🤖 RAG on AWS: Building an AI-powerd Knowledge Base, with Amazon Bedrock and Pinecone using AWS CloudFormation

💡 Introduction

Imagine having an AI-powered knowledge base that can retrieve information at lightning speed. That's exactly what we’re building here! This CloudFormation template sets up an Amazon Bedrock Knowledge Base, stores vector embeddings in Pinecone, and leverages an Amazon S3 bucket for document storage.

We are exploring Pinecone as an alternative to the default Amazon OpenSearch Serverless (which is a very good and still valid option) due to its specialized capabilities in handling vector-based search. Pinecone offers efficient similarity search, optimized indexing for high-dimensional embeddings, and low-latency retrieval, making it a strong choice for AI-driven knowledge bases.

Moreover its fully integrated with AWS Bedrock Knowledge Base and available as an option via AWS Console.

You can follow this awesome blog post from folks at Pinecone to create your own Amazon Bedrock Knowledge Base using AWS Console.

My plan here is to automate this process, using infrastructure as code as much as possible, and to share my work so that anyone can use a template to quickly create a knowledge base with Amazon Bedrock and Pinecone.

This guide walks you through:

• Setting up parameters to control our Cloudformation template
• Setting up an Amazon S3 bucket as source data for our vector embeddings
• Setting up permissions for Amazon Bedrock
• Integrating Pinecone as vector storage for our embeddings
• Deploying the Amazon Bedrock Knowledge Base with CloudFormation

Let's get started!

🌲 Pinecone index

As the knowledge base we want to build is going to rely on a Pinecone index as embedding vector storage, before starting you'll need to create an account on Pinecone and create a Pinecone index:

• After signing up to Pinecone, follow the quickstart guide to create your Pinecone index
• and retrieve your index’s endpoint and apiKey from the Pinecone console.

Here, it's important to pay attention to the parameters dimension and metric. They must match those of the model you will use to generate the embeddings. In our case, set 1024 and cosine.

🏗️ Architecture

We are building a simple architecture pattern and deploying it with Cloudformation. Here is a schema to understand what we'll build here.

⚙️ Parameters

First of all, let's define some parameters to control:

• the model which we'll use to generate embeddings: we have set the default to Amazon Titan Embed Text V2, you can choose whatever model you prefer.
• the name of our knowledge base
• the connection string to our Pinecone endpoint
• the pinecone ApiKey string
• pinecones fields names

#Define parameters
Parameters:
  EmbeddingModel:
    Type: String
    Default: "arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-embed-text-v2:0"
    Description: "ARN of the embedding model to use. Defaults to Titan 2."

  KnowledgeBaseName:
    Type: String
    Default: "knowledge-base"
    Description: "Name of the knowledge base."

  PineconeConnectionString:
    Type: String
    Description: "Pinecone connection string (e.g., 'https://your-pinecone-endpoint-url')."
    Default: "https://test-eleva-3b7gvx5.svc.aped-4627-b74a.pinecone.io"

  PineconeApiKey:
    Type: String
    Description: "Pinecone API Key for authentication."
    Default: "{\"apiKey\": \"xxxx_xxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"}"

  TextField:
    Type: String
    Default: "text"
    Description: "Field name in Pinecone to store raw text data."

  MetadataField:
    Type: String
    Default: "metadata"
    Description: "Field name in Pinecone to store metadata associated with the text."

🪣 S3 bucket

We'll need an Amazon S3 bucket as data source for our Amazon Bedrock Knowledge Base, simply create it with a specific resource.

# S3 bucket for storing knowledge base data
  KnowledgeBaseS3Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      BucketName: !Sub "${KnowledgeBaseName}-bucket"

🛡️ Permissions Setup

For Amazon Bedrock to function properly, it needs access to interact with multiple AWS services. This template creates an AWS IAM role with the following permissions:

• S3 Access: Reads and writes data from the knowledge base source S3 bucket.
• Secrets Manager: Retrieves the Pinecone API key securely.
• Amazon Bedrock: Invokes the embedding model (here Titan embedding model for text vectorization).

