Restricting Amazon Bedrock Regions with IAM
Learn how to enhance data sovereignty by using AWS IAM to restrict Amazon Bedrock requests to specific regions. This guide provides a sample policy and crucial tips for managing cross-region inference while maintaining control over your AI processing locations.
We're big fans of Amazon Bedrock. One extremely useful feature, is the ability to use AWS Identity and Access Management (IAM) to restrict what regions your requests can be processed in.
For example, if we want to restrict our IAM role for LiteLLM to only processing inference requests in Australia, Canada, New Zealand, the UK, and/or the US, the simple policy below will do the trick.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowBedrockModelInvocationInAUSCANNZUKUS",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Condition": {
"StringEquals": {
"aws:RequestedRegion": [
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
"ca-central-1",
"ca-west-1",
"eu-west-2",
"ap-southeast-2",
"ap-southeast-4"
]
},
"StringLikeIfExists": {
"bedrock:InferenceProfileArn": "arn:aws:bedrock:*:*:inference-profile/us.*"
}
},
"Resource": [
"arn:aws:bedrock:*::foundation-model/*",
"arn:aws:bedrock:*:*:provisioned-model/*",
"arn:aws:bedrock:*:*:imported-model/*",
"arn:aws:bedrock:*:*:inference-profile/*"
]
}
]
}
One important note is the bedrock:InferenceProfileArn
check using StringLikeIfExists
. This is required to safely allow cross-region inference, while ensuring cross-region inference requests don't leave the US. Without this, we could end up with a cross-region inference request to eu-west-2
(London) being processed in somewhere like eu-west-3
(Paris), and France isn't in the list of countries mentioned above. (Note: as of the time of writing, eu-west-2
doesn't support cross-region inference, but that will likely change in the future. You want to ensure your policies today account for new services in the future.)
If you don't want to allow cross-region requests at all, simply drop arn:aws:bedrock:*:*:inference-profile/*
completely from the Resource
array, and remove the StringLikeIfExists
check. (We would really recommend you don't though.)