Book a demo

AWS Bedrock Agent

AKTO AWS Bedrock Monitoring - Client Setup Guide

Overview

This guide provides step-by-step instructions for setting up AKTO's AWS Bedrock monitoring solution in your AWS account. This solution automatically captures, processes, and sends AWS Bedrock agent conversations to your AKTO instance for security analysis.

What You'll Achieve

βœ… Automated Bedrock Monitoring: Capture all AWS Bedrock agent conversations βœ… Real-time Processing: Process logs every 5 minutes automatically βœ… Security Analysis: Send conversation data to AKTO for threat detection βœ… Multi-Model Support: Works with Amazon Nova, Claude, and other Bedrock models βœ… Client-Side Deployment: Complete data isolation in your AWS account

Prerequisites

1. AWS Account Requirements

  • AWS CLI installed and configured with user who has below permissions

  • IAM permissions for:

    • Lambda functions

    • S3 buckets

    • EventBridge rules

    • Bedrock service access

    • IAM role creation

2. AKTO Instance Requirements

  • AKTO Data ingestion service instance running and accessible

  • AKTO API key for authentication

Step-by-Step Setup

Step 1: Install AWS CLI if not installed

If aws CLI is already configured then move to Step 2

Step 1.1: Install Node.js

Step 1.2: Configure AWS Credentials

You need to tell AWS who you are:

It will ask for:

  • AWS Access Key ID: Get from AWS Console β†’ IAM β†’ Users β†’ Your User β†’ Security credentials

  • AWS Secret Access Key: Same place as above

  • Default region: Use us-east-1 (or your preferred region)

  • Default output format: Just press Enter

Step 1.3: Test AWS Access

Verify your AWS identity

aws sts get-caller-identity

βœ… Should show your account ID - You're ready! ❌ Shows error - Fix your credentials first

Step 2: Download the Solution

Step 3: Prepare Your Information

Before running the deployment, gather this information:

  1. S3 Bucket Name: A unique bucket name for storing Bedrock logs

    • Example: my-company-bedrock-logs-2024

    • Must be globally unique across all AWS accounts

  2. AKTO Data Ingestion URL: Your AKTO endpoint

    • Format: https://your-akto-instance.com/api/ingestData

    • Replace your-akto-instance.com with your actual AKTO domain/IP

  3. AKTO API Key: Authentication key for your AKTO instance

    • Obtain from your AKTO dashboard

    • Example: ak_live_xxxxxxxxxxxxxxxxxxxx

Step 4: Run the Deployment

Execute the deployment script:

The script will prompt you for the required information:

Step 5: Wait for Deployment

The script will automatically:

  1. Create IAM Role: Set up permissions for Lambda

  2. Deploy Lambda Function: Upload and configure the processing function

  3. Set Up EventBridge: Schedule processing every 5 minutes

  4. Configure Environment: Set all required variables

Expected Output:

Step 6: Verify the Deployment

Run the verification script:

This will check:

  • βœ… Lambda function exists and is accessible

  • βœ… S3 bucket is properly configured

  • βœ… CloudWatch logs are working

  • βœ… EventBridge schedule is active

Step 7: Create S3 Bucket (If Needed)

If you don't have an S3 bucket, create one:

Step 8: Test with Bedrock

Generate a test conversation:

Step 9: Monitor the System

Check Lambda Logs:

Check S3 for Bedrock Logs:

Manual Lambda Test:

System Architecture

Troubleshooting

Common Issues

1. Permission Denied Errors

2. S3 Bucket Already Exists

3. Lambda Function Not Processing

4. AKTO Connection Issues

Important Notes

  1. Bedrock Logging Configuration: The Lambda function automatically enables Bedrock model invocation logging on first run if not enabled

  2. Processing Schedule: Logs are processed every 5 minutes via EventBridge

  3. Data Format: Conversations are formatted in AKTO StandardMessage format with security tags

  4. Security: All data remains in your AWS account; no external access required

What Happens Next

Once deployed, the system will:

  1. Auto-Configure Bedrock: Enable model invocation logging to your S3 bucket

  2. Process Conversations: Extract and format conversation data every 5 minutes

  3. Send to AKTO: Forward processed data to your AKTO instance for analysis

  4. Monitor Security: AKTO will analyze conversations for potential threats

Support

For issues or questions:

  1. Check CloudWatch Logs: Monitor Lambda execution logs

  2. Review S3 Configuration: Ensure bucket exists and is accessible

  3. Verify AKTO Connectivity: Test endpoint and API key

πŸŽ‰ You now have complete AWS Bedrock monitoring integrated with AKTO!

PreviousKong Agentic Guardrail IntegrationNextSource Code Analyzer

Last updated

Was this helpful?