For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
bedrock agent permission error
1
2 Answers
- Newest
- Most votes
- Most comments
2
Hi,
You should follow the guidance of https://docs.aws.amazon.com/bedrock/latest/userguide/agents-permissions.html
It will give sample policies that you can reuse in your case.
In particular, pay attention to the trust policy (also on this page) that you must have in your role to grant access to the Bedrock agent:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "bedrock.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "${account-id}"
},
"ArnLike": {
"AWS:SourceArn": "arn:aws:bedrock:${region}:${account-id}:agent/*"
}
}
}]
}
Best
Didier
1
This error suggests the AmazonBedrockExecutionRoleForAgents role does not have permission to interact with the Amazon Bedrock service.
To troubleshoot:
- Review the policies attached to the role. You can use the AmazonBedrockFullAccess policy to grant the required permissions.
- If you have applied any resource-based policies to your Bedrock models, ensure they allow access from the AmazonBedrockExecutionRoleForAgents role.
Relevant content
- asked a year ago
- asked 2 years ago
