AWS Bedrock — Setup & Integration

AWS Bedrock is Amazon's fully managed service for building AI applications with foundation models. For Indian enterprises already on AWS, Bedrock provides the fastest path to production AI — with IAM integration, PrivateLink for VPC isolation, CloudTrail for audit logging, and the most comprehensive Guardrails API among the three major cloud AI platforms.

This guide provides a hands-on walkthrough from account setup to production-ready AI integration, specifically configured for Indian enterprise requirements.

What You'll Learn

• AWS account and Bedrock setup in ap-south-1 (Mumbai)
• Model access: Claude, Llama, Titan, Mistral
• IAM roles and policies for least-privilege access
• Python boto3 quickstart with working code examples
• Knowledge Bases: managed RAG with S3 and OpenSearch
• Guardrails API for content filtering and PII detection
• Pricing in ₹ with monthly cost estimates
• Enterprise features: PrivateLink, CloudTrail, Organizations
• Integration patterns: LangChain, direct API, Step Functions

AWS Account and Bedrock Setup

Step 1: Enable Bedrock in Mumbai Region

# Configure AWS CLI for Mumbai region
aws configure set region ap-south-1

# Verify Bedrock service is available
aws bedrock list-foundation-models --region ap-south-1 --query "modelSummaries[].modelId"

Step 2: Request Model Access

Model access must be explicitly requested through the Bedrock console:

1. Navigate to AWS Console > Bedrock > Model access
2. Select region: ap-south-1 (Mumbai)
3. Request access for required models:

| Provider | Model | Approval Time | Use Case | |----------|-------|:------------:|----------| | Anthropic | Claude 3.7 Sonnet | Instant | Complex reasoning, analysis | | Anthropic | Claude 3.5 Haiku | Instant | High-volume, cost-efficient tasks | | Meta | Llama 3.1 70B/8B | Instant | Open-source, no data sharing concerns | | Amazon | Titan Text/Embeddings | Instant | Embeddings, basic text generation | | Mistral | Mistral Large/Small | Instant | European AI, code generation |

India Note: Not all models are available in ap-south-1. Claude and Llama models are generally available in Mumbai. Some models may require using us-east-1 or us-west-2. Always verify regional availability before architecture decisions.

IAM Roles and Policies

Least-Privilege IAM Policy for Applications

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "BedrockInvokeModels",
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": [
        "arn:aws:bedrock:ap-south-1::foundation-model/anthropic.claude-3-7-sonnet*",
        "arn:aws:bedrock:ap-south-1::foundation-model/anthropic.claude-3-5-haiku*",
        "arn:aws:bedrock:ap-south-1::foundation-model/meta.llama3-1*"
      ]
    },
    {
      "Sid": "BedrockGuardrails",
      "Effect": "Allow",
      "Action": [
        "bedrock:ApplyGuardrail"
      ],
      "Resource": "arn:aws:bedrock:ap-south-1:ACCOUNT_ID:guardrail/*"
    }
  ]
}

IAM Role Matrix:

| Role | Actions | Assigned To | |------|---------|-------------| | Bedrock Application | InvokeModel, ApplyGuardrail | Application service roles | | Bedrock Developer | InvokeModel, ListModels, CreateGuardrail | Development team | | Bedrock Admin | Full bedrock:* access | AI CoE administrators | | Bedrock Auditor | Read-only, GetModelInvocationLogging | Compliance team |

Cross-Account Access (AWS Organizations)

For enterprises with multiple AWS accounts:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sts:AssumeRole",
      "Resource": "arn:aws:iam::SHARED_AI_ACCOUNT:role/BedrockCrossAccount"
    }
  ]
}

Centralize Bedrock access in a shared AI account and grant cross-account access to application accounts.

Python boto3 Quickstart

Installation

pip install boto3

Basic Text Generation with Claude

import boto3
import json

client = boto3.client("bedrock-runtime", region_name="ap-south-1")

response = client.invoke_model(
    modelId="anthropic.claude-3-7-sonnet-20250219-v1:0",
    body=json.dumps({
        "anthropic_version": "bedrock-2023-05-31",
        "max_tokens": 1024,
        "messages": [
            {
                "role": "user",
                "content": "Explain the India DPDP Act 2023 implications for AI systems processing customer data"
            }
        ]
    })
)

result = json.loads(response["body"].read())
print(result["content"][0]["text"])

Streaming Response

response = client.invoke_model_with_response_stream(
    modelId="anthropic.claude-3-7-sonnet-20250219-v1:0",
    body=json.dumps({
        "anthropic_version": "bedrock-2023-05-31",
        "max_tokens": 2048,
        "messages": [
            {"role": "user", "content": "Write a compliance audit checklist for healthcare AI"}
        ]
    })
)

for event in response["body"]:
    chunk = json.loads(event["chunk"]["bytes"])
    if chunk["type"] == "content_block_delta":
        print(chunk["delta"].get("text", ""), end="", flush=True)

