Domain 3: Applications of Foundation Models - Revision Notes
Here are complete revision notes for the AWS Certified Generative AI Developer Professional (AIP-C01) exam, synthesized directly from the practice questions.
Topic 1: Amazon Bedrock Guardrails
This was the most frequent topic. Master every capability.
Core Capabilities:
- Content Filters: Block harmful categories (Hate, Insult, Sexual, Violence).
- Denied Topics: Custom definitions to block specific subjects (e.g., “Medical Advice”, “SQL Queries”).
- Word Filters: Block specific keywords/profanity.
- Sensitive Information Filters (PII): The only feature that redacts PII in real-time (in-flight) during the request/response cycle.
- Contextual Grounding: Detects hallucinations. Checks if the response is supported by the source data (RAG).
- Prompt Attack Filters: Specifically blocks Prompt Injection and Jailbreaks (e.g., “Ignore previous instructions”, SQL injection attempts).
Exam Cues & Scenarios:
- “Dynamic Filtering” / “Time-based rules”: Do NOT use APIs to update guardrails in real-time. Use Tags on guardrails + EventBridge to switch context.
- “Redact PII in real-time”: Guardrails. (Macie is for storage scanning, not real-time redaction).
- “Prevent SQL Injection”: Prompt Attack Filters (part of Guardrails).
- “Prevent Hallucinations” / “Factuality”: Contextual Grounding Check.
Topic 2: Security & Networking
Focus on private connectivity and organizational control.
Private Access (No Public Internet):
- The Solution: Interface VPC Endpoints (PrivateLink).
- The Symptom: If a Lambda in a private subnet times out calling Bedrock, it’s missing a VPC Endpoint (or NAT Gateway, but Endpoint is preferred for security).
- The Trap: Do not use Gateway Endpoints (only for S3/DynamoDB) or Client VPN (for humans, not services).
Organizational Governance:
- “Restrict Models across the Org”: Use Service Control Policies (SCPs).
- Scenario: Block Marketplace models or allow only specific Model IDs for everyone.
- Why: IAM is local to an account; SCPs rule the organization.
- “Encryption at Rest”:
- To enforce encryption (e.g., must use KMS Customer Managed Keys): Use AWS Config Rules.
- To audit storage after the fact: Use Amazon Macie.
Topic 3: Bedrock Agents & RAG
Understanding the difference between APIs is critical.
Knowledge Bases (RAG):
- RetrieveAndGenerate API: Does it all—Retrieves chunks, generates the answer, and provides citations. Use this for “least overhead.”
- Retrieve API: Only fetches the text chunks. You must handle generation yourself.
Agent Security:
- Defense Layers:
- System Prompts: Define the “persona” and scope.
- Pre-processing Prompt: An Agent step that validates input safety before execution.
- Guardrails: The hard enforcement layer.
- The Trap: AWS WAF protects against web attacks (DDoS, XSS), but it cannot detect prompt injection or semantic attacks.
Topic 4: Data Engineering for GenAI
Focus on “Least Operational Overhead.”
Pipelines:
- Unstructured to JSONL (Fine-tuning): Use AWS Glue (Crawler + ETL).
- Why: It is serverless and handles schema/metadata (Data Catalog) automatically.
- The Trap: Amazon EMR requires managing clusters (high overhead). Athena is for SQL queries, not heavy text transformation.
- Lineage & Auditing:
- Prompt Lineage: Use Bedrock Prompt Management.
- Data Lineage: Use Glue Data Catalog.
- Audit Trail: S3 Server Access Logs + CloudTrail.
Topic 5: SageMaker AI Governance
Distinguish between the different “SageMaker” tools.
- SageMaker Clarify: Detects Bias (Pre-training and Post-training). Fairness evaluation.
- SageMaker Model Monitor: Detects Drift (Data drift, Model quality drift) over time.
- SageMaker Model Cards / Registry: Documentation. Stores metadata, intended use, risk ratings, and compliance info.
- FMEval: Open-source library for evaluating LLMs (often used with Clarify).