at rest, giving you full control over your data security.

2. What regulatory standards does Amazon Bedrock support?

ANS: – Amazon Bedrock supports compliance with GDPR, HIPAA, and other regulatory standards, ensuring that your applications meet necessary security requirements.

WRITTEN BY Suresh Kumar Reddy

Yerraballi Suresh Kumar Reddy is working as a Research Associate - Data and AI/ML at CloudThat. He is a self-motivated and hard-working Cloud Data Science aspirant who is adept at using analytical tools for analyzing and extracting meaningful insights from data.



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!