search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
680 stars 290 forks source link

Enabling Bedrock in the Paris Region #6917

Closed julialawrence closed 4 months ago

julialawrence commented 4 months ago

User Story

As a Analytical Platform customer I would like to be able to use Bedrock in the eu-west-3 region Because eu-west-3 that provides access to models unavailable in eu-central-1 (Frankfurt)

Value / Purpose

More details in the feature request raised by the customer.

In short, Paris provides access to Anthropic Claude Haiku and Sonnet models which the customer wants to evaluate as a potential solution to their LLM use case.

Useful Contacts

@julialawrence

Additional Information

Happy to raise the PR for this as the work is similar to enabling the work in the Frankfurt region, but this is a new region and not currently used so wanted to put it forward for a review.

Our only constraint is that the user is working on a fairly tight deadline for this. They'd like access by May 8th, so if that's not realistic, I'd rather let them know early.

Proposal / Unknowns

Hypothesis

If we enable Bedrock in France it might draw more customers from Frankfurt.

Proposal

Enable the Paris region for Bedrock usage similar to the way Frankfurt is configured. Amend SCP to allow it. Configure the new region along the lines of Frankfurt.

Unknowns Potential pitfalls that could cause the story to expand beyond its original scope.

Since this is a new region, additional bootstrap components might need to be set up such as CT collection and security hub. If the region is used only for Bedrock, there shouldn't be any networking components to consider so potentially would not need to enroll it in IPAM.

Again, this can mimic the setup for other regions but it would potentially extend the scope beyond "amend SCP."

Definition of Done

Example - [ ] Documentation has been written / updated

dms1981 commented 4 months ago

I'll chase Julia to see what to do here; this might be closeable without our direct involvement.

dms1981 commented 4 months ago

I don't see anything in bootstrap/member-bootstrap covering a MemberInfrastructureAccess role in eu-west-3 so this still appears to be required.

dms1981 commented 4 months ago

https://github.com/ministryofjustice/modernisation-platform/pull/6952 and https://github.com/ministryofjustice/modernisation-platform/pull/6959 both refer to this issue. In short, because the sprinkler account doesn't have SecurityHub enrollment for eu-west-3, this PR was causing the scheduled baselines job to fail. Once that's been resolved this can be revisited.

julialawrence commented 4 months ago

Thanks to Dave E, all accounts are now enrolled in Security Hub in the Paris region. The above PR closes the loop on the MP side, with new providers and eu-west-3 added to enabled regions. Once the PR is merged and successfully runs, this story is complete. Thanks again for all the help. :)

julialawrence commented 4 months ago

Completed!