Building an AWS Generative AI Application from Scratch: EC2 + Bedrock Hands-On Tutorial

This tutorial is a complete cloud-native AI application development guide for beginners. It builds a simple generative AI chatbot using Amazon EC2, Apache, Python CGI, and Amazon Bedrock, covering architecture design, IAM permission configuration, security best practices, and cost optimization suggestions to help novices master the full-process development and deployment of cloud-native AI applications.

With the development of generative AI technology, novice developers face challenges such as choosing cloud services, configuring permissions, and connecting frontends and backends when building cloud-based AI applications. This project helps understand the complete architecture and deployment process of generative AI applications by building a web chatbot, using EC2 as computing resources, Apache as the web server, Python CGI for backend processing, and Boto3 to call Bedrock services.

The application adopts a three-layer architecture:

• User layer: The browser accesses the HTML form to submit prompts
• Application layer: Apache on EC2 receives requests, forwards them to Python scripts via CGI, and the scripts call Bedrock using Boto3
• AI service layer: The LLM hosted by Bedrock generates responses and returns them Architecture advantages: Clear component responsibilities, lightweight tech stack, standardized deployment—suitable for introductory learning.

EC2 Instance Configuration

Choose Amazon Linux 2023, t3.micro instance, and open ports 22 (SSH) and 80 (HTTP) in the security group

IAM Roles and Permissions

Use IAM roles to authorize EC2 to access Bedrock, get temporary credentials via metadata after associating with the instance to enhance security

Apache and CGI Configuration

Install Apache and set it to start on boot, CGI script directory is /var/www/cgi-bin/, ensure scripts are executable

Python Backend

The CGI script receives frontend prompts, calls the Bedrock Runtime API, processes the response, and returns it to the browser.

The complete deployment is divided into six steps:

1. Launch EC2 instance: Amazon Linux 2023 with t3.micro specification, security group allows SSH and HTTP
2. Install dependencies: Update the system, install Apache, Python3, and Boto3
3. Configure IAM role: Create an EC2 trusted entity role, attach Bedrock policy and associate it with the instance
4. Deploy files: Place HTML in /var/www/html/, and CGI scripts in /var/www/cgi-bin/
5. Set permissions: Add executable permissions to CGI scripts
6. Verify service: Restart Apache and access the EC2 public IP to test the chat function.

Security suggestions for production environments:

• Network layer: Restrict SSH source IP range
• Transport layer: Enable HTTPS and apply for free SSL certificates using AWS Certificate Manager
• Least privilege: Configure fine-grained Bedrock resource policies for IAM roles
• Input validation: Filter user input to prevent injection attacks
• Architecture upgrade: Migrate to Flask/FastAPI instead of CGI.

Methods to control AWS costs:

• Instance management: Stop when not in use, terminate and delete EBS volumes after completion
• API call control: Avoid meaningless Bedrock calls
• Monitor bills: Check Billing and set budget alerts
• Free tier: t3.micro has a free quota of 750 hours/month for the first 12 months for new accounts.

Summary

GenAIbot is a well-designed introductory tutorial that provides runnable examples and full-process guidance, suitable for AWS and generative AI beginners

Learning Takeaways

Master skills such as EC2 management, security group configuration, IAM role design, Apache/CGI usage, Python+Boto3 development, and Bedrock calling

Expansion Directions

Frontend optimization (beautify UI, streaming responses), function enhancement (conversation history, multi-model switching, RAG), architecture evolution (Flask/FastAPI, containerized deployment).