4 Answers
- Newest
- Most votes
- Most comments
2
Hello.
Are you using the correct IAM user?
By the way, is it possible to create it from the management console instead of the API?
Also, check the CloudTrail event history and are there any errors occurring in the "CreateKnowledgeBase" event?
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html
0
`{
"eventVersion": "1.09",
"userIdentity": {
"type": "IAMUser",
"principalId": "******",
"arn": "arn:aws:iam::*******",
"accountId": "********",
"accessKeyId": "*****",
"userName": "****"
},
"eventTime": "2024-08-16T11:23:56Z",
"eventSource": "bedrock.amazonaws.com",
"eventName": "CreateKnowledgeBase",
"awsRegion": "eu-central-1",
"sourceIPAddress": "217.123.95.153",
"userAgent": "PostmanRuntime/7.40.0",
"errorCode": "AccessDenied",
"requestParameters": {
"error": "Request body is invalid."
},
"responseElements": {
"Access-Control-Expose-Headers": "x-amzn-errortype,x-amzn-requestid,x-amzn-trace-id",
"message": "User: arn:aws:iam::******* is not authorized to perform: bedrock:CreateKnowledgeBase"
},
"requestID": "82e5b9aa-4f17-4ab7-b9f2-7b5657f11b25",
"eventID": "1c117ac9-5582-42c3-b163-6a1734587ebb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "******",
"eventCategory": "Management"
}`
answered 2 months ago
0
No clue how to add a image in the comments so i put it in here:
This are all the policies i have now on the bedrockuser
answered 2 months ago
Relevant content
- Accepted Answerasked 2 months ago
- asked 2 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 7 days ago
- AWS OFFICIALUpdated 6 months ago
"errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid."
I see this in the cloudtrail.
Seems my body isnt correct. I just copy paste it from the documentation without filling in the fields actually. Im trying to find a filled in example to test this call but cant find anything :/
The request bodies that can be used with the "CreateKnowledgeBase" API are described in the documentation below. What kind of request did you specifically make? https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateKnowledgeBase.html
I copy pasted that one in your url. But its not understandable for me what to fill in in the request. Below the cloudtrail error msg.
Now i tried to simplify the request into: { "knowledgeBaseConfiguration": { "type": "string", "vectorKnowledgeBaseConfiguration": { "embeddingModelArn": "arn:aws:aoss:eu-central-1:79:collection/omcmtg0", "embeddingModelConfiguration": { "bedrockEmbeddingModelConfiguration": { "dimensions": number } } } }, "name": "testknowledgebase", "roleArn": "arn:aws:iam:::user/**", "storageConfiguration": { "opensearchServerlessConfiguration": { "collectionArn": "arn:aws:aoss:eu-central-1::collection/om5w1btg0", "vectorIndexName": "string" }, "tags": { "string" : "we" } }
Looking at the explanation in the document, I think it will be as follows. The following example uses OpenSearch Serverless. You must specify the OpenSearch Serverless that you created in advance. Please create the OpenSearchServerless index in advance by following the steps in the document below. https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-setup.html
Thanks for the example Riku! but too bad i still got the response:
{ "message": "User: arn:aws:iam::**:user/* is not authorized to perform: bedrock:CreateKnowledgeBase" }
And it the cloudtrail i still see the same error: "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid." },