modernisation-platform icon indicating copy to clipboard operation
modernisation-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

Enabling Bedrock in the Paris Region

Open julialawrence opened this issue 9 months ago • 4 comments

User Story

As a Analytical Platform customer I would like to be able to use Bedrock in the eu-west-3 region Because eu-west-3 that provides access to models unavailable in eu-central-1 (Frankfurt)

Value / Purpose

More details in the feature request raised by the customer.

In short, Paris provides access to Anthropic Claude Haiku and Sonnet models which the customer wants to evaluate as a potential solution to their LLM use case.

Useful Contacts

@julialawrence

Additional Information

Happy to raise the PR for this as the work is similar to enabling the work in the Frankfurt region, but this is a new region and not currently used so wanted to put it forward for a review.

Our only constraint is that the user is working on a fairly tight deadline for this. They'd like access by May 8th, so if that's not realistic, I'd rather let them know early.

Proposal / Unknowns

Hypothesis

If we enable Bedrock in France it might draw more customers from Frankfurt.

Proposal

Enable the Paris region for Bedrock usage similar to the way Frankfurt is configured. Amend SCP to allow it. Configure the new region along the lines of Frankfurt.

Unknowns Potential pitfalls that could cause the story to expand beyond its original scope.

Since this is a new region, additional bootstrap components might need to be set up such as CT collection and security hub. If the region is used only for Bedrock, there shouldn't be any networking components to consider so potentially would not need to enroll it in IPAM.

Again, this can mimic the setup for other regions but it would potentially extend the scope beyond "amend SCP."

Definition of Done

Example - [ ] Documentation has been written / updated

  • [ ] Bedrock enabled in eu-west-3
  • [x] README has been updated
  • [x] User docs have been updated
  • [ ] Another team member has reviewed
  • [ ] Tests are green

julialawrence avatar May 01 '24 07:05 julialawrence

I'll chase Julia to see what to do here; this might be closeable without our direct involvement.

dms1981 avatar May 09 '24 09:05 dms1981

I don't see anything in bootstrap/member-bootstrap covering a MemberInfrastructureAccess role in eu-west-3 so this still appears to be required.

dms1981 avatar May 09 '24 11:05 dms1981

https://github.com/ministryofjustice/modernisation-platform/pull/6952 and https://github.com/ministryofjustice/modernisation-platform/pull/6959 both refer to this issue. In short, because the sprinkler account doesn't have SecurityHub enrollment for eu-west-3, this PR was causing the scheduled baselines job to fail. Once that's been resolved this can be revisited.

dms1981 avatar May 09 '24 11:05 dms1981

Thanks to Dave E, all accounts are now enrolled in Security Hub in the Paris region. The above PR closes the loop on the MP side, with new providers and eu-west-3 added to enabled regions. Once the PR is merged and successfully runs, this story is complete. Thanks again for all the help. :)

julialawrence avatar May 10 '24 07:05 julialawrence

Completed!

julialawrence avatar May 13 '24 13:05 julialawrence