Create Bedrock KnowledgeBase via API

0

Hi,

Im trying to setup an AI chatbot with Bedrock and try to make some knowledgebases trough an API from my external application. I use the Put on this URL: https://bedrock-agent.{{AWS_Region}}.amazonaws.com/knowledgebases/

But my response is: { "message": "User: arn:aws:iam::***** is not authorized to perform: bedrock:CreateKnowledgeBase" }

If i check my policy in the policy simulator iam allowed to use this service it seems. What i do wrong?

Policy simulator

posta 3 mesi fa298 visualizzazioni
4 Risposte
2
Risposta accettata

Hello.

Are you using the correct IAM user?
By the way, is it possible to create it from the management console instead of the API?
Also, check the CloudTrail event history and are there any errors occurring in the "CreateKnowledgeBase" event?
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html

profile picture
ESPERTO
con risposta 3 mesi fa
profile picture
ESPERTO
verificato 3 mesi fa
  • "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid."

    I see this in the cloudtrail.

    Seems my body isnt correct. I just copy paste it from the documentation without filling in the fields actually. Im trying to find a filled in example to test this call but cant find anything :/

  • The request bodies that can be used with the "CreateKnowledgeBase" API are described in the documentation below. What kind of request did you specifically make? https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateKnowledgeBase.html

  • I copy pasted that one in your url. But its not understandable for me what to fill in in the request. Below the cloudtrail error msg.

    Now i tried to simplify the request into: { "knowledgeBaseConfiguration": { "type": "string", "vectorKnowledgeBaseConfiguration": { "embeddingModelArn": "arn:aws:aoss:eu-central-1:79:collection/omcmtg0", "embeddingModelConfiguration": { "bedrockEmbeddingModelConfiguration": { "dimensions": number } } } }, "name": "testknowledgebase", "roleArn": "arn:aws:iam:::user/**", "storageConfiguration": { "opensearchServerlessConfiguration": { "collectionArn": "arn:aws:aoss:eu-central-1::collection/om5w1btg0", "vectorIndexName": "string" }, "tags": { "string" : "we" } }

  • Looking at the explanation in the document, I think it will be as follows. The following example uses OpenSearch Serverless. You must specify the OpenSearch Serverless that you created in advance. Please create the OpenSearchServerless index in advance by following the steps in the document below. https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-setup.html

    {
       "description": "test KnowledgeBase",
       "knowledgeBaseConfiguration": { 
          "type": "VECTOR",
          "vectorKnowledgeBaseConfiguration": { 
             "embeddingModelArn": "arn:aws:bedrock:ap-northeast-1::foundation-model/amazon.titan-embed-text-v1" # The Amazon Resource Name (ARN) of the model used to create vector embeddings for the knowledge base.
          }
       },
       "name": "test",
       "roleArn": "arn:aws:iam::11111111111:role/service-role/AmazonBedrockExecutionRoleForKnowledgeBase_wv0nu", # KnowledgeBase IAM Role ARN
       "storageConfiguration": { 
          "opensearchServerlessConfiguration": { 
             "collectionArn": "arn:aws:aoss:ap-northeast-1:11111111111:collection/aaaaaaaaaaaaaa", # OpenSearchServerless ARN
             "fieldMapping": { 
                "metadataField": "metadata",
                "textField": "text",
                "vectorField": "test-vector-field"
             },
             "vectorIndexName": "test-index"
          },
          "type": "OPENSEARCH_SERVERLESS"
       }
    }
    
  • Thanks for the example Riku! but too bad i still got the response:

    { "message": "User: arn:aws:iam::**:user/* is not authorized to perform: bedrock:CreateKnowledgeBase" }

    And it the cloudtrail i still see the same error: "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid." },

0
`{
    "eventVersion": "1.09",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "******",
        "arn": "arn:aws:iam::*******",
        "accountId": "********",
        "accessKeyId": "*****",
        "userName": "****"
    },
    "eventTime": "2024-08-16T11:23:56Z",
    "eventSource": "bedrock.amazonaws.com",
    "eventName": "CreateKnowledgeBase",
    "awsRegion": "eu-central-1",
    "sourceIPAddress": "217.123.95.153",
    "userAgent": "PostmanRuntime/7.40.0",
    "errorCode": "AccessDenied",
    "requestParameters": {
        "error": "Request body is invalid."
    },
    "responseElements": {
        "Access-Control-Expose-Headers": "x-amzn-errortype,x-amzn-requestid,x-amzn-trace-id",
        "message": "User: arn:aws:iam::******* is not authorized to perform: bedrock:CreateKnowledgeBase"
    },
    "requestID": "82e5b9aa-4f17-4ab7-b9f2-7b5657f11b25",
    "eventID": "1c117ac9-5582-42c3-b163-6a1734587ebb",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "******",
    "eventCategory": "Management"
}`
con risposta 3 mesi fa
0

No clue how to add a image in the comments so i put it in here:

dsdsd This are all the policies i have now on the bedrockuser

con risposta 3 mesi fa
0

Feel Feels like same settings as you showed in your picture.

con risposta 3 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande