Upgrade to version v1.4.2

Upgrade to version v1.4.2

Author: ihmaws

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.4.2] - 2024-05-16
+
+### Changed
+
+- Switched to using `langchain-aws` library for Bedrock and SageMaker LangChain calls instead of `langchain-community`.
+
+
 ## [1.4.1] - 2024-05-07
 
 ### Security

NOTICE.txt

@@ -123,6 +123,7 @@ jsonpatch                                                   BSD License
 jsonpath-ng                                                 Apache2.0
 jsonpointer                                                 BSD License
 langchain                                                   MIT
+langchain-aws                                               MIT
 langchain-community                                         MIT
 langchain-core                                              MIT
 langchain-text-splitters                                    MIT

README.md

@@ -1,5 +1,8 @@
 ## Generative AI Application Builder on AWS
 
+
+> **_NOTE:_** If you want to use the solution without any custom changes, navigate to [Solution Landing Page](https://aws.amazon.com/solutions/implementations/generative-ai-application-builder-on-aws/) and click the "Launch in the AWS Console" in the Deployment options for a 1-click deployment into your AWS Console.
+
 The [Generative AI Application Builder on AWS](https://aws.amazon.com/solutions/implementations/generative-ai-application-builder-on-aws/) solution (GAAB) provides a web-based management dashboard to deploy customizable Generative AI (Gen AI) use cases. This Deployment dashboard allows customers to deploy, experiment with, and compare different combinations of Large Language Model (LLM) use cases. Once customers have successfully configured and optimized their use case, they can take their deployment into production and integrate it within their applications.
 
 The Generative AI Application Builder is published under an Apache 2.0 license and is targeted for novice to experienced users who want to experiment and productionize different Gen AI use cases. The solution uses [LangChain](https://www.langchain.com/) open-source software (OSS) to configure connections to your choice of Large Language Models (LLMs) for different use cases. The first release of GAAB allows users to deploy chat use cases which allow the ability to query over users' enterprise data in a chatbot-style User Interface (UI), along with an API to support custom end-user implementations.

deployment/build-s3-dist.sh

@@ -40,7 +40,7 @@ set -e
 # Check to see if input has been provided:
 if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] || [ -z "$4" ]; then
     echo "Please provide all required parameters for the build script"
-    echo "For example: ./build-s3-dist.sh solutions trademarked-solution-name v1.4.1 template-bucket-name"
+    echo "For example: ./build-s3-dist.sh solutions trademarked-solution-name v1.4.2 template-bucket-name"
     exit 1
 fi
 

source/infrastructure/cdk.json

@@ -57,7 +57,7 @@
     "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
     "solution_id": "SO0276",
     "solution_name": "generative-ai-application-builder-on-aws",
-    "solution_version": "v1.4.1",
+    "solution_version": "v1.4.2",
     "app_registry_name": "GAAB",
     "application_type": "AWS-Solutions",
     "application_trademark_name": "Generative AI Application Builder on AWS"

source/infrastructure/lib/bedrock-chat-stack.ts

@@ -94,6 +94,13 @@ export class BedrockChat extends UseCaseChat {
             })
         );
 
+        this.chatLlmProviderLambda.addToRolePolicy(
+            new cdk.aws_iam.PolicyStatement({
+                actions: ['bedrock:ApplyGuardrail'],
+                resources: [`arn:${cdk.Aws.PARTITION}:bedrock:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:guardrail/*`]
+            })
+        );
+
         NagSuppressions.addResourceSuppressions(
             this.chatLlmProviderLambda.role!.node.tryFindChild('DefaultPolicy') as iam.Policy,
             [
@@ -102,6 +109,7 @@ export class BedrockChat extends UseCaseChat {
                     reason: 'This lambda is granted permissions to invoke any bedrock model, which requires the *.',
                     appliesTo: [
                         'Resource::arn:<AWS::Partition>:bedrock:<AWS::Region>::foundation-model/*',
+                        'Resource::arn:<AWS::Partition>:bedrock:<AWS::Region>:<AWS::AccountId>:guardrail/*',
                         'Resource::*'
                     ]
                 }

source/infrastructure/lib/vpc/bedrock-vpc.ts

@@ -40,6 +40,15 @@ export class BedrockUseCaseVPC extends FirstPartyUseCaseVPC {
                 resources: [`arn:${cdk.Aws.PARTITION}:bedrock:${cdk.Aws.REGION}::foundation-model/*`]
             })
         );
+
+        bedrockEndpoint.addToPolicy(
+            new iam.PolicyStatement({
+                principals: [new iam.AnyPrincipal()], // NOSONAR - policy is on vpc endpoint, user principal is not known - typescript:S6270
+                actions: ['bedrock:ApplyGuardrail'],
+                effect: iam.Effect.ALLOW, // NOSONAR - typescript:S6270, creating an allow policy for specific actions
+                resources: [`arn:${cdk.Aws.PARTITION}:bedrock:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:guardrail/*`]
+            })
+        );
     }
 
     /**

source/infrastructure/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "gen-ai-app-builder-on-aws-infrastructure",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "bin": {
     "infrastructure": "bin/gen-ai-app-builder.js"
   },

source/infrastructure/package.json

@@ -84,7 +84,7 @@ describe('When Chat use case is created', () => {
         });
     });
 
-    it('should create chat provider lambda function with permissions to invoke the bedrock APIs', () => {
+    it('should create chat provider lambda function with permissions to call the Bedrock Invoke APIs', () => {
         template.hasResourceProperties('AWS::IAM::Policy', {
             'PolicyDocument': {
                 'Statement': [
@@ -111,6 +111,46 @@ describe('When Chat use case is created', () => {
                     Match.anyValue(),
                     Match.anyValue(),
                     Match.anyValue(),
+                    Match.anyValue(),
+                    Match.anyValue()
+                ],
+                'Version': '2012-10-17'
+            }
+        });
+    });
+
+    it('should create chat provider lambda function with permissions to apply Bedrock Guardrails', () => {
+        template.hasResourceProperties('AWS::IAM::Policy', {
+            'PolicyDocument': {
+                'Statement': [
+                    Match.anyValue(),
+                    {
+                        'Action': 'bedrock:ApplyGuardrail',
+                        'Effect': 'Allow',
+                        'Resource': {
+                            'Fn::Join': [
+                                '',
+                                [
+                                    'arn:',
+                                    {
+                                        'Ref': 'AWS::Partition'
+                                    },
+                                    ':bedrock:',
+                                    {
+                                        'Ref': 'AWS::Region'
+                                    },
+                                    ':',
+                                    {
+                                        'Ref': 'AWS::AccountId'
+                                    },
+                                    ':guardrail/*'
+                                ]
+                            ]
+                        }
+                    },
+                    Match.anyValue(),
+                    Match.anyValue(),
+                    Match.anyValue(),
                     Match.anyValue()
                 ],
                 'Version': '2012-10-17'