Create Bedrock KnowledgeBase via API

0

Hi,

Im trying to setup an AI chatbot with Bedrock and try to make some knowledgebases trough an API from my external application. I use the Put on this URL: https://bedrock-agent.{{AWS_Region}}.amazonaws.com/knowledgebases/

But my response is: { "message": "User: arn:aws:iam::***** is not authorized to perform: bedrock:CreateKnowledgeBase" }

If i check my policy in the policy simulator iam allowed to use this service it seems. What i do wrong?

Policy simulator

preguntada hace 3 meses289 visualizaciones
4 Respuestas
2
Respuesta aceptada

Hello.

Are you using the correct IAM user?
By the way, is it possible to create it from the management console instead of the API?
Also, check the CloudTrail event history and are there any errors occurring in the "CreateKnowledgeBase" event?
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html

profile picture
EXPERTO
respondido hace 3 meses
profile picture
EXPERTO
revisado hace 2 meses
  • "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid."

    I see this in the cloudtrail.

    Seems my body isnt correct. I just copy paste it from the documentation without filling in the fields actually. Im trying to find a filled in example to test this call but cant find anything :/

  • The request bodies that can be used with the "CreateKnowledgeBase" API are described in the documentation below. What kind of request did you specifically make? https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateKnowledgeBase.html

  • I copy pasted that one in your url. But its not understandable for me what to fill in in the request. Below the cloudtrail error msg.

    Now i tried to simplify the request into: { "knowledgeBaseConfiguration": { "type": "string", "vectorKnowledgeBaseConfiguration": { "embeddingModelArn": "arn:aws:aoss:eu-central-1:79:collection/omcmtg0", "embeddingModelConfiguration": { "bedrockEmbeddingModelConfiguration": { "dimensions": number } } } }, "name": "testknowledgebase", "roleArn": "arn:aws:iam:::user/**", "storageConfiguration": { "opensearchServerlessConfiguration": { "collectionArn": "arn:aws:aoss:eu-central-1::collection/om5w1btg0", "vectorIndexName": "string" }, "tags": { "string" : "we" } }

  • Looking at the explanation in the document, I think it will be as follows. The following example uses OpenSearch Serverless. You must specify the OpenSearch Serverless that you created in advance. Please create the OpenSearchServerless index in advance by following the steps in the document below. https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-setup.html

    {
       "description": "test KnowledgeBase",
       "knowledgeBaseConfiguration": { 
          "type": "VECTOR",
          "vectorKnowledgeBaseConfiguration": { 
             "embeddingModelArn": "arn:aws:bedrock:ap-northeast-1::foundation-model/amazon.titan-embed-text-v1" # The Amazon Resource Name (ARN) of the model used to create vector embeddings for the knowledge base.
          }
       },
       "name": "test",
       "roleArn": "arn:aws:iam::11111111111:role/service-role/AmazonBedrockExecutionRoleForKnowledgeBase_wv0nu", # KnowledgeBase IAM Role ARN
       "storageConfiguration": { 
          "opensearchServerlessConfiguration": { 
             "collectionArn": "arn:aws:aoss:ap-northeast-1:11111111111:collection/aaaaaaaaaaaaaa", # OpenSearchServerless ARN
             "fieldMapping": { 
                "metadataField": "metadata",
                "textField": "text",
                "vectorField": "test-vector-field"
             },
             "vectorIndexName": "test-index"
          },
          "type": "OPENSEARCH_SERVERLESS"
       }
    }
    
  • Thanks for the example Riku! but too bad i still got the response:

    { "message": "User: arn:aws:iam::**:user/* is not authorized to perform: bedrock:CreateKnowledgeBase" }

    And it the cloudtrail i still see the same error: "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid." },

0
`{
    "eventVersion": "1.09",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "******",
        "arn": "arn:aws:iam::*******",
        "accountId": "********",
        "accessKeyId": "*****",
        "userName": "****"
    },
    "eventTime": "2024-08-16T11:23:56Z",
    "eventSource": "bedrock.amazonaws.com",
    "eventName": "CreateKnowledgeBase",
    "awsRegion": "eu-central-1",
    "sourceIPAddress": "217.123.95.153",
    "userAgent": "PostmanRuntime/7.40.0",
    "errorCode": "AccessDenied",
    "requestParameters": {
        "error": "Request body is invalid."
    },
    "responseElements": {
        "Access-Control-Expose-Headers": "x-amzn-errortype,x-amzn-requestid,x-amzn-trace-id",
        "message": "User: arn:aws:iam::******* is not authorized to perform: bedrock:CreateKnowledgeBase"
    },
    "requestID": "82e5b9aa-4f17-4ab7-b9f2-7b5657f11b25",
    "eventID": "1c117ac9-5582-42c3-b163-6a1734587ebb",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "******",
    "eventCategory": "Management"
}`
respondido hace 3 meses
0

No clue how to add a image in the comments so i put it in here:

dsdsd This are all the policies i have now on the bedrockuser

respondido hace 3 meses
0

Feel Feels like same settings as you showed in your picture.

respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas