By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

had "AccessDeniedException" when calling bedrock from my EC2

0

I'm trying to call bedrock API (to use Claude3) from my EC2 instance. When I run below:

import boto3
print(boto3.__version__)
import json

#Create the connection to Bedrock
bedrock = boto3.client(
    service_name='bedrock',
    region_name='us-west-2', 
    
)

bedrock_runtime = boto3.client(
    service_name='bedrock-runtime',
    region_name='us-west-2', 
    
)

# Let's see all available Anthropic Models
available_models = bedrock.list_foundation_models()

for model in available_models['modelSummaries']:
  if 'anthropic' in model['modelId']:
    print(model)

I get the following error:

AccessDeniedException: An error occurred (AccessDeniedException) when calling the ListFoundationModels operation: User: arn:aws:sts::099508051555:assumed-role/s3_tammosta_p4/i-0e3279369120156ef is not authorized to perform: bedrock:ListFoundationModels because no identity-based policy allows the bedrock:ListFoundationModels action

Does anyone know how to solve this?

Topics
ComputeMachine Learning & AIGenerative AI on AWS
Tags
Amazon EC2Amazon Bedrock
Language
English
rePost-User-2198189
asked 10 days ago268 views
1 Answer
0

Hello.

Since the error message states "no identity-based policy", I think that the IAM policy that executes "bedrock:ListFoundationModels" is not attached to the IAM role attached to EC2.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrock.html

So, try attaching the IAM policy for operating Bedrock to the IAM role (s3_tammosta_p4) used in EC2.
If it is an AWS managed policy, I think you can use it by attaching "AmazonBedrockReadOnly".
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonBedrockReadOnly.html

If you want to allow only "bedrock:ListFoundationModels" with a custom policy, I think you should create an IAM policy like the one below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "test",
            "Effect": "Allow",
            "Action": [
                "bedrock:ListFoundationModels"
            ],
            "Resource": "*"
        }
    ]
}
profile picture
EXPERT
Riku_Kobayashi
answered 10 days ago
profile pictureAWS
EXPERT
ben-from-aws
reviewed 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content