Skip to content

Commit daff71a

Browse files
cyphronixcyphronix
committed
re organizing README
1 parent 1414f07 commit daff71a

File tree

1 file changed

+10
-7
lines changed
  • aws_sra_examples/solutions/genai/bedrock_org

1 file changed

+10
-7
lines changed

aws_sra_examples/solutions/genai/bedrock_org/README.md

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -103,20 +103,23 @@ aws cloudformation create-stack \
103103
--capabilities CAPABILITY_NAMED_IAM
104104
```
105105

106-
#### Notes:
106+
2. Monitor the stack creation progress in the AWS CloudFormation Console or via CLI commands.
107+
108+
### Post-Deployment
109+
Once the stack is deployed, the Bedrock Lambda function (`sra-bedrock-org`) will automatically deploy all the resources and configurations across the accounts and regions specified in the parameters.
110+
111+
### Important Notes:
112+
113+
Please read the following notes before deploying the stack to ensure successful deployment.
114+
107115
- Replace alerts@examplecorp.com, my-staging-bucket, evaluation-bucket, invocation-log-group, and other parameter values with your specific settings.
108116
- Ensure the JSON strings (e.g., pBedrockAccounts, pBedrockModelEvalBucketRuleParams) are formatted correctly and match your deployment requirements.
109117
- This example assumes the CloudFormation template file is saved in the templates directory. Adjust the --template-body path if necessary.
110118
- Always validate the JSON parameters for correctness to avoid deployment errors.
111119
- Ensure the --capabilities CAPABILITY_NAMED_IAM flag is included to allow CloudFormation to create the necessary IAM resources.
112120
- An example test fork URL for `pSRARepoZipUrl` is - `https://github.com/liamschn/aws-security-reference-architecture-examples/archive/refs/heads/sra-genai.zip`
113121
- The eval job bucket config rule will append `-<ACCOUNTID>-<REGION>` to the `BucketNamePrefix` parameter provided to get the existing bucket name(s). Ensure any S3 eval job bucket names to be checked match this naming convention.
114-
115-
116-
2. Monitor the stack creation progress in the AWS CloudFormation Console or via CLI commands.
117-
118-
### Post-Deployment
119-
Once the stack is deployed, the Bedrock Lambda function (`sra-bedrock-org`) will automatically deploy all the resources and configurations across the accounts and regions specified in the parameters.
122+
- The Config rule Lambda execution role needs to have access to any KMS keys used to encrypt Bedrock guardrails. Make sure to grant the appropriate KMS key permissions to the Lambda role to ensure proper evaluation of encrypted guardrail configurations.
120123

121124
---
122125
## Security Controls

0 commit comments

Comments
 (0)