- 최신
- 최다 투표
- 가장 많은 댓글
Hi there!
Since you are using the native Q retriever you will need to allow BatchPutDocument on your Q index, like below:
{
"Sid": "AllowsAmazonQToIngestDocuments",
"Effect": "Allow",
"Action": [
"qbusiness:BatchPutDocument",
"qbusiness:BatchDeleteDocument"
],
"Resource": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}"
},
You can check out the full IAM permission needed in the docs at https://docs.aws.amazon.com/amazonq/latest/business-use-dg/create-s3-datasource-iam-role.html as you will also have to add permissions for the Principal Store APIs in addition to the above and access to your S3 bucket. There are also examples for other configurations.
Since the error is pointing to BatchPutDocument API, I followed this https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html
Here is the policy I added to the role. However, I am still getting the same error. Thanks for your pointers. { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::xxxx/" ], "Effect": "Allow" }, { "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::xxxx" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "kendra:BatchPutDocument", "kendra:BatchDeleteDocument" ], "Resource": [ "arn:aws:kendra:us-east-2:12345678:index/" ] } ] }
관련 콘텐츠
- 질문됨 한 달 전
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 3년 전
If you are using the native Q retriever you need to provide permissions for
qbusiness:BatchPutDocumentrather thankendra:BatchPutDocument. The link in the answer gives the full details of the permissions needed.