By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Bedrock runtime REST API 403 error

0

Hello,

I‘m tring to invoke Titan model by REST API in java (It's hard to use SDK in our platform), but I got an 403 error: Server returned HTTP response code: 403 for URL: https://bedrock-runtime.eu-central-1.amazonaws.com/model/amazon.titan-text-express-v1/invoke

The headers I sent are:

X-Amz-Date: 20240131T121641Z

Host: bedrock-runtime.eu-central-1.amazonaws.com

X-Amz-Content-Sha256: [Hashed request body]

Authorization: AWS4-HMAC-SHA256 Credential=[My credential]/20240131/eu-central-1/bedrock-runtime/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=[My signature]

The request body includes:

"inputText": "User: my first user input",

"textGenerationConfig": ["maxTokenCount":4096,"stopSequences":["User:"],"temperature":0.7]

Anyone has idea about why it is not working?

Topics
Machine Learning & AIGenerative AI on AWS
Tags
Amazon Bedrock
Language
English
chlwang
asked 4 months ago679 views
1 Answer
0
Accepted Answer

Hi,

Http 403 is an authorization problem: your requester must be authorized to call the Bedrock API.

As you don't use the Java SDK but work at REST level , the probable source of your problem is an incorrect SigV4 signature of your request.

SigV4 is detailled here: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

Getting the code to sign right is not easy: I'll suggest you to copy / paste such code from the AWS Java SDK with is OSS.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 4 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 4 months ago
  • chlwang
    4 months ago

    Hi Didier,

    How can I check If I´m authorized to call the Bedrock API? I have Access granted for Titan Embeddings G1 - Text in Bedrock. As for the signature, we are using the same algorithm to calculate the signature for Amazon Connect API so I think our calculation algorithm is OK.

    Best,

    Chunlin

  • chlwang
    4 months ago

    As I tried in Python i can connect to Bedrock without any problem. So I think I am authorized to call the Bedrock API.

  • Didier_Durand EXPERT
    4 months ago

    Yes, you did the right thing by trying another channel (Python): same IAM policies will apply. So, if it works for Python, it should work for Java: make sure that you include the Bedrock query properly in your sigV4 signing to go through authorization,

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content