Securing RAG apps in Amazon Bedrock. First Commit. Scenario 1, 2

aws-samples · Feb 20, 2025 · 6951875 · 6951875
1 parent 28d2219
commit 6951875
Show file tree

Hide file tree

Showing 33 changed files with 4,165 additions and 0 deletions.
diff --git a/rag/securing-rag-apps/.gitignore b/rag/securing-rag-apps/.gitignore
@@ -0,0 +1,196 @@
+# Created by https://www.toptal.com/developers/gitignore/api/python,jupyternotebooks
+# Edit at https://www.toptal.com/developers/gitignore?templates=python,jupyternotebooks
+
+### JupyterNotebooks ###
+# gitignore template for Jupyter Notebooks
+# website: http://jupyter.org/
+
+.ipynb_checkpoints
+*/.ipynb_checkpoints/*
+.virtual_documents
+*/.virtual_documents/*
+
+# IPython
+profile_default/
+ipython_config.py
+
+# Remove previous ipynb_checkpoints
+#   git rm -r .ipynb_checkpoints/
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+
+# IPython
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+### Python Patch ###
+# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration
+data/
+poetry.toml
+
+# ruff
+.ruff_cache/
+
+# LSP config files
+pyrightconfig.json
+
+# End of https://www.toptal.com/developers/gitignore/api/python,jupyternotebooks
+.DS_Store
+data/
+# CDK Specific
+**/cdk.out/
+**/response_*.json
+**/.streamlit/
diff --git a/rag/securing-rag-apps/README.md b/rag/securing-rag-apps/README.md
@@ -0,0 +1,53 @@
+# Protecting sensitive data in RAG-based applications with Amazon Bedrock
+
+This blog post shows two architecture patterns for protecting sensitive data in RAG-based applications using Amazon Bedrock.
+
+In the **first scenario (Scenario 1)**, we'll show how users can redact or mask sensitive data before storing it in a vector store (a.k.a Ingestion) or Amazon Bedrock Knowledge Base. This zero-trust approach reduces the risk of sensitive information being inadvertently disclosed to unauthorized parties.
+
+The **second scenario (Scenario 2)** will show on situations where sensitive data needs to be stored in the vector store, such as in healthcare settings with distinct user roles like administrators (doctors) and non-administrators (nurses or support personnel). Here, we'll show how a role-based access control pattern enables selective access to sensitive information based on user roles and permissions during retrieval.
+
+Both scenarios come with an [AWS Cloud Development Kit (CDK)](https://aws.amazon.com/cdk/) and an accompanying [streamlit](https://streamlit.io/) app to test each scenario.
+
+## Pre-requisites
+
+Python version >= 3.10.16
+
+Create and activate venv
+
+```shell
+python -m venv .venv
+source .venv/bin/activate
+```
+
+upgrade pip and install `requirements.txt`
+
+```shell
+pip install -U pip
+pip install -r requirements.txt
+```
+
+### Amazon Bedrock Model Access
+
+Ensure you have access to Anthropic Claude models in Amazon Bedrock. Refer to [getting started](https://docs.aws.amazon.com/bedrock/latest/userguide/getting-started.html) guide for more info.
+
+## Synthetic Data Generation Tool
+
+For testing each scenario with sensitive data, we use [`synthetic_data.py`](./synthetic_data.py) data generation script.\
+The script generates synthetic healthcare and financial data for testing purposes. \
+The data generated is completely fictional and does not contain any real Personal Identifiable Information (PII).
+
+Run [`synthetic_data.py`](./synthetic_data.py) script to generate sample data for the demo.
+
+```shell
+python synthetic_data.py --seed 123 generate -n 10
+```
+
+Data files will be available under a new `data/` directory.
+
+## Scenario 1 (Data identification and redaction before Ingestion to KnowledgeBase)
+
+Refer to [Scenario 1 README.md](./scenario_1/README.md)
+
+## Scenario 2 (Role-Based access to PII data during retrieval)
+
+Refer to [Scenario 2 README.md](./scenario_2/README.md)
diff --git a/rag/securing-rag-apps/images/scenario1_augmented retrieval_flow.png b/rag/securing-rag-apps/images/scenario1_augmented retrieval_flow.png
diff --git a/rag/securing-rag-apps/images/scenario1_ingestion_flow.png b/rag/securing-rag-apps/images/scenario1_ingestion_flow.png
diff --git a/rag/securing-rag-apps/images/scenario_2_inference_flow.png b/rag/securing-rag-apps/images/scenario_2_inference_flow.png
diff --git a/rag/securing-rag-apps/requirements.txt b/rag/securing-rag-apps/requirements.txt
@@ -0,0 +1,11 @@
+aws-cdk-lib==2.177.0
+constructs>=10.0.0,<11.0.0
+cdklabs.generative-ai-cdk-constructs==0.1.290
+streamlit==1.41.1
+watchdog==6.0.0
+jwt==1.3.1
+loguru==0.7.3
+boto3==1.36.6
+faker==33.1.0
+click==8.1.7
+rich==13.9.4