Amazon Bedrock Integration FAQ
Last Updated: January 2025
Audience: Sasha Studio Customers
Data Privacy & Security
Q: Does my data leave my AWS account?
A: No. When you use your own Bedrock account, all AI processing happens entirely within your AWS infrastructure. Sasha Studio sends requests directly to your Bedrock endpoint using your credentials. We never store, log, or process your prompts or responses.
Q: What data does Sasha Studio store about my usage?
A: We only store:
- Connection health metrics (success/failure, latency)
- Container configuration (not including credentials)
- Error messages for troubleshooting (without prompt content)
We explicitly do NOT store:
- Your prompts or AI responses
- Document contents
- User conversations
- Token usage details
Q: How are my AWS credentials protected?
A: Your credentials are:
- Encrypted at rest using AES-256 encryption
- Stored in isolated, access-controlled directories
- Never logged or transmitted outside your container
- Rotatable without service interruption
- Accessible only to your specific container instance
Q: Can other Sasha Studio customers access my Bedrock account?
A: No. Each customer container is completely isolated with:
- Separate Docker volumes
- Independent credential storage
- Network isolation between containers
- No shared resources or data paths
Costs & Billing
Q: How much will Bedrock cost me?
A: Bedrock costs depend on usage and model selection:
| Model | Use Case | Cost per 1M tokens |
|---|---|---|
| Claude 3 Haiku | Simple queries, summaries | $0.25 input / $1.25 output |
| Claude 3 Sonnet | Standard operations | $3 input / $15 output |
| Claude 3.5 Sonnet | Advanced features | $3 input / $15 output |
| Claude 3 Opus | Complex analysis | $15 input / $75 output |
Example monthly costs:
- Light use (1M tokens): ~$5-10
- Medium use (10M tokens): ~$50-100
- Heavy use (50M tokens): ~$250-500
Q: Who pays for the Bedrock usage?
A: You pay AWS directly through your existing AWS billing. Sasha Studio does not add any markup or additional charges for Bedrock usage. You'll see charges on your regular AWS invoice under "Amazon Bedrock".
Q: Can I set spending limits?
A: Yes, you can:
- Set AWS Budget alerts at any threshold
- Configure CloudWatch alarms for token usage
- Implement hard stops using AWS Service Control Policies
- Request Sasha Studio to implement client-side limits
Q: Do I get volume discounts?
A: Yes! Since you're using your own AWS account:
- Enterprise Agreement discounts apply
- Volume tier pricing automatically applies
- Reserved capacity options available
- Savings Plans can reduce costs
Q: Is there a minimum commitment?
A: No. Bedrock is pay-per-use with no minimum commitment. You only pay for the tokens you actually process.
Technical Setup
Q: Which AWS regions are supported?
A: Bedrock with Claude models is available in:
- US East (N. Virginia) - us-east-1
- US West (Oregon) - us-west-2
- EU (Ireland) - eu-west-1
- EU (London) - eu-west-2
- EU (Paris) - eu-west-3
- Asia Pacific (Tokyo) - ap-northeast-1
- Asia Pacific (Sydney) - ap-southeast-2
Choose the region closest to your Sasha Studio deployment for best performance.
Q: What IAM permissions are required?
A: Minimal permissions needed:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream",
"bedrock:ListFoundationModels",
"bedrock:GetFoundationModel"
],
"Resource": "arn:aws:bedrock:*:*:model/anthropic.claude-*"
}
]
}
Q: Can I use an IAM role instead of access keys?
A: Yes, we support:
- IAM user with access keys (simplest)
- Cross-account IAM roles (most secure)
- EC2 instance roles (if applicable)
- Bedrock API keys (when available in your region)
Q: How long does setup take?
A: Typically 30-45 minutes:
- 5 minutes: Enable Bedrock
- 5-24 hours: Model access approval (usually instant)
- 10 minutes: Create IAM user/policy
- 10 minutes: Share credentials with Sasha Studio
- 5 minutes: Verification
Performance & Reliability
Q: Will using Bedrock affect performance?
A: Performance is typically excellent:
- Latency: 100-300ms for most requests
- No rate limiting between you and AWS
- Direct connection without intermediaries
- Regional deployment options for lower latency
Q: What happens if Bedrock is down?
A: In case of Bedrock outages:
- You'll see errors immediately in Sasha Studio
- Full details available in AWS Service Health Dashboard
- Optional: Configure multi-region failover
- Your data and configuration remain safe
Q: Are there rate limits?
A: Bedrock has generous default limits:
- Requests per minute: 100-1000+ (varies by model)
- Tokens per minute: 100,000-1,000,000+
- Limits increase automatically with usage
- Can request increases through AWS Support
Q: Can I use multiple models?
A: Yes! You can:
- Switch between models dynamically
- Use Haiku for simple tasks, Sonnet for complex
- Configure default model per use case
- Change models without reconfiguration
Monitoring & Compliance
Q: How do I monitor my usage?
