Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Use Customer-Managed Keys to Encrypt Custom Models

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: Bedrock-004

Ensure that your Amazon Bedrock custom models are encrypted with Amazon KMS Customer-Managed Keys (CMKs) instead of AWS-managed keys. This approach grants you more granular control over the data encryption at rest and helps meet compliance requirements. Custom models are fine-tuned versions of Amazon Bedrock foundation models that you create with your own data to improve performance for specific tasks.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Security
Operational
excellence

By default, Amazon Bedrock encrypts your custom models with an AWS-managed key. When you use your own KMS Customer Managed Keys (CMKs) to protect your data, you have full control over who can use the encryption keys to access your data. This improves data security posture and compliance by adhering to strict encryption requirements for sensitive machine learning (ML) models. The Amazon KMS service allows you to easily create, rotate, disable, and audit Customer Managed Keys for your Amazon Bedrock resources.


Audit

To obtain the encryption configuration available for your Amazon Bedrock custom models, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Foundation models, select Custom models.

04 Select the Models tab to list the Amazon Bedrock custom models available in the current AWS region.

05 Click on the name (link) of the custom model that you want to examine (fine-tuned or continued pre-training job), available in the Custom model name column.

06 In the Model details section, check the Custom model encryption KMS key attribute value to identify the Amazon KMS key used to encrypt the custom model data. If the Custom model encryption KMS key value is set to Bedrock owned KMS key, the selected Amazon Bedrock custom model is encrypted using an AWS-managed key (default key provided by Amazon Bedrock) instead of using a Customer-Managed Key (CMK).

07 Repeat steps no. 5 and 6 for each custom model available within the current AWS region.

08 Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

01 Run list-custom-models command (OSX/Linux/UNIX) to list the Amazon Resource Name (ARN) of each Amazon Bedrock custom model, available in the selected AWS cloud region:

aws bedrock list-custom-models
  --region us-east-1
  --query 'modelSummaries[*].modelArn'

02 The command output should return the requested model ARNs:

[
	"arn:aws:bedrock:us-east-1:123456789012:custom-model/amazon.titan-text-express-v1:0:8k/abcd1234abcd",
	"arn:aws:bedrock:us-east-1:123456789012:custom-model/amazon.titan-text-express-v1:0:8k/1234abcd1234"
]

03 Run get-custom-model command (OSX/Linux/UNIX) with the ARN of the Amazon Bedrock custom model that you want to examine as the identifier parameter and custom output filters to describe the ARN of the KMS key used to encrypt the custom model data:

aws bedrock get-custom-model
  --region us-east-1
  --model-identifier arn:aws:bedrock:us-east-1:123456789012:custom-model/amazon.titan-text-express-v1:0:8k/abcd1234abcd
  --query 'modelKmsKeyArn'

04 The command output should return the requested KMS key ARN:

null

If the get-custom-model command output returns null, as shown in the example above, the selected Amazon Bedrock custom model is encrypted using an AWS-managed key (default key provided by Amazon Bedrock) instead of using a Customer-Managed Key (CMK).

05 Repeat steps no. 3 and 4 for each custom model available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.

Remediation / Resolution

To encrypt your Amazon Bedrock custom models using your own KMS Customer Master Keys (CMKs), you must re-create your custom models with the necessary encryption configuration, by performing the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 To create your own KMS Customer Managed Key (CMK), navigate to Key Management Service (KMS) console available at https://console.aws.amazon.com/kms/.

03 In the main navigation panel, choose Customer managed keys.

04 Choose Create Key to initiate the key setup process.

05 For Step 1 Configure key, perform the following actions:

  1. Choose Symmetric for Key type.
  2. Select KMS for Key usage.
  3. Choose Advanced options, select KMS - recommended for Key material origin, and choose whether to allow your KMS key to be replicated into other AWS cloud regions. If Single-Region key is selected, the AWS region must match the region of your custom model.
  4. Select Next to continue the key setup process.

06 For Step 2 Add labels, provide the following details:

  1. Provide a unique name (alias) for your KMS key in the Alias box.
  2. (Optional) Enter a short description in the Description box.
  3. (Optional) Choose Add tag from the Tags - optional section to create any necessary tag sets. Tags can be used to categorize and identify your KMS keys and help you track your AWS costs.
  4. Select Next to continue the setup.

07 For Step 3 Define key administrative permissions, perform the following operations:

  1. For Key administrators, select which IAM users and/or roles can administer your new key through the KMS API. You may need to add additional permissions for the users or roles to administer the key from the AWS Management Console.
  2. For Key deletion, choose whether to allow key administrators to delete your KMS key.
  3. Select Next to continue the setup process.

