Skip to main content

Overview

Bedrock Chat uses a schema-based parameter system powered by Zod for validation. Parameters can be configured in cdk.json (context) or parameter.ts (environment-specific).

Configuration Files

cdk.json

Default parameters for the “default” environment. Located at cdk/cdk.json.

parameter.ts

Environment-specific parameters with type safety. Located at cdk/parameter.ts. 
import { BedrockChatParametersInput } from "./lib/utils/parameter-models";

export const bedrockChatParams = new Map<string, BedrockChatParametersInput>();

// Define environments
bedrockChatParams.set("dev", {
  bedrockRegion: "us-east-1",
  enableBotStore: true,
  // ... other parameters
});

bedrockChatParams.set("prod", {
  bedrockRegion: "us-west-2",
  enableBotStore: true,
  enableRagReplicas: true,
  // ... other parameters
});
Deployment: 
# Deploy with environment
npx cdk deploy --all --context envName=prod

Base Parameters

Common across all stacks.
envName
string
default:"default"
Environment name (max 10 chars, alphanumeric starting with letter). Used as suffix for stack names and resource prefixes.
envPrefix
string
default:""
Automatically derived from envName. Empty for “default”, otherwise equals envName.
bedrockRegion
string
default:"us-east-1"
AWS region where Amazon Bedrock is available.Common regions: us-east-1, us-west-2, eu-west-1, ap-northeast-1
enableBedrockGlobalInference
boolean
default:true
Enable Bedrock’s global inference routing for automatic model failover.
enableBedrockCrossRegionInference
boolean
default:true
Allow Bedrock to use models from multiple regions for higher availability.

Bedrock Chat Parameters

Main application parameters for BedrockChatStack.

Frontend & Security

enableFrontendWaf
boolean
default:true
Deploy Web ACL for CloudFront distribution.Important: Requires us-east-1 deployment capability. Set to false if you cannot deploy to us-east-1.
enableFrontendIpv6
boolean
default:true
Enable IPv6 for CloudFront distribution.
allowedIpV4AddressRanges
string[]
default:["0.0.0.0/1","128.0.0.0/1"]
Allowed IPv4 CIDR ranges for frontend access (enforced by WAF if enabled).Default: All IPv4 addresses allowedExample: ["203.0.113.0/24", "198.51.100.0/24"]
allowedIpV6AddressRanges
string[]
Allowed IPv6 CIDR ranges for frontend access.Default: All IPv6 addresses allowed
allowedCountries
string[]
default:[]
ISO 3166-1 alpha-2 country codes for geo-restriction.Empty array: No geo-restrictionExample: ["US", "CA", "GB"]
publishedApiAllowedIpV4AddressRanges
string[]
default:["0.0.0.0/1","128.0.0.0/1"]
Allowed IPv4 ranges for published bot APIs.
publishedApiAllowedIpV6AddressRanges
string[]
Allowed IPv6 ranges for published bot APIs.

Authentication

identityProviders
TIdentityProvider[]
default:[]
Array of identity provider configurations for SSO.Format:
[
  {
    "service": "google",
    "secretName": "my-google-idp-secret"
  },
  {
    "service": "oidc",
    "serviceName": "MyOIDC",
    "secretName": "my-oidc-secret"
  }
]
Secrets Manager format:
  • Google: {"clientId": "...", "clientSecret": "..."}
  • OIDC: {"clientId": "...", "clientSecret": "...", "issuerUrl": "..."}
userPoolDomainPrefix
string
default:""
Cognito domain prefix for hosted UI. Required if identityProviders is configured.Format: Lowercase alphanumeric and hyphensExample: bedrock-chat-dev
allowedSignUpEmailDomains
string[]
default:[]
Email domains allowed for self-signup.Empty array: All email domains allowedExample: ["example.com", "acme.org"]
autoJoinUserGroups
string[]
default:["CreatingBotAllowed"]
Cognito groups users automatically join after signup.Available groups: Admin, CreatingBotAllowed, PublishAllowed
selfSignUpEnabled
boolean
default:true
Allow users to self-register. Disabled if identity providers are configured.
tokenValidMinutes
number
default:30
Cognito ID token validity in minutes.Range: 5 minutes to 24 hours

Performance & Availability

enableRagReplicas
boolean
default:true
Enable standby replicas for OpenSearch Serverless collections (Knowledge Bases).Impact: Higher availability, ~2x cost
enableLambdaSnapStart
boolean
default:true
Enable Lambda SnapStart for faster cold starts on API and WebSocket handlers.Supported runtimes: Java, Python (3.13+)

Custom Domain

alternateDomainName
string
default:""
Custom domain for the frontend (e.g., chat.example.com).Requirements: Valid ACM certificate will be auto-created in us-east-1
hostedZoneId
string
default:""
Route53 hosted zone ID for DNS record creation. Required if alternateDomainName is set.