A: Multiple monitoring options:
AWS CloudWatch:
- Real-time metrics and dashboards
- Token usage, latency, error rates
- Custom alerts and notifications
AWS Cost Explorer:
- Daily/monthly cost breakdowns
- Cost by model and operation
- Forecasting and budgets
CloudTrail:
- Complete audit log of all API calls
- Who, what, when, where for compliance
- Integration with SIEM tools
Q: Does this meet compliance requirements?
A: Yes, using your own Bedrock account means:
- Inherits your AWS compliance certifications
- Supports HIPAA, SOC2, GDPR, FedRAMP, etc.
- Complete audit trail in CloudTrail
- Data residency in your chosen region
- Your existing AWS BAA applies
Q: Can I audit AI interactions?
A: Yes, through AWS CloudTrail you can see:
- Every Bedrock API call
- Timestamp and user identity
- Model used and region
- Success/failure status
- (Note: Prompt/response content is not logged by AWS)
Troubleshooting
Q: I'm getting "Access Denied" errors
A: Check these items:
- Model access is approved in Bedrock console
- IAM policy is attached to the user
- Credentials are entered correctly
- Region is correct
- AWS account is active and in good standing
Q: The models aren't showing up
A: This usually means:
- Model access hasn't been approved yet (wait 24 hours)
- Wrong region selected
- IAM permissions missing
ListFoundationModels
Q: Costs are higher than expected
A: Review:
- Which model is being used (Opus is 5x more expensive)
- Token usage in CloudWatch
- Whether caching is enabled
- If there are retry loops
Q: Connection is slow
A: Try:
- Choosing a closer AWS region
- Checking network connectivity
- Reviewing CloudWatch for throttling
- Upgrading to a model with higher limits
Migration & Switching
Q: Can I switch from shared to my own Bedrock?
A: Yes, migration is seamless:
- No data migration needed
- Settings preserved
- Switch takes minutes
- No downtime
Q: Can I change AWS regions later?
A: Yes, you can change regions anytime:
- Update credentials in Sasha Studio
- Immediate effect
- Consider data residency requirements
Q: Can I switch between models?
A: Yes, model switching is flexible:
- Change default model anytime
- Use different models for different tasks
- No reconfiguration needed
Q: What if I want to stop using Bedrock?
A: You can:
- Switch to Anthropic API
- Disable the integration
- Delete IAM user/credentials
- No impact on your Sasha Studio data
Best Practices
Q: How should I manage credentials?
A: We recommend:
- Rotate credentials every 90 days
- Use IAM roles if possible
- Enable MFA on AWS account
- Monitor CloudTrail for unusual activity
- Never share root account credentials
Q: Which model should I use?
A: Model selection guide:
| Task | Recommended Model | Why |
|---|---|---|
| Simple queries | Claude 3 Haiku | 10x cheaper, fast |
| Document analysis | Claude 3 Sonnet | Good balance |
| Code generation | Claude 3.5 Sonnet | Latest features |
| Complex reasoning | Claude 3 Opus | Most capable |
Q: How can I optimize costs?
A: Cost optimization tips:
- Use Haiku for simple tasks (90% savings)
- Enable prompt caching where available
- Batch similar requests
- Monitor and optimize prompt length
- Set up budget alerts
- Consider reserved capacity for predictable workloads
Support
Q: Who do I contact for help?
A: Support channels:
For Sasha Studio issues:
- Email: support@sasha-studio.com
- Response time: Within 24 hours
- Include: Container ID, error messages
For AWS/Bedrock issues:
- AWS Support (through your AWS account)
- AWS documentation: docs.aws.amazon.com/bedrock/
- AWS forums: repost.aws/
Q: What information should I provide for support?
A: When requesting help, include:
- Organization name and container ID
- Error messages (screenshots help)
- Time and timezone of issue
- Steps to reproduce
- AWS region you're using
Q: Is there a status page?
A: Yes:
- Sasha Studio: status.sasha-studio.com
- AWS: status.aws.amazon.com
- Anthropic: status.anthropic.com
π¦ Getting Started
Q: What's the fastest way to get started?
A: Quick start path:
- Enable Bedrock in us-east-1
- Request Claude 3 Sonnet access
- Create IAM user with our policy
- Send credentials to Sasha Studio
- Start using within hours
Q: Do you provide a test environment?
A: Yes:
- Test with Claude 3 Haiku first (cheapest)
- Set low budget alerts initially
- Validate everything works
- Then switch to production model
Q: Can I try it before committing?
A: Absolutely:
- No minimum commitment required
- Start with $10 budget
- Pay only for what you use
- Cancel anytime
Additional Resources
- AWS Bedrock Documentation
- Anthropic Model Comparison
- AWS Pricing Calculator
- Setup Guide
- Technical Documentation
Still have questions? Contact your Sasha Studio administrator or email support@sasha-studio.com