This bootstrapper creates the required permissions boundary and roles for Amazon Bedrock Studio, simplifying the creation of a Bedrock Studio workspace.
By default, the bootstrapper creates a provisioning role, a service role, and a set of permissions boundaries.
Optionally, you can enable the creation of a KMS key and an OpenSearch encryption policy by providing a custom configuration.
This script interacts with services that may incur charges to your AWS account. For more information, see AWS Pricing.
Additionally, it might theoretically modify or delete existing AWS resources. As a matter of due diligence, do the following:
- Be aware of the resources that it creates or deletes.
- Be aware of the costs that might be charged to your account as a result.
- Back up your important data.
- You must have an AWS account, and have your default credentials and AWS Region configured as described in the AWS Tools and SDKs Reference Guide.
- You must have an AWS IAM Identity Center set up in the same AWS Region as your Bedrock Studio workspace.
- Python 3.12.0 or later
Depending on how you have Python installed and on your operating system, the commands to install and run might vary slightly. For example, on Windows, you might have to use py
in place of python
.
This repository contains a requirements.txt
file that defines the packages needed to run the bootstrapper. To install the required packages, first create a virtual environment by running the following:
python -m venv .venv
This creates a virtual environment folder named .venv
. Each virtual environment
contains an independent set of Python packages. Activate the virtual environment by
running one of the following:
.venv\Scripts\activate # Windows
source .venv/bin/activate # Linux, macOS, or Unix
Install the packages for the bootstrapper by running the following:
python -m pip install -r requirements.txt
This installs all the packages listed in the requirements.txt
file in the current
folder.
-
Open the script
bedrock_studio_bootstrapper.py
in a text editor. -
Locate the
customize_and_run()
function (around line 27). -
By default, the script runs with a default configuration. If you want to use this default setup, you don't need to make any changes.
-
To customize the bootstrapper, you can uncomment and modify the
custom_configuration
object. Here's how you can customize different aspects:a. Change role names:
custom_configuration = BootstrapConfiguration( provisioning_role_name="CustomProvisioningRoleName", service_role_name="CustomServiceRoleName" )
b. Enable KMS key creation with a custom alias:
custom_configuration = BootstrapConfiguration( kms_config=KmsConfiguration( enabled=True, key_alias="CustomKmsKeyAlias" ) )
c. Enable OpenSearch encryption policy with a custom domain ID:
custom_configuration = BootstrapConfiguration( opensearch_config=OpenSearchConfiguration( enabled=True, domain_id="1234567" # Replace with the first seven digits of your OpenSearch domain ID ) )
You can combine these configurations as needed.
-
After setting up your custom configuration, uncomment the following lines:
custom_bootstrapper = BedrockStudioBootstrapper( region=region, config=custom_configuration ) custom_bootstrapper.run()
-
Comment out or remove the default bootstrapper lines:
default_bootstrapper = BedrockStudioBootstrapper(region=region)
default_bootstrapper.run()
- Save your changes to the script.
By following these steps, you can easily customize the bootstrapper to fit your specific needs before running it. If you don't need any customization, you can run the script as-is to use the default configuration.
Once all prerequisites are in place and you have customized the bootstrapper, it can be run from the command line:
python bedrock_studio_bootstrapper.py
All content in this repository, unless otherwise stated, is Copyright © Amazon Web Services, Inc. or its affiliates. All rights reserved.
Except where otherwise noted, all examples in this collection are licensed under the Apache license, version 2.0 (the "License"). The full license text is provided in the LICENSE
file accompanying this repository.