System Prompts for Enterprise Use

response = client.invoke_model(
    modelId="anthropic.claude-3-7-sonnet-20250219-v1:0",
    body=json.dumps({
        "anthropic_version": "bedrock-2023-05-31",
        "max_tokens": 1024,
        "system": """You are an enterprise compliance assistant for an Indian BFSI company.
Rules:
- Never output PII (Aadhaar numbers, PAN, phone numbers, account numbers)
- Cite RBI guidelines when discussing banking regulations
- Flag any query that requires human legal review
- Respond in English unless the user writes in Hindi""",
        "messages": [
            {"role": "user", "content": "What are the KYC requirements for digital lending?"}
        ]
    })
)

Knowledge Bases (Managed RAG)

Bedrock Knowledge Bases provide fully managed Retrieval-Augmented Generation — connect your documents, and Bedrock handles chunking, embedding, storage, and retrieval.

Setting Up a Knowledge Base

# Create an S3 bucket for source documents
aws s3 mb s3://my-company-ai-docs --region ap-south-1

# Upload documents
aws s3 cp ./company-policies/ s3://my-company-ai-docs/policies/ --recursive
aws s3 cp ./product-docs/ s3://my-company-ai-docs/products/ --recursive

Knowledge Base Configuration:

| Setting | Recommended Value | Rationale | |---------|-------------------|-----------| | Embedding model | Titan Embeddings v2 | Cost-effective, good for English + Hindi | | Vector store | OpenSearch Serverless | Managed, auto-scaling | | Chunk size | 512 tokens | Balance between context and precision | | Chunk overlap | 50 tokens | Maintain context across chunks | | Parsing strategy | Foundation Model parsing | Better handling of tables, images |

Querying a Knowledge Base

client = boto3.client("bedrock-agent-runtime", region_name="ap-south-1")

response = client.retrieve_and_generate(
    input={"text": "What is our policy on using external AI APIs with customer data?"},
    retrieveAndGenerateConfiguration={
        "type": "KNOWLEDGE_BASE",
        "knowledgeBaseConfiguration": {
            "knowledgeBaseId": "KB_ID",
            "modelArn": "arn:aws:bedrock:ap-south-1::foundation-model/anthropic.claude-3-7-sonnet-20250219-v1:0"
        }
    }
)

print(response["output"]["text"])
# Response includes citations pointing to source documents in S3

Guardrails API

Bedrock Guardrails is the most comprehensive content safety API among the three major cloud platforms. Configure once and apply to all model invocations.

Creating a Guardrail

client = boto3.client("bedrock", region_name="ap-south-1")

response = client.create_guardrail(
    name="enterprise-safety-guardrail",
    description="Enterprise content safety for Indian BFSI",
    topicPolicyConfig={
        "topicsConfig": [
            {
                "name": "investment-advice",
                "definition": "Direct investment recommendations or specific stock/mutual fund advice",
                "examples": ["You should buy HDFC stock", "Invest in this mutual fund"],
                "type": "DENY"
            }
        ]
    },
    contentPolicyConfig={
        "filtersConfig": [
            {"type": "SEXUAL", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "VIOLENCE", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "HATE", "inputStrength": "HIGH", "outputStrength": "HIGH"},
            {"type": "MISCONDUCT", "inputStrength": "HIGH", "outputStrength": "HIGH"}
        ]
    },
    sensitiveInformationPolicyConfig={
        "piiEntitiesConfig": [
            {"type": "EMAIL", "action": "ANONYMIZE"},
            {"type": "PHONE", "action": "ANONYMIZE"},
            {"type": "NAME", "action": "ANONYMIZE"}
        ],
        "regexesConfig": [
            {
                "name": "AadhaarNumber",
                "pattern": "\\b\\d{4}\\s?\\d{4}\\s?\\d{4}\\b",
                "action": "BLOCK",
                "description": "Indian Aadhaar number"
            },
            {
                "name": "PANNumber",
                "pattern": "\\b[A-Z]{5}\\d{4}[A-Z]\\b",
                "action": "BLOCK",
                "description": "Indian PAN number"
            }
        ]
    }
)

guardrail_id = response["guardrailId"]

Applying Guardrails to Model Calls

runtime_client = boto3.client("bedrock-runtime", region_name="ap-south-1")

response = runtime_client.invoke_model(
    modelId="anthropic.claude-3-7-sonnet-20250219-v1:0",
    guardrailIdentifier=guardrail_id,
    guardrailVersion="DRAFT",
    body=json.dumps({
        "anthropic_version": "bedrock-2023-05-31",
        "max_tokens": 1024,
        "messages": [{"role": "user", "content": user_input}]
    })
)

For a deeper dive into guardrails and security, see our Enterprise AI Security Guide.

