AWS Generative AI Best Practices v2¶

The AWS Generative AI Best Practices Framework version 2 provides guidance for building, deploying, and operating generative AI applications on AWS infrastructure. This framework addresses unique security, compliance, and operational considerations for AI/ML workloads including responsible AI practices, model governance, and data protection. It is designed for organizations developing or deploying generative AI solutions on AWS.

Terraform Registry Subdomain: awsgenai¶

module "..." {
  source  = "awsgenai.compliance.tf/terraform-aws-modules/<module>/aws"
  version = "<version>"
}

module "..." {
  source = "https://awsgenai.compliance.tf/terraform-aws-modules/<module>/aws"
}

Refer to the Terraform Registry Endpoints section for more details.

Implemented Controls¶

The following controls are implemented as part of this framework.

• S3 bucket versioning should be enabled
• SageMaker notebook instances should not have direct internet access
• SageMaker notebook instances root access should be disabled

Enable/Disable Controls¶

You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.

Examples¶

S3 bucket module with AWS Generative AI Best Practices v2 compliance framework controls enabled, and a couple of controls disabled¶

module "..." {
  source = "https://awsgenai.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=s3_bucket_versioning_enabled,sagemaker_notebook_instance_direct_internet_access_disabled"
}