Skip to main content
The CloudShell deployment method is the easiest way to deploy Bedrock Chat. It uses AWS CodeBuild to handle the entire deployment process automatically.

Overview

This deployment method:
  1. Creates a CloudFormation stack (CodeBuildForDeploy) with a CodeBuild project
  2. The CodeBuild project clones the Bedrock Chat repository
  3. Configures deployment parameters based on your inputs
  4. Runs CDK bootstrap and deployment commands
  5. Returns the Frontend URL after ~35 minutes

Prerequisites

1

Enable Bedrock Model Access

In the us-east-1 region, open Bedrock Model access:
  • Click Manage model access
  • Select all models you wish to use
  • Click Save changes
2

Choose Deployment Region

Ensure you deploy in a supported region where OpenSearch Serverless is available.

Basic Deployment

1

Open CloudShell

Open CloudShell in the region where you want to deploy.
2

Clone Repository

git clone https://github.com/aws-samples/bedrock-chat.git
cd bedrock-chat
chmod +x bin.sh
3

Run Deployment Script

./bin.sh
You’ll be asked to confirm you’re using v3.x. Enter y to continue.
4

Wait for Completion

The deployment takes approximately 35 minutes. Monitor the progress in the CloudShell output.
5

Access Your Application

Once complete, you’ll see output similar to:
Frontend URL: https://xxxxxxxxx.cloudfront.net
Access this URL in your browser to start using Bedrock Chat.

Deployment with Security Parameters

Production Recommendation: Always configure security parameters for production deployments to prevent unauthorized access.
Deploy with recommended security settings: 
./bin.sh \
  --disable-self-register \
  --ipv4-ranges "192.0.2.0/25,192.0.2.128/25" \
  --ipv6-ranges "2001:db8:1:2::/64,2001:db8:1:3::/64" \
  --allowed-signup-email-domains "example.com"

Available Parameters

The bin.sh script accepts the following parameters:

Security Parameters

  • --disable-self-register: Disable self-registration (users must be created in Cognito)
  • --ipv4-ranges: Comma-separated list of allowed IPv4 CIDR ranges
  • --ipv6-ranges: Comma-separated list of allowed IPv6 CIDR ranges
  • --disable-ipv6: Disable IPv6 connections entirely
  • --allowed-signup-email-domains: Comma-separated list of allowed email domains

Configuration Parameters

  • --bedrock-region: Region where Bedrock is available (default: us-east-1)
  • --enable-lambda-snapstart: Enable Lambda SnapStart for better performance
  • --version: Specific version to deploy (default: v3)
  • --repo-url: Custom repository URL if using a fork

Advanced Parameters

  • --cdk-json-override: JSON string to override any CDK context values

Advanced Configuration Examples

Example 1: Enterprise Security Setup

./bin.sh \
  --disable-self-register \
  --ipv4-ranges "10.0.0.0/8,172.16.0.0/12" \
  --allowed-signup-email-domains "mycompany.com" \
  --bedrock-region "us-west-2" \
  --version "v3.0.0"

Example 2: Development Environment

./bin.sh \
  --ipv4-ranges "0.0.0.0/0" \
  --bedrock-region "us-east-1"

Example 3: Using CDK JSON Override

Override multiple configuration values at once: 
./bin.sh --cdk-json-override '{
  "context": {
    "selfSignUpEnabled": false,
    "enableLambdaSnapStart": true,
    "allowedIpV4AddressRanges": ["192.168.1.0/24"],
    "allowedCountries": ["US", "CA"],
    "allowedSignUpEmailDomains": ["example.com"],
    "globalAvailableModels": [
      "claude-v3.7-sonnet",
      "claude-v3.5-sonnet",
      "amazon-nova-pro",
      "amazon-nova-lite",
      "llama3-3-70b-instruct"
    ]
  }
}'

CloudFormation Stack Details

The bin.sh script creates a CloudFormation stack with these resources:

Stack Name

CodeBuildForDeploy

Resources Created

  • CodeBuild Project: Executes the CDK deployment
  • IAM Role: Service role for CodeBuild with AdministratorAccess
  • IAM Policy: Additional permissions for CloudWatch Logs and CodeBuild reports

Environment Variables

The CodeBuild project receives these environment variables from parameters:
  • ALLOW_SELF_REGISTER
  • ENABLE_LAMBDA_SNAPSTART
  • IPV4_RANGES
  • IPV6_RANGES
  • DISABLE_IPV6
  • ALLOWED_SIGN_UP_EMAIL_DOMAINS
  • BEDROCK_REGION
  • CDK_JSON_OVERRIDE
  • REPO_URL
  • VERSION

Build Process

The CodeBuild project executes these steps:
1

Install Runtime

Installs Node.js 22 runtime
2

Clone Repository

Clones the specified version from the repository
3

Configure Parameters

  • Modifies cdk/cdk.json based on provided parameters
  • Applies CDK JSON overrides if provided
4

Install Dependencies

Runs npm ci in the cdk directory
5

Bootstrap CDK

Runs npx cdk bootstrap to prepare the AWS environment
6

Deploy Stacks

Runs npx cdk deploy --require-approval never --all to deploy all stacks

Monitoring Deployment

To monitor the deployment progress:
  1. The bin.sh script shows a spinner while waiting for stack creation
  2. Once the stack is created, it starts the CodeBuild project
  3. The script waits for the CodeBuild project to complete
  4. CloudWatch Logs are automatically fetched to display the Frontend URL
You can also monitor in the AWS Console:
  • CloudFormation: View stack creation progress
  • CodeBuild: View build logs and execution details
  • CloudWatch Logs: View detailed CDK deployment logs

Troubleshooting

Deployment Fails with Template Validation Error

The bin.sh script validates the CloudFormation template before deployment. If validation fails: 
Template validation failed
Ensure you’re using the latest version of the repository.

Frontend URL Not Appearing

If the Frontend URL doesn’t appear after deployment:
Try deploying a specific stable version:
./bin.sh --version "v3.0.0"

Insufficient Storage Error

CodeBuild requires sufficient storage space. If you encounter storage errors, the deployment may fail during CDK bootstrap or package installation.

Stack Already Exists

If you see an error that the CodeBuildForDeploy stack already exists:
  1. Delete the existing stack in CloudFormation
  2. Re-run the deployment script

Cleanup

To remove all deployed resources:
1

Delete Main Stack

Go to CloudFormation and delete BedrockChatStack.
2

Delete WAF Stack

Switch to the us-east-1 region and delete FrontendWafStack.
3

Delete CodeBuild Stack

Delete the CodeBuildForDeploy stack created by bin.sh.

Next Steps

Configure Parameters

Learn about all available deployment parameters

Security Configuration

Configure security settings for production

User Management

Set up users and groups

Custom Domains

Configure a custom domain name

Build docs developers (and LLMs) love

Get started for freeTalk to us