Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

how to modify AWS Bedrock code so that it runs without Secrets Manager

0

Good morning everyone,

I found this repository https://github.com/aws-samples/rag-using-langchain-amazon-bedrock-and-opensearch.git that codes for an AWS Bedrock generative AI chatbot using your own dataset.

I am currently trying to use the code to create a sample genAI chatbot as a proof of concept, before my team puts a lot of £ from the budget into the project. The code requires that you input your AWS OpenSearch credentials via SecretsManager (not sure where to find my OpenSearch credentials - are these separate from my IAM access key and secret access key?). However, it's a bit too costly to store my credentials in SecretsManager for this sample proof of concept (~900USD/month, according to the AWS calculator).

Is there a way to pass my credentials through the code without having to use Secrets? I have tried explicitly setting my IAM credentials in the code*, and commenting out all of the lines of code with Secrets in it, but getting nowhere with it. A little guidance would be much appreciated!

Thanks (:

*# AWS IAM credentials

os.environ['AWS_ACCESS_KEY_ID'] = 'my_access_key' os.environ['AWS_SECRET_ACCESS_KEY'] = 'my_secret_access_key' os.environ['AWS_DEFAULT_REGION'] = 'my_region'

Topics
Machine Learning & AISecurity, Identity, & ComplianceGenerative AI on AWS
Tags
AWS Identity and Access ManagementAWS Secrets ManagerSecurity, Identity, & ComplianceAmazon Bedrock
Language
English
asked 2 years ago619 views
1 Answer
0

Hello.

Looking at the Terraform code, when creating Opensearch, the password is stored in SecretsManager with "master_user_password = aws_secretsmanager_secret_version.secret.secret_string".
So, you can find the password you use to log in to Opensearch by opening the SecretsManager console and looking for secrets.
https://github.com/aws-samples/rag-using-langchain-amazon-bedrock-and-opensearch/blob/main/terraform/opensearch.tf

However, it's a bit too costly to store my credentials in SecretsManager for this sample proof of concept (~900USD/month, according to the AWS calculator).

How did you calculate $900?
SecretsManager fees vary depending on the number of API calls and the number of registered secrets.
So, I don't think it will reach $900 unless the number of requests is quite large.
https://aws.amazon.com/secrets-manager/pricing/?nc1=h_ls

In the application code, the Opensearch password is set on line 59 of the code below.
So, I thought that if you don't want to use SecretsManager, you can just replace this part with the password registered in SecretsManager.
https://github.com/aws-samples/rag-using-langchain-amazon-bedrock-and-opensearch/blob/main/load-data-to-opensearch.py

    opensearch_password = secret.get_secret(name, region)
    opensearch_client =  opensearch.get_opensearch_cluster_client(name, opensearch_password, region)
EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
  • User-4181793
    2 years ago

    Hi Riku,

    Thank you very much for your prompt reply.

    I've been sat with it for a few hours now, but can't seem to figure out why there are no Secrets stored in the SecretManager. I want to create a Secret for my OpenSearch username and password so that I can pass the Secret through the code, but can't even find my OpenSearch username and password in order to create a Secret for it.

    Do you possibly have any suggestions? (:

    Thank you

  • Riku_Kobayashi EXPERT
    2 years ago

    I believe SecretsManager is created in us-east-1. Looking at the Terraform code below, us-east-1 is specified. https://github.com/aws-samples/rag-using-langchain-amazon-bedrock-and-opensearch/blob/main/terraform/variables.tf
    Therefore, try specifying the region as an argument as shown below.

    python load-data-to-opensearch.py --recreate 1 --early-stop 1 --region us-east-1

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content