Key IAM Role Definition:

  # IAM Role for Amazon Bedrock 
  BedrockIAMRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service: "bedrock.amazonaws.com"
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: "BedrockAccessPolicy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action:
                  - "s3:ListBucket"
                Resource: !Sub "arn:aws:s3:::${KnowledgeBaseS3Bucket}"
              - Effect: "Allow"
                Action:
                  - "s3:GetObject"
                  - "s3:PutObject"
                Resource: !Sub "arn:aws:s3:::${KnowledgeBaseName}-bucket/*"

              - Effect: "Allow"
                Action:
                  - "secretsmanager:GetSecretValue"
                Resource: "*"  # Adjust to the specific ARN of your Pinecone API key secret

              # Add Bedrock permissions to invoke the Amazon Titan embedding model
              - Effect: "Allow"
                Action:
                  - "bedrock:InvokeModel"
                Resource: "arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-embed-text-v2:0"

Make sure your AWS Secrets Manager permissions are scoped to only the necessary resources!

🤫 Pinecone Secret Integration

Pinecone is used as the vector database for storing and retrieving embeddings. Key Configuration in this step is to create the Secret in AWS Secret Manager, as we should use it later in our template:

  PineconeApiKeySecret:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: !Sub "${KnowledgeBaseName}-PineconeApiKey"
      SecretString: !Ref PineconeApiKey

This ensures credentials are stored securely rather than being hardcoded.

📄 Deploying the Knowledge Base

Finally, we can proceed with the core of this setup, Amazon Bedrock Knowledge Base which:

• Uses Titan embedding model for vectorization (you can adjust to whatever model you prefer, just remember to enable model access in Bedrock console).
• Connect and stores embeddings in Pinecone.

  # Amazon Bedrock Knowledge Base with Pinecone integration
  KnowledgeBase:
    Type: "AWS::Bedrock::KnowledgeBase"
    Properties:
      Name: !Ref KnowledgeBaseName
      Description: "Knowledge base integrating Amazon Bedrock with Pinecone"
      RoleArn: !GetAtt BedrockIAMRole.Arn
      KnowledgeBaseConfiguration:
        Type: "VECTOR"
        VectorKnowledgeBaseConfiguration:
          EmbeddingModelArn: !Ref EmbeddingModel
      StorageConfiguration:
        Type: "PINECONE"
        PineconeConfiguration:
          ConnectionString: !Ref PineconeConnectionString
          CredentialsSecretArn: !Ref PineconeApiKeySecret
          FieldMapping:
            TextField: !Ref TextField
            MetadataField: !Ref MetadataField
          Namespace: !Sub "${KnowledgeBaseName}-namespace"

🗄️ Data source

Last but not least let's connect our S3 bucket as data source for our embeddings.

  # Define the KB Data Source separately
  KnowledgeBaseDataSource:
    Type: "AWS::Bedrock::DataSource"
    Properties:
      KnowledgeBaseId: !Ref KnowledgeBase
      Name: "S3DataSource"
      Description: "S3 Data Source for Knowledge Base"
      DataSourceConfiguration:
        Type: "S3"
        S3Configuration:
          BucketArn: !Sub "arn:aws:s3:::${KnowledgeBaseS3Bucket}"

🚀 Deploy

You can deploy this template with AWS Console or using AWS CLI.
You'll be asked to set your template name and parameters, according to your needs (name, model, pinecone connection endpoint, pinecone api key, pinecone fields mapping)

*Once deployed, you’ll have a fully functional knowledge base ready for AI-powered retrieval!
*
Here a sample result

🧪 Test your knowledge base

You can test your knowledge base using AWS Console

Upload a file in your s3.
Here I'm using a simple csv with production cost for plaid shirts.

Sync your Amazon Bedrock Knowledge Base

Finally select a model to generate answers and make some relevant question.
Here I'm asking how much does it cost to produce 10, 100 and 1000 plaid shirts in Italy. You should note references in the response.

🏁 Takeaways

This CloudFormation template automates the creation of a Bedrock knowledge base on AWS, leveraging Amazon Bedrock and Pinecone.

Key Takeaways:

• IAM roles ensure secure access to services.
• Pinecone serves as a scalable vector store.
• Amazon Bedrock enables AI-driven search and retrieval.

Now, deploy it and start querying your knowledge base with AI!

🌐 Resources

You can find this template open sourced by Eleva: just go here.

🙋 Who am I

I'm D. De Sio and I work as a Head of Software Engineering in Eleva.
I'm currently (Feb 2025) an AWS Certified Solution Architect Professional and AWS Certified DevOps Engineer Professional, but also a User Group Leader (in Pavia), an AWS Community Builder and, last but not least, a #serverless enthusiast.
My work in this field is to advocate about serverless and help as more dev teams to adopt it, as well as customers break their monolith into API and micro-services using it.