Explanation:
Option C is correct because it properly addresses all requirements:
Cross-Region inference profiles: Amazon Bedrock's cross-Region inference profiles are specifically designed for regional data residency requirements. A Europe-scoped endpoint ensures requests stay within European Regions where the FM is deployed (eu-central-1 and eu-west-3).
Private connectivity: Configuring an Amazon Bedrock VPC endpoint ensures all traffic remains on AWS private networks, meeting the requirement for private connectivity.
Compliance with SCPs: Extending existing SCPs to allow inference profile usage maintains governance while enabling access only in approved Regions.
Data residency: The solution ensures customer data remains within the same Regions as the FM deployment.
Why other options are incorrect:
Option A: Deploys infrastructure in eu-north-1, but the FM is hosted in eu-central-1 and eu-west-3. This doesn't ensure requests remain within the same Regions as the FM.
Option B: Hosts the FM on EC2 instances in eu-north-1, which contradicts the requirement that the FM is already hosted in eu-central-1 and eu-west-3. Also, EC2 hosting doesn't leverage Amazon Bedrock's managed service benefits.
Option D: Uses SageMaker in eu-north-1, which again doesn't align with the FM being hosted in eu-central-1 and eu-west-3. This would require moving the FM to SageMaker, which isn't specified as an option.
The key insight is that Amazon Bedrock's cross-Region inference profiles are specifically designed for scenarios requiring data residency across multiple Regions while maintaining private connectivity and compliance with organizational policies.
Ultimate access to all questions.
No comments yet.
A GenAI developer is evaluating Amazon Bedrock foundation models (FMs) to enhance a Europe-based company's internal business application. The company has a multi-account landing zone in AWS Control Tower. The company uses Service Control Policies (SCPs) to allow its accounts to use only the eu-north-1 and eu-west-1 Regions. All customer data must remain in private networks within the approved AWS Regions.
The GenAI developer selects an FM based on analysis and testing and hosts the model in the eu-central-1 Region and the eu-west-3 Region. The GenAI developer must enable access to the FM for the company's employees. The GenAI developer must ensure that requests to the FM are private and remain within the same Regions as the FM.
Which solution will meet these requirements?
A
Deploy an AWS Lambda function that is exposed by a private Amazon API Gateway REST API to a VPC in eu-north-1. Create a VPC endpoint for the selected FM in eu-central-1 and eu-west-3. Extend existing SCPs to allow employees to use the FM. Integrate the REST API with the business application.
B
Deploy the FM on Amazon EC2 instances in eu-north-1. Deploy a private Amazon API Gateway REST API in front of the EC2 instances. Configure an Amazon Bedrock VPC endpoint. Integrate the REST API with the business application.
C
Configure the FM to use cross-Region inference through a Europe-scoped endpoint. Configure an Amazon Bedrock VPC endpoint. Extend existing SCPs to allow employees to use the FM through inference profiles in Europe-based Regions where the FM is available. Use an inference profile to integrate Amazon Bedrock with the business application.
D
Deploy the FM in Amazon SageMaker in eu-north-1. Configure a SageMaker VPC endpoint. Extend existing SCPs to allow employees to use the SageMaker endpoint. Integrate the FM in SageMaker with the business application.