Multi-tenant RAG implementation with Amazon Bedrock and Amazon OpenSearch Service for SaaS using JWT

Machine Learning Blog

This article discusses a multi-tenant Retrieval Augmented Generation (RAG) implementation using Amazon Bedrock and Amazon OpenSearch Service with JSON Web Token (JWT) for secure data isolation in SaaS environments.

Enables personalized AI services by using tenant-specific data sources
Uses JWT and Fine-Grained Access Control (FGAC) for secure multi-tenant data isolation
Supports three data isolation patterns: domain-level, index-level, and document-level
Integrates Amazon Cognito, AWS Lambda, DynamoDB, and Amazon Bedrock
Allows dynamic tenant identification and routing through JWT attributes

The solution provides a flexible approach for SaaS providers to implement secure, scalable RAG systems with strict tenant data access controls and routing mechanisms.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Dec 16
2024

Multi-tenant RAG with Amazon Bedrock Knowledge Bases

Apr 7
2025

Multi-tenancy in RAG applications in a single Amazon Bedrock knowledge base with metadata filtering

Apr 6
2026

Building Intelligent Search with Amazon Bedrock and Amazon OpenSearch for hybrid RAG solutions

May 21
2026

Building multi-tenant agents with Amazon Bedrock AgentCore

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Multi-tenant RAG implementation with Amazon Bedrock and Amazon OpenSearch Service for SaaS using JWT

Related articles