08 For Step 4 Define key usage permissions, perform the following actions:

  1. For Key users, select which IAM users and/or roles can use your KMS key in cryptographic operations.
  2. (Optional) For Other AWS accounts section, specify the AWS accounts that can use your key. To configure cross-account access, choose Add another AWS account and enter the ID of the AWS cloud account that can use your KMS key for cryptographic operations. The administrators of the AWS accounts you specify at this step are responsible for managing the permissions that allow their IAM users and/or roles to use your key.
  3. Select Next to continue the setup.

09 For Step 5 Review, review the key configuration and key policy, then choose Finish to create your new Amazon KMS Customer Managed Key (CMK).

10 Once your new KMS Customer Managed Key (CMK) is available, navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

11 In the main navigation panel, under Foundation models, select Custom models.

12 Select the Jobs tab to list the Amazon Bedrock model customization jobs available in the current AWS region.

13 Click on the name (link) of the model customization job used to create your custom model and note the job configuration information such as data access role, base (source) model name, input (training) and output data config, and any defined hyperparameters. Model customization jobs are processes that allow users to fine-tune pre-trained AI models with their own data to better suit specific applications and requirements.

14 Navigate back to the Custom models page, choose the Jobs tab, and perform the following actions to create your new model customization job:

15 For fine-tuned jobs, choose Create Fine-tuning job, and perform the following operations:

  1. For Model details, provide a unique name for your new fine-tuned model and select the custom model that you want to encrypt with your new Customer-Managed Key (CMK). Check the Model encryption checkbox and select the ID of the Amazon KMS Customer Managed Key (CMK) created earlier in the Remediation process, from the Choose an AWS KMS key list. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  2. For Job configuration, provide a unique name for your new model customization job in the Job name box. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  3. (Optional) For VPC settings - optional, select the Virtual Private Cloud (VPC) that defines the virtual networking environment for your new job, choose a VPC subnet for each Availability Zone in the selected region, and select the security groups required for controlling traffic between Amazon Bedrock and your VPC resources.
  4. For Input data, specify the S3 location of your training input and validation datasets.
  5. For Hyperparameters, specify the hyperparameter values that you want to use for your new fine-tuning job (must match the source job hyperparameters).
  6. For Output data, choose Amazon S3 location to store the model validation outputs.
  7. Bedrock model customization job requires permissions to write to Amazon S3 on your behalf. For Service access, choose an existing IAM role that has permissions to access your S3 buckets (must match the data access role used by the source job).
  8. Choose Create Fine-tuning job to create your new Amazon Bedrock fine-tuning job. The resulting custom model will be encrypted with your own Amazon KMS Customer-Managed Key (CMK).

16 For continued pre-training jobs, choose Create Continued Pre-training jobs, and perform the following actions:

  1. For Model details, provide a unique name for your new pre-trained model and select the custom model that you want to encrypt with your new Customer-Managed Key (CMK). Check the Model encryption checkbox and select the ID of the Amazon KMS Customer Managed Key (CMK) created earlier in the Remediation process, from the Choose an AWS KMS key list. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  2. For Job configuration, provide a unique name for your new model customization job in the Job name box. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  3. (Optional) For VPC settings - optional, select the Virtual Private Cloud (VPC) that defines the virtual networking environment for your new job, choose a VPC subnet for each Availability Zone (AZ) in the selected region, and select the security groups required for controlling traffic between Amazon Bedrock and your VPC resources.
  4. For Input data, specify the S3 location of your training input and validation datasets.
  5. For Hyperparameters, specify the hyperparameter values that you want to use for your new pre-training job (must match the source job hyperparameters).
  6. For Output data, choose Amazon S3 location to store the model validation outputs.
  7. Bedrock model customization job requires permissions to write to Amazon S3 on your behalf. For Service access, choose an existing IAM role that has permissions to access your S3 buckets (must match the data access role used by the source job).
  8. Choose Create Continued Pre-training jobs to create your new Amazon Bedrock continued pre-training job. The resulting custom model will be encrypted with your own Customer-Managed Key (CMK).

17 Repeat steps no. 15 and 16 for each model customization job that you want to re-create, available within the current AWS region.

