Explanation:
Option C is the correct solution because it addresses all requirements comprehensively:
PII Redaction based on user roles: The solution uses Amazon Bedrock guardrails configured based on Cognito user groups. This allows:
Age-based document filtering: S3 Lifecycle configuration automatically removes reports older than 3 years, ensuring the knowledge base only contains recent documents.
Knowledge base synchronization: Daily Lambda syncs ensure the knowledge base stays updated with new reports.
Why other options are incorrect:
Option A: Amazon Macie is primarily for PII detection and classification, not real-time redaction. This approach would redact PII at ingestion time for ALL users, not allowing surgeons to see PII. Also, Lambda-based deletion of outdated documents is less efficient than S3 Lifecycle rules.
Option B: Using separate Lambda functions for PII redaction for engineers would require maintaining two versions of documents (redacted and non-redacted) or complex query-time processing. This approach doesn't leverage Bedrock's built-in guardrail capabilities and would be more complex to implement and maintain.
Option C leverages AWS native services optimally:
This solution is scalable, maintainable, and uses AWS best practices for GenAI applications with sensitive data.
Ultimate access to all questions.
No comments yet.
A medical device company wants to feed reports of medical procedures that used the company's devices into an AI assistant. To protect patient privacy, the AI assistant must expose patient personally identifiable information (PII) only to surgeons. The AI assistant must redact PII for engineers. The AI assistant must reference only medical reports that are less than 3 years old.
The company stores reports in an Amazon S3 bucket as soon as each report is published. The company has already set up an Amazon Bedrock Knowledge Base. The AI assistant uses Amazon Cognito to authenticate users.
Which solution will meet these requirements?
A
Enable Amazon Macie PII detection on the S3 bucket. Use an S3 trigger to invoke an AWS Lambda function that redacts PII from the reports. Configure the Lambda function to delete outdated documents and invoke knowledge base syncing.
B
Invoke an AWS Lambda function to sync the S3 bucket and the knowledge base when a new report is uploaded. Use a second Lambda function with Amazon Comprehend to redact PII for engineers. Use S3 Lifecycle rules to remove reports older than 3 years.
C
Set up an S3 Lifecycle configuration to remove reports that are older than 3 years. Schedule an AWS Lambda function to run daily syncs between the bucket and the knowledge base. When users interact with the AI assistant, apply a guardrail configuration selected based on the user's Cognito user group to redact PII from responses when required.