Pricing in ₹

Prices as of March 2026, converted at approximately ₹84/USD.

| Model | Input (₹/1M tokens) | Output (₹/1M tokens) | |-------|--------------------:|---------------------:| | Claude 3.7 Sonnet | ₹252 | ₹1,260 | | Claude 3.5 Haiku | ₹67 | ₹336 | | Llama 3.1 70B | ₹55 | ₹55 | | Llama 3.1 8B | ₹25 | ₹25 | | Titan Text Premier | ₹42 | ₹126 | | Titan Embeddings v2 | ₹1.7 | N/A |

Monthly Cost Estimates:

| Use Case | Volume | Model | Monthly Cost | |----------|--------|-------|------------:| | RAG chatbot (internal) | 5M tokens/day | Haiku | ~₹60,000/month | | Document analysis | 20M tokens/day | Sonnet | ~₹9,07,200/month | | Classification/routing | 10M tokens/day | Haiku | ~₹1,21,000/month | | Embeddings (RAG) | 50M tokens/day | Titan Embed | ~₹2,550/month |

Cost Optimization: Use Haiku for routing, classification, and simple tasks. Use Sonnet only for complex reasoning. Llama 3.1 70B is the best value for tasks where open-source models perform comparably to Claude.

Enterprise Features

VPC PrivateLink

Keep all Bedrock traffic within your VPC — no internet traversal:

# Create VPC endpoint for Bedrock
aws ec2 create-vpc-endpoint \
    --vpc-id vpc-12345 \
    --service-name com.amazonaws.ap-south-1.bedrock-runtime \
    --vpc-endpoint-type Interface \
    --subnet-ids subnet-abc123 \
    --security-group-ids sg-xyz789

CloudTrail Audit Logging

Enable model invocation logging for compliance requirements:

client = boto3.client("bedrock", region_name="ap-south-1")

client.put_model_invocation_logging_configuration(
    loggingConfig={
        "cloudWatchConfig": {
            "logGroupName": "/aws/bedrock/model-invocations",
            "roleArn": "arn:aws:iam::ACCOUNT_ID:role/BedrockLoggingRole",
            "largeDataDeliveryS3Config": {
                "bucketName": "bedrock-logs-bucket",
                "keyPrefix": "invocation-logs/"
            }
        },
        "s3Config": {
            "bucketName": "bedrock-logs-bucket",
            "keyPrefix": "full-logs/"
        }
    }
)

AWS Organizations Integration

For multi-account enterprises, use Service Control Policies (SCPs) to enforce Bedrock usage standards:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "EnforceIndiaRegion",
      "Effect": "Deny",
      "Action": "bedrock:*",
      "Resource": "*",
      "Condition": {
        "StringNotEquals": {
          "aws:RequestedRegion": "ap-south-1"
        }
      }
    }
  ]
}

This ensures all AWS accounts in your Organization can only use Bedrock in the Mumbai region.

Integration Patterns

LangChain

from langchain_aws import ChatBedrock

llm = ChatBedrock(
    model_id="anthropic.claude-3-7-sonnet-20250219-v1:0",
    region_name="ap-south-1",
    model_kwargs={"max_tokens": 2048}
)

response = llm.invoke("Summarize RBI digital lending guidelines")

AWS Step Functions (Workflow Orchestration)

For complex multi-step AI workflows, use Step Functions to orchestrate Bedrock calls:

{
  "StartAt": "ClassifyDocument",
  "States": {
    "ClassifyDocument": {
      "Type": "Task",
      "Resource": "arn:aws:states:::bedrock:invokeModel",
      "Parameters": {
        "ModelId": "anthropic.claude-3-5-haiku-20241022-v1:0",
        "Body": {"prompt": "Classify this document type: ..."}
      },
      "Next": "RouteByType"
    }
  }
}

Official Resources

• AWS Bedrock Documentation — Complete API reference
• Bedrock Pricing — Current model pricing
• Bedrock Knowledge Bases Guide — RAG setup
• Bedrock Guardrails Guide — Content safety configuration
• AWS Mumbai Region Services — ap-south-1 service availability

Next Steps

• Compare Bedrock with VertexAI and Azure AI before committing
• Implement comprehensive security guardrails beyond Bedrock's native Guardrails API
• Ensure your setup meets Indian compliance requirements — HIPAA, PCI-DSS, DPDP Act
• Practice secure prompting for regulated industry workloads
• Build system prompts optimized for Claude models on Bedrock