18 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Define the IAM policy that enables the selected users and/or roles to manage your new KMS Customer Managed Key (CMK), and to encrypt/decrypt your data using the KMS API. Create a new policy document (JSON format), name the file custom-model-key-policy.json, and paste the following content (replace \ and \ with your own AWS details):

{
	"Id": "aws-custom-model-cmk-policy",
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Enable IAM User Permissions",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::<aws-account-id>:root"
			},
			"Action": "kms:*",
			"Resource": "*"
		},
		{
			"Sid": "Allow access for Key Administrators",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::<aws-account-id>:role/service-role/<role-name>"
			},
			"Action": [
				"kms:Create*",
				"kms:Describe*",
				"kms:Enable*",
				"kms:List*",
				"kms:Put*",
				"kms:Update*",
				"kms:Revoke*",
				"kms:Disable*",
				"kms:Get*",
				"kms:Delete*",
				"kms:TagResource",
				"kms:UntagResource",
				"kms:ScheduleKeyDeletion",
				"kms:CancelKeyDeletion",
				"kms:RotateKeyOnDemand"
			],
			"Resource": "*"
		},
		{
			"Sid": "Allow use of the key",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::<aws-account-id>:role/service-role/<role-name>"
			},
			"Action": [
				"kms:Encrypt",
				"kms:Decrypt",
				"kms:ReEncrypt*",
				"kms:GenerateDataKey*",
				"kms:DescribeKey"
			],
			"Resource": "*"
		},
		{
			"Sid": "Allow attachment of persistent resources",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::<aws-account-id>:role/service-role/<role-name>"
			},
			"Action": [
				"kms:CreateGrant",
				"kms:ListGrants",
				"kms:RevokeGrant"
			],
			"Resource": "*",
			"Condition": {
				"Bool": {
					"kms:GrantIsForAWSResource": "true"
				}
			}
		}
	]
}

02 Run create-key command (OSX/Linux/UNIX) with the policy document created at the previous step (i.e.custom-model-key-policy.json) as value for the --policy parameter, to create your new Amazon KMS Customer Managed Key (CMK):

aws kms create-key
  --region us-east-1
  --description 'KMS CMK for Amazon Bedrock data encryption'
  --policy file://custom-model-key-policy.json
  --query 'KeyMetadata.Arn'

03 The command output should return the ARN of the new Customer Managed Key (CMK):

"arn:aws:kms:us-east-1:123456789012:key/1234abcd-1234-abcd-1234-abcd1234abcd"

04 Run create-alias command (OSX/Linux/UNIX) to attach an alias to your new Customer Managed Key (CMK). The alias must start with the prefix "alias/" (the command does not produce an output):

aws kms create-alias
  --region us-east-1
  --alias-name alias/CustomModelCMK
  --target-key-id arn:aws:kms:us-east-1:123456789012:key/1234abcd-1234-abcd-1234-abcd1234abcd

05 Run create-model-customization-job command (OSX/Linux/UNIX) to create a new Amazon Bedrock model customization job with the specified encryption configuration. The resulting custom model will be encrypted with your own Amazon KMS Customer-Managed Key (CMK). The following example creates a fine-tuning job to customize a model identified by the ARN: "arn:aws:bedrock:us-east-1:123456789012:custom-model/amazon.titan-text-express-v1:0:8k/abcd1234abcd". To encrypt the resulting custom model and its artifacts using a customer-provided KMS key, provide the ARN of your new Customer Managed Key (CMK) as value for the --custom-model-kms-key-id parameter:

aws bedrock create-model-customization-job
  --region us-east-1
  --job-name tm-new-fine-tuned-model-training-job
  --custom-model-name tm-new-fine-tuned-model
  --base-model-identifier arn:aws:bedrock:us-east-1:123456789012:custom-model/amazon.titan-text-express-v1:0:8k/abcd1234abcd
  --role-arn arn:aws:iam::123456789012:role/service-role/tm-bedrock-data-access-role
  --training-data-config s3Uri="s3://tm-bedrock-input-data/train.jsonl"
  --output-data-config s3Uri="s3://tm-bedrock-output-data"
  --hyper-parameters batchSize="1",epochCount="1",learningRate="0.0005",learningRateWarmupSteps="0"
  --custom-model-kms-key-id arn:aws:kms:us-east-1:123456789012:key/1234abcd-1234-abcd-1234-abcd1234abcd

06 The command output should return the Amazon Resource Name (ARN) of the new model customization job:

{
	"jobArn": "arn:aws:bedrock:us-east-1:123456789012:model-customization-job/amazon.titan-text-express-v1:0:8k/abcdabcdabcd"
}

07 Repeat steps no. 5 and 6 for each model customization job that you want to re-create, available in the selected AWS region.

08 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Jun 13, 2024