Connect to Amazon Bedrock
Set up an Amazon Bedrock LLM connector.
Connect to Amazon Bedrock
This page provides step-by-step instructions for setting up an Amazon Bedrock connector for the first time. This connector type enables you to leverage large language models (LLMs) within Kibana. You'll first need to configure AWS, then configure the connector in Kibana.
Note
Only Amazon Bedrock's Anthropic
models are supported: Claude
and Claude instant
.
Configure AWS
Configure an IAM policy
First, configure an IAM policy with the necessary permissions:
- Log into the AWS console and search for Identity and Access Management (IAM).
- From the IAM menu, select Policies → Create policy.
- To provide the necessary permissions, paste the following JSON into the Specify permissions menu.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": "*"
}
]
}
Note
These are the minimum required permissions. IAM policies with additional permissions are also supported.
- Click Next. Name your policy.
The following video demonstrates these steps.
Configure an IAM User
Next, assign the policy you just created to a new user:
- Return to the IAM menu. Select Users from the navigation menu, then click Create User.
- Name the user, then click Next.
- Select Attach policies directly.
- In the Permissions policies field, search for the policy you created earlier, select it, and click Next.
- Review the configuration then click Create user.
The following video demonstrates these steps.
Create an access key
Create the access keys that will authenticate your Elastic connector:
- Return to the IAM menu. Select Users from the navigation menu.
- Search for the user you just created, and click its name.
- Go to the Security credentials tab.
- Under Access keys, click Create access key.
- Select Third-party service, check the box under Confirmation, click Next, then click Create access key.
- Click Download .csv file to download the key. Store it securely.
The following video demonstrates these steps.
Enable model access
Make sure the supported Amazon Bedrock LLMs are enabled:
- Search the AWS console for Amazon Bedrock.
- From the Amazon Bedrock page, click Get started.
- Select Model access from the left navigation menu, then click Manage model access.
- Check the boxes for Claude and/or Claude Instant, depending which model or models you plan to use.
- Click Save changes.
The following video demonstrates these steps.
Configure the Amazon Bedrock connector
Finally, configure the connector in Kibana:
- Log in to Kibana.
- Go to Stack Management → Connectors → Create connector → Amazon Bedrock.
- Name your connector.
- (Optional) Configure the Amazon Bedrock connector to use a different AWS region where Anthropic models are supported by editing the URL field, for example by changing
us-east-1
toeu-central-1
. - (Optional) Add one of the following strings if you want to use a model other than the default:
- For Haiku:
anthropic.claude-3-haiku-20240307-v1:0
- For Sonnet:
anthropic.claude-3-sonnet-20240229-v1:0
- For Opus:
anthropic.claude-3-opus-20240229-v1:0
- For Haiku:
- Enter the Access Key and Secret that you generated earlier, then click Save.
Your LLM connector is now configured. For more information on using Elastic AI Assistant, refer to AI Assistant.
Important
If you're using provisioned throughput, your ARN becomes the model ID, and the connector settings URL value must be encoded to work. For example, if the non-encoded ARN is arn:aws:bedrock:us-east-2:123456789102:provisioned-model/3Ztr7hbzmkrqy1
, the encoded ARN would be arn%3Aaws%3Abedrock%3Aus-east-2%3A123456789102%3Aprovisioned-model%2F3Ztr7hbzmkrqy1
.
The following video demonstrates these steps.