The number of generative artificial intelligence (AI) features within software offerings is on the rise, especially after market-leading Foundational Models (FMs) became accessible through an API using Amazon Bedrock. Amazon Bedrock is a fully managed service that offers a selection of high-performance foundational models from leading AI companies like AI21 Labs, Anthropic, Cohere, Meta, Stability AI, and Amazon, through a single API, along with a comprehensive set of capabilities for building generative AI applications with security, privacy, and responsible AI.
Agents for Amazon Bedrock enable software developers to complete actions and tasks based on user input and organizational data. A common challenge in multi-tenant offerings, such as Software as a Service (SaaS) products, is tenant isolation. Tenant isolation ensures that each tenant can only access their own resources, even if all tenants operate on a shared infrastructure.
You can isolate tenants in an application using different multi-tenant architecture patterns. In some cases, protection is achieved by dedicating entire stacks of resources to a single tenant (silo model) with coarse-grained policies to prevent access between tenants. In other scenarios, you may have pooled resources (such as a database table containing rows from different tenants) that require fine-grained policies to control access. Often, Amazon Web Services (AWS) customers design their applications using a mix of both models to balance the trade-offs of the models.
Tenant protection in a pooled model is achieved using tenant context information in different components of the application. Tenant context can be injected by an authorized source, such as the Identity Provider (IdP) during user authentication. The integrity of tenant context must be preserved throughout the system to prevent malicious users from acting on behalf of a tenant they should not have access to, resulting in potential exposure or modification of sensitive data.
Foundational models operate on unstructured data and respond probabilistically. These properties make FMs unsuitable for securely handling tenant context. For example, FMs are susceptible to prompt injection, which can be used by malicious actors to change tenant context. Instead, tenant context should be securely passed between deterministic components of an application, which can consume FM capabilities, providing the FM only with information that is already delimited to the specific tenant.
In this article, you will learn how to implement tenant protection using Amazon Bedrock agents in a multi-tenant environment. We will demonstrate this using a multi-tenant e-commerce application that provides a service for multiple tenants to create online stores. This application uses Amazon Bedrock agents to develop an AI assistant or chatbot capable of providing tenant-specific information, such as return policies and user-specific information like order counts and status updates. This architecture demonstrates how you can use clustered Amazon Bedrock agents and apply tenant protection at both the tenant level for return policy information and at the user level for user-related data, providing a secure and personalized experience for each tenant and their users.
The approach presented here highlights how generative AI capabilities can be securely integrated into multi-tenant applications, ensuring the privacy and security of each tenant’s data.
Referrer: MiMub in Spanish