Setting Up Amazon Bedrock for Sasha Studio
Last Updated: January 2025
Time Required: 30-45 minutes
Difficulty: Intermediate
Overview
This guide will help you connect your Amazon Bedrock account to Sasha Studio, enabling AI-powered features while keeping all data processing within your own AWS infrastructure.
What You'll Achieve
- Complete data sovereignty - your data never leaves AWS
- Direct cost control through your AWS account
- Full audit trail in AWS CloudTrail
- Compliance with your existing AWS certifications
Prerequisites
Before starting, ensure you have:
- AWS Account with appropriate permissions
- Amazon Bedrock service enabled in your desired region
- Claude model access approved (see Step 1 below)
- IAM permissions to create users/roles and policies
- Budget alerts configured (recommended)
Step-by-Step Setup
Step 1: Enable Amazon Bedrock and Request Model Access
Sign in to AWS Console
https://console.aws.amazon.comNavigate to Amazon Bedrock
- Search for "Bedrock" in the AWS services search bar
- Select your preferred region (e.g.,
us-east-1,eu-west-1)
Request Model Access
- Click "Model access" in the left sidebar
- Click "Manage model access"
- Select the following Anthropic Claude models:
- βοΈ Claude 3 Haiku
- βοΈ Claude 3 Sonnet
- βοΈ Claude 3.5 Sonnet
- βοΈ Claude 3 Opus (optional, higher cost)
- Click "Request model access"
- Wait for approval (usually instant, can take up to 24 hours)
Verify Access
- Refresh the page
- Ensure all requested models show "Access granted"
Step 2: Create IAM User for Sasha Studio
Option A: Using AWS Console (Recommended for beginners)
Navigate to IAM
- Go to IAM service in AWS Console
- Click "Users" β "Add users"
Create User
- User name:
sasha-studio-integration - Access type: βοΈ Programmatic access
- Click "Next: Permissions"
- User name:
Attach Permissions
- Choose "Attach policies directly"
- Click "Create policy"
- Switch to "JSON" tab
- Copy and paste this policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SashaStudioBedrockAccess",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:*:*:model/anthropic.claude-3-haiku*",
"arn:aws:bedrock:*:*:model/anthropic.claude-3-sonnet*",
"arn:aws:bedrock:*:*:model/anthropic.claude-3-5-sonnet*",
"arn:aws:bedrock:*:*:model/anthropic.claude-3-opus*"
]
},
{
"Sid": "SashaStudioModelDiscovery",
"Effect": "Allow",
"Action": [
"bedrock:ListFoundationModels",
"bedrock:GetFoundationModel"
],
"Resource": "*"
}
]
}
Name and Create Policy
- Policy name:
SashaStudioBedrockPolicy - Description:
Allows Sasha Studio to invoke Claude models via Bedrock - Click "Create policy"
- Policy name:
Attach Policy to User
- Return to user creation
- Search for
SashaStudioBedrockPolicy - Select it and click "Next"
- Review and click "Create user"
Save Credentials
- IMPORTANT: Save these credentials immediately
- Access key ID:
AKIA...(example) - Secret access key: (shown once only)
- Download
.csvfile as backup
Option B: Using AWS CLI
# Create user
aws iam create-user --user-name sasha-studio-integration
# Create and attach policy
aws iam put-user-policy \
--user-name sasha-studio-integration \
--policy-name SashaStudioBedrockPolicy \
--policy-document file://bedrock-policy.json
# Create access key
aws iam create-access-key --user-name sasha-studio-integration
Step 3: Configure Budget Alerts (Recommended)
Navigate to AWS Budgets
- Search for "Budgets" in AWS Console
- Click "Create budget"
Set Up Monthly Budget
- Budget type: Cost budget
- Name:
Sasha-Studio-Bedrock - Period: Monthly
- Amount: Set based on expected usage
- Alerts: 80% and 100% thresholds
Estimate Costs
Usage Level Monthly Tokens Estimated Cost (Sonnet) Light 1M input, 200K output ~$6 Medium 10M input, 2M output ~$60 Heavy 50M input, 10M output ~$300 Enterprise 200M input, 40M output ~$1,200
Step 4: Provide Information to Sasha Studio
Send the following information to your Sasha Studio administrator:
Organization Information:
Company Name: [Your Company Name]
Contact Email: [Admin Email]
AWS Account ID: [12-digit ID]
Bedrock Configuration:
Preferred Region: [e.g., us-east-1]
Preferred Model: [claude-3-sonnet or claude-3-haiku]
Access Credentials:
Access Key ID: [AKIA...]