Bot Store

enableBotStore
boolean
default:true
Enable bot store for discovering and sharing bots.
enableBotStoreReplicas
boolean
default:false
Enable standby replicas for bot store OpenSearch collection.
botStoreLanguage
BotStoreLanguage
default:"en"
Language for bot store text analysis.Options: en, de, fr, es, ja, ko, zhhans, zhhant, it, nb, th, id, ms

Model Configuration

globalAvailableModels
string[]
default:[]
Restrict available models to specific model IDs.Empty array: All Bedrock models availableExample: ["anthropic.claude-3-5-sonnet-20241022-v2:0", "anthropic.claude-3-5-haiku-20241022-v1:0"]
defaultModel
string
Model ID selected by default when users first visit the app.Example: "anthropic.claude-3-5-sonnet-20241022-v2:0"
titleModel
string
Model used for generating conversation titles.Default: Falls back to defaultModel, then hardcoded default

Branding

logoPath
string
default:""
Path to custom logo file for frontend branding.Format: Relative path from frontend build directory

S3 Configuration

bucketPrefix
string
default:""
Prefix for all S3 bucket names.Format: Lowercase alphanumeric and hyphens onlyExample: "mycompany" creates buckets like mycompany-access-logs, mycompany-frontend-assets

Development

devAccessIamRoleArn
string
default:""
IAM role ARN for developer access to OpenSearch collections.Format: arn:aws:iam::123456789012:role/DeveloperRoleGrants: aoss:* permissions for bot store debugging

API Publish Parameters

Parameters for ApiPublishmentStack (passed via CodeBuild environment variables).
publishedApiThrottleRateLimit
number
Steady-state requests per second.Example: 100
publishedApiThrottleBurstLimit
number
Burst capacity for request handling.Example: 200
publishedApiQuotaLimit
number
Maximum requests per quota period.Example: 10000
publishedApiQuotaPeriod
'DAY' | 'WEEK' | 'MONTH'
Quota period for rate limiting.
publishedApiDeploymentStage
string
default:"api"
API Gateway deployment stage name.
publishedApiId
string
Existing API ID to update (used for redeployment).
publishedApiAllowedOrigins
string
default:"[\"*\"]"
JSON array of allowed CORS origins.Example: '["https://app.example.com", "https://admin.example.com"]'

Custom Bot Parameters

Parameters for BedrockCustomBotStack (passed via CodeBuild environment variables).
ownerUserId
string
required
User ID of the bot creator.
botId
string
required
Unique bot identifier (UUID).
documentBucketName
string
required
S3 bucket name containing bot documents.
knowledge
string
required
JSON-encoded knowledge configuration.Format:
{
  "sourceUrls": ["https://docs.example.com"],
  "filenames": ["document.pdf"],
  "existingS3Urls": ["s3://bucket/prefix/"]
}
knowledgeBase
string
required
JSON-encoded Knowledge Base configuration.Format:
{
  "embeddingsModel": {"modelId": "amazon.titan-embed-text-v2:0"},
  "chunkingStrategy": "fixed-size",
  "maxTokens": 300,
  "overlapPercentage": 20
}
guardrails
string
required
JSON-encoded guardrails configuration.Format:
{
  "is_guardrail_enabled": true,
  "hateThreshold": 3,
  "insultsThreshold": 3,
  "sexualThreshold": 3,
  "violenceThreshold": 3,
  "misconductThreshold": 0,
  "groundingThreshold": 0.75,
  "relevanceThreshold": 0.75
}
Thresholds: 0 (disabled), 1 (low), 2 (medium), 3 (high)
enableRagReplicas
string
default:"false"
Enable replicas for this bot’s Knowledge Base.Values: "true" or "false" (string)

Shared Knowledge Bases Parameters

Parameters for BedrockSharedKnowledgeBasesStack (passed via CodeBuild environment variables).
sharedKnowledgeBases
string
required
JSON-encoded array of shared Knowledge Base configurations.Format:
[
  {
    "knowledgeBaseHash": "abc123",
    "embeddingsModel": {"modelId": "amazon.titan-embed-text-v2:0"},
    "chunkingStrategy": "semantic",
    "instruction": "Custom KB instructions"
  }
]
documentBucketName
string
required
S3 bucket containing shared documents.
enableRagReplicas
string
default:"false"
Enable replicas for shared Knowledge Bases.

Parameter Validation

All parameters are validated using Zod schemas in cdk/lib/utils/parameter-models.ts. Validation rules:
  • envName: Max 10 chars, alphanumeric, starts with letter
  • bucketPrefix: Lowercase alphanumeric + hyphens, suitable for S3 naming
  • IP ranges: Valid CIDR notation
  • Model IDs: String format (not validated against Bedrock catalog)
Error handling: 
# Invalid parameter example
$ npx cdk deploy

Error: Validation error: Invalid input at "envName": String must match pattern /^$|^[a-zA-Z][a-zA-Z0-9]*$/

Environment Variables

Runtime environment variables are automatically set by CDK for Lambda functions and CodeBuild projects. These are not user-configurable parameters. Common Lambda environment variables:
  • CONVERSATION_TABLE_NAME
  • BOT_TABLE_NAME
  • BEDROCK_REGION
  • DOCUMENT_BUCKET
  • USER_POOL_ID
  • TABLE_ACCESS_ROLE_ARN
  • ENABLE_BEDROCK_GLOBAL_INFERENCE
  • ENABLE_BEDROCK_CROSS_REGION_INFERENCE
See construct documentation for complete lists per Lambda function.

Build docs developers (and LLMs) love

Get started for freeTalk to us