Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Protect Model Customization Jobs using a VPC

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Use a Virtual Private Cloud (VPC) to isolate your Amazon S3 buckets containing training, validation, and output data for your Amazon Bedrock model customization jobs. The VPC acts as a secure network environment for your machine learning (ML) data.

Security

There are two main reasons to use a Virtual Private Cloud (VPC) to protect your Amazon Bedrock model customization jobs:

  1. Security: a VPC isolates your job's resources from the public Internet, making it harder for unauthorized access. This is especially important if your training data is sensitive.
  2. Control: with a VPC, you have more control over the network traffic to and from your jobs. This allows you to monitor activity and ensure your data stays within your designated environment.

Audit

To obtain the VPC configuration available for your Amazon Bedrock model customization jobs, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Foundation models, select Custom models.

04 Select the Jobs tab to list the Amazon Bedrock model customization jobs available in the current AWS region.

05 Click on the name (link) of the model customization job that you want to examine (fine-tuned or continued pre-training job), available in the Job name column.

06 In the VPC Settings section, check the VPC Id attribute value to identify the ID of the VPC used to protect your model customization job. If the VPC Settings section is not available, the selected Amazon Bedrock model customization job is not protected by a Virtual Private Cloud (VPC).

07 Repeat steps no. 5 and 6 for each model customization job available within the current AWS region.

08 Change the AWS cloud region from the navigation bar to repeat the Audit process for other regions.

Using AWS CLI

01 Run list-model-customization-jobs command (OSX/Linux/UNIX) to list the name of each Amazon Bedrock model customization job (fine-tuned or continued pre-training job), available in the selected AWS cloud region:

aws bedrock list-model-customization-jobs
  --region us-east-1
  --query 'modelCustomizationJobSummaries[*].jobName'

02 The command output should return the requested model customization job names:

[
	"tm-fine-tuned-model-training-job",
	"tm-continued-pre-training-job"
]

03 Run get-model-customization-job command (OSX/Linux/UNIX) with the name of the Amazon Bedrock model customization job that you want to examine as the identifier parameter and custom output filters to describe the VPC configuration available for the selected model customization job:

aws bedrock get-model-customization-job
  --region us-east-1
  --job-identifier tm-fine-tuned-model-training-job
  --query 'vpcConfig'

04 The command output should return the requested VPC configuration information:

null

If the get-model-customization-job command output returns null, as shown in the example above, there is no VPC configured for the training job, therefore, the selected Amazon Bedrock model customization job is not protected by a Virtual Private Cloud (VPC).

05 Repeat steps no. 3 and 4 for each model customization job available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.

Remediation / Resolution

To protect your Amazon Bedrock model customization jobs using a Virtual Private Cloud (VPC), you must re-create your training jobs with the necessary VPC configuration, by performing the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the main navigation panel, under Foundation models, select Custom models.

04 Select the Jobs tab to list the Amazon Bedrock model customization jobs available in the current AWS region.

05 Click on the name (link) of the model customization job that you want to re-create (i.e. source job) and note the job configuration information such as data access role, base (source) model name, input (training) and output data config, and any defined hyperparameters.

06 Navigate back to the Custom models page, choose the Jobs tab, and perform the following actions to create your new model customization job:

07 For fine-tuned jobs, choose Create Fine-tuning job, and perform the following operations:

  1. For Model details, select the base (source) model that you want to customize and provide a unique name for your new fine-tuned model. Check the Model encryption checkbox and select the ID of your own Amazon KMS Customer Managed Key (CMK), from the Choose an AWS KMS key list. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  2. For Job configuration, provide a unique name for your new model customization job in the Job name box. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  3. (Optional) For VPC settings - optional, select the Virtual Private Cloud (VPC) that defines the virtual networking environment for your new training job, choose a VPC subnet for each Availability Zone in the selected region, and select the security groups required for controlling traffic between Amazon Bedrock and your VPC resources.
  4. For Input data, specify the S3 location of your training input and validation datasets.
  5. For Hyperparameters, specify the hyperparameter values that you want to use for your new fine-tuning job (must match the source job hyperparameters).
  6. For Output data, choose Amazon S3 location to store the model validation outputs.
  7. Bedrock model customization job requires permissions to write to Amazon S3 on your behalf. For Service access, choose an existing IAM role that has permissions to access your S3 buckets (must match the data access role used by the source job).
  8. Choose Create Fine-tuning job to create your new, VPC-protected Amazon Bedrock fine-tuning job.

08 For continued pre-training jobs, choose Create Continued Pre-training jobs, and perform the following actions:

  1. For Model details, select the base (source) model that you want to customize and provide a unique name for your new pre-trained model. Check the Model encryption checkbox and select the ID of your own Amazon KMS Customer Managed Key (CMK), from the Choose an AWS KMS key list. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  2. For Job configuration, provide a unique name for your new model customization job in the Job name box. (Optional) For Tags - optional, create any required tag sets, according to the source job tagging scheme.
  3. (Optional) For VPC settings - optional, select the Virtual Private Cloud (VPC) that defines the virtual networking environment for your new job, choose a VPC subnet for each Availability Zone (AZ) in the selected region, and select the security groups required for controlling traffic between Amazon Bedrock and your VPC resources.
  4. For Input data, specify the S3 location of your training input and validation datasets.
  5. For Hyperparameters, specify the hyperparameter values that you want to use for your new pre-training job (must match the source job hyperparameters).
  6. For Output data, choose Amazon S3 location to store the model validation outputs.
  7. Bedrock model customization job requires permissions to write to Amazon S3 on your behalf. For Service access, choose an existing IAM role that has permissions to access your S3 buckets (must match the data access role used by the source job).
  8. Choose Create Continued Pre-training jobs to create your new, VPC-protected Amazon Bedrock continued pre-training job.

09 Repeat steps no. 5 - 8 for each model customization job that you want to re-create, available within the current AWS region.

10 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run create-model-customization-job command (OSX/Linux/UNIX) to re-create your Amazon Bedrock model customization job using a VPC configuration. The following example creates a fine-tuning job to customize a base model identified by the ARN: "arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-text-lite-v1:0:4k". To protect your model customization job with a Virtual Private Cloud (VPC), use the --vpc-config parameter to specify the VPC subnets and security groups that you want to use for your VPC configuration:

aws bedrock create-model-customization-job
  --region us-east-1
  --job-name tm-new-fine-tuned-model-training-job
  --custom-model-name tm-new-fine-tuned-model
  --base-model-identifier arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-text-lite-v1:0:4k
  --role-arn arn:aws:iam::123456789012:role/service-role/tm-bedrock-new-service-role
  --training-data-config s3Uri="s3://tm-bedrock-input-data/train.jsonl"
  --output-data-config s3Uri="s3://tm-bedrock-output-data"
  --hyper-parameters batchSize="1",epochCount="5",learningRate="0.00001",learningRateWarmupSteps="5"
  --custom-model-kms-key-id arn:aws:kms:us-east-1:123456789012:key/1234abcd-1234-abcd-1234-abcd1234abcd
  --vpc-config 'subnetIds="subnet-0abcdabcdabcdabcd","subnet-01234123412341234",securityGroupIds="sg-01234abcd1234abcd"'

02 The command output should return the Amazon Resource Name (ARN) of the new model customization job:

{
	"jobArn": "arn:aws:bedrock:us-east-1:123456789012:model-customization-job/amazon.titan-text-lite-v1:0:4k/abcdabcdabcd"
}

03 Repeat steps no. 1 and 2 for each model customization job that you want to re-create, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Jul 24, 2024