Secret Access Key: [Encrypted or shared securely]
Compliance Requirements:
- [ ] HIPAA
- [ ] SOC2
- [ ] GDPR
- [ ] Other: [Specify]
Secure Sharing Options:
- Use encrypted email
- Share via secure file transfer
- Use AWS Secrets Manager
- Provide during video call
Step 5: Verification
Once Sasha Studio configures your container:
You'll receive confirmation with:
- Your dedicated Sasha Studio URL
- Container ID for reference
- Support contact information
Test the integration:
- Log in to your Sasha Studio instance
- Try a simple query
- Verify it's working correctly
Monitor usage in AWS:
- Check CloudWatch metrics
- Review CloudTrail logs
- Monitor budget alerts
Monitoring Your Usage
CloudWatch Dashboard
Create a dashboard to monitor Bedrock usage:
- Go to CloudWatch β Dashboards
- Create new dashboard:
Sasha-Bedrock-Usage - Add widgets for:
- Invocation count
- Input/output tokens
- Latency metrics
- Error rates
Cost Explorer
Track spending:
- AWS Cost Explorer β Create report
- Filter by:
- Service: Amazon Bedrock
- Tag: Environment=SashaStudio (if tagged)
- Group by: Model ID
Security Best Practices
1. Enable MFA
- Enable MFA on the IAM user
- Use hardware keys if possible
2. Rotate Credentials
- Set up 90-day rotation reminder
- Use AWS Secrets Manager for automation
3. Restrict by IP (Optional)
Add IP restriction to IAM policy:
"Condition": {
"IpAddress": {
"aws:SourceIp": ["Your-Sasha-Container-IP"]
}
}
4. Enable CloudTrail Logging
- Ensure CloudTrail is enabled
- Set up alerts for unusual activity
5. Use Least Privilege
- Only grant access to required models
- Don't use AdministratorAccess
Troubleshooting
Issue: "Model access not granted"
Solution: Wait 24 hours after requesting access, or contact AWS Support
Issue: "Access denied" errors
Solution: Verify IAM policy is correctly attached and user has proper permissions
Issue: "Region not supported"
Solution: Check Bedrock availability in your region, consider us-east-1 or eu-west-1
Issue: High latency
Solution: Choose a region closer to your Sasha Studio deployment
Issue: Unexpected costs
Solution: Review CloudWatch metrics, consider using Claude 3 Haiku for simple tasks
Cost Optimization Tips
1. Model Selection Strategy
- Claude 3 Haiku: Simple queries, summaries (10x cheaper)
- Claude 3 Sonnet: Standard operations, code generation
- Claude 3 Opus: Complex analysis only (5x more expensive)
2. Implement Caching
- Enable prompt caching where available
- Reuse common prompts
3. Monitor Token Usage
- Track input vs output ratios
- Optimize prompt length
- Use system prompts efficiently
4. Set Usage Limits
- Configure daily/monthly limits
- Set up auto-shutoff thresholds
π Getting Help
Sasha Studio Support
- Email: support@sasha-studio.com
- Documentation: docs.sasha-studio.com
- Response time: Within 24 hours
AWS Support
- Bedrock documentation: https://docs.aws.amazon.com/bedrock/
- AWS Support Center: Through your AWS Console
- Community forums: https://repost.aws/
Common Resources
Setup Complete!
Congratulations! Your Amazon Bedrock integration with Sasha Studio is now configured. You can:
- Start using AI features immediately
- Monitor usage in real-time through AWS
- Maintain complete control over your data
- Scale usage up or down as needed
Remember: All AI processing happens within your AWS account. Sasha Studio never stores or processes your data outside of your infrastructure.
Checklist Summary
Before connecting:
- AWS account ready
- Bedrock service enabled
- Model access approved
- IAM user created
- Policy attached
- Credentials saved securely
- Budget alerts configured
- Information sent to Sasha Studio
After connecting:
- Access verified
- Test queries working
- Monitoring dashboard created
- Team members trained
- Documentation bookmarked
Questions? Contact your Sasha Studio administrator or refer to our FAQ document.