Bedrock Integration with nOps Platform

To integrate Bedrock with Inform, follow these steps:

1. Enable Model Invocation Logs in Bedrock
2. Configure IAM Permissions for nOps
3. Set Up Integration in nOps Platform
4. Verify Integration

---

Prerequisites

Before setting up the integration, ensure you have:

1. AWS Account With Amazon Bedrock Usage

   • Active AWS account with Bedrock enabled
   • Administrative access to configure Bedrock settings

2. Required Permissions

   • Ability to enable Model Invocation Logs in Bedrock
   • Permission to modify IAM policies and roles
   • Access to configure S3 large data delivery destination

3. Required Information

   • S3 bucket/prefix for Bedrock large data delivery (required), e.g., s3://your-bucket/prefix

---

Accessing Inform Integrations

To begin, navigate to the Organization Settings and click on Integrations. From there, select Inform to proceed with setting up your Bedrock integration.

Below is an example of the integrations page:

This page provides access to configure and manage integrations with your Inform tools.

The list of integrations will indicate whether there are any active integrations or if the tools are not yet integrated. Active integrations will be marked accordingly, allowing you to easily identify the current status of each integration.

---

How the Integration Works

1. Model Invocation Logs Enablement

   • Enable Model Invocation Logs in Amazon Bedrock to capture detailed usage data
   • Configure an S3 location where Bedrock will write invocation logs

2. IAM Configuration

   • Configure the existing NopsIntegrationPolicy attached to your Nops-Integration-* IAM Role. This must be done in the account you plan to publish your Bedrock Model Invocation logs to.
   • Grant S3 read access to the bucket/prefix where Bedrock writes the invocation logs

3. Integration Setup

   • Provide the S3 Data Prefix (s3://bucket/prefix) to nOps
     note

     Make sure your AWS account integration with nOps is already established before proceeding.

4. Data Retrieval by nOps

   • nOps uses the configured IAM permissions to access Bedrock data from the S3 large data delivery location

5. Data Processing

   • The retrieved data is processed and displayed within the Inform Explorer

   • Cost information is organized by model, service type, and time period

     note

     Allowing access to Amazon Bedrock Model Invocation Logs can contain sensitive data. nOps does not train our models on this data nor expose message content within our platform.

---

Step 1: Enable Model Invocation Logs in Bedrock

Model Invocation Logs are required to track your Bedrock usage and generate cost insights.

1. Access Bedrock Console

   • Log in to your AWS Management Console
   • Navigate to the Amazon Bedrock console
   • Ensure you're in the region where you intend to enable logging

2. Configure Model Invocation Logs

   • In the Bedrock console, navigate to Settings under Configure and learn in the left sidebar
   • Enable the Model invocation logging
   • Choose the data types you would like to store
   important

   Message content can contain sensitive information. If you wish to exclude your message content from logs, please disable the Text checkbox.

3. Set Up S3

   • Configure the S3 location
   • Specify an S3 bucket and prefix (e.g., s3://your-bucket/bedrock/)
   • Choose an existing service role or create a new one to allow Bedrock to write logs to S3
   • Click Save settings
   important

   Make note of the S3 bucket and prefix as you'll need it for the nOps integration setup.

4. Verify Logging Configuration

   • Make a test model invocation to ensure logs are being generated
   • Check the S3 bucket to confirm log files are appearing
   caution

   Model Invocation Logs will only capture usage going forward from the time they are enabled. Historical usage prior to enabling logs will not be available.

---

Step 2: Configure IAM Permissions for nOps

During the nOps onboarding process, an inline NopsIntegrationPolicy is typically attached to your Nops-Integration-* IAM Role at the organization level. You need to ensure proper permissions for accessing the Bedrock S3 large data delivery bucket/prefix.

1. Locate Your nOps Integration Role

   • Navigate to the IAM console
   • Search for roles starting with Nops-Integration-
   • Select the role used for your nOps integration

note

The nOps integration role and policy may be at the organization level. Please start with your payer account and or ensure you're modifying the integration role that is within the child account that will contain the Bedrock logs.

2. Review Existing Policies

   • Look for the inline policy named NopsIntegrationPolicy

3. Update Policy Permissions

   • Grant read access to your Bedrock large data delivery S3 bucket/prefix:

   {
     "Effect": "Allow",
     "Action": ["s3:ListBucket"],
     "Resource": "arn:aws:s3:::YOUR_BUCKET",
     "Condition": {"StringLike": {"s3:prefix": ["YOUR_PREFIX/*"]}}
   }

   {
     "Effect": "Allow",
     "Action": ["s3:GetObject"],
     "Resource": "arn:aws:s3:::YOUR_BUCKET/YOUR_PREFIX/*"
   }
   note

   Replace YOUR_BUCKET and YOUR_PREFIX with your actual S3 bucket and prefix used for large data delivery.

4. Save Policy Changes

   • Review and save the updated policy
   • Ensure the role has the necessary permissions to access the S3 bucket

---

Step 3: Set Up Integration in nOps Platform

1. Access the Inform Integrations page to begin.
2. Select the Bedrock integration card.
3. Click on the +Add Bedrock Integration button

Configuration Parameters

1. Enter S3 Data Prefix

   • Paste the S3 URI where Bedrock writes invocation logs via large data delivery
   • Example: s3://your-bucket/bedrock/

2. Click Setup to finish

   important

   Double-check your S3 Data Prefix. Incorrect entries will prevent data synchronization.

---

Step 4: Verify Integration

After setting up the integration, you should see it listed in your active integrations.

1. Wait for Data Synchronization

   • It may take up to 24-48 hours for the initial data to appear
   • After synchronization, you can access your Bedrock usage data in the Explorer tab

2. Access Usage Data

   • Navigate to the Explorer tab
   • Look for Bedrock as a service provider in your cost breakdowns
   • Filter and analyze costs by model, service type, and time period
   • If Request Metadata is included within the requests, you'll see your metadata appear as tags

---

Managing Multiple Integrations

If you need to track costs for multiple AWS accounts with Bedrock usage:

1. Configure Each AWS Account Separately

   • Enable Model Invocation Logs in each AWS account
   • Ensure each account has the appropriate IAM permissions configured

2. Set Up Additional Integrations

   • Follow the same process to add each integration
   • Use distinct, descriptive names for each integration to easily identify them

---

For support, contact nOps with your integration name (not sensitive AWS details) and any error messages you've encountered.