Create Bedrock KnowledgeBase via API

0

Hi,

Im trying to setup an AI chatbot with Bedrock and try to make some knowledgebases trough an API from my external application. I use the Put on this URL: https://bedrock-agent.{{AWS_Region}}.amazonaws.com/knowledgebases/

But my response is: { "message": "User: arn:aws:iam::***** is not authorized to perform: bedrock:CreateKnowledgeBase" }

If i check my policy in the policy simulator iam allowed to use this service it seems. What i do wrong?

Policy simulator

Sjon
asked 2 months ago227 views
4 Answers
2
Accepted Answer

Hello.

Are you using the correct IAM user?
By the way, is it possible to create it from the management console instead of the API?
Also, check the CloudTrail event history and are there any errors occurring in the "CreateKnowledgeBase" event?
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid."

    I see this in the cloudtrail.

    Seems my body isnt correct. I just copy paste it from the documentation without filling in the fields actually. Im trying to find a filled in example to test this call but cant find anything :/

  • The request bodies that can be used with the "CreateKnowledgeBase" API are described in the documentation below. What kind of request did you specifically make? https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateKnowledgeBase.html

  • I copy pasted that one in your url. But its not understandable for me what to fill in in the request. Below the cloudtrail error msg.

    Now i tried to simplify the request into: { "knowledgeBaseConfiguration": { "type": "string", "vectorKnowledgeBaseConfiguration": { "embeddingModelArn": "arn:aws:aoss:eu-central-1:79:collection/omcmtg0", "embeddingModelConfiguration": { "bedrockEmbeddingModelConfiguration": { "dimensions": number } } } }, "name": "testknowledgebase", "roleArn": "arn:aws:iam:::user/**", "storageConfiguration": { "opensearchServerlessConfiguration": { "collectionArn": "arn:aws:aoss:eu-central-1::collection/om5w1btg0", "vectorIndexName": "string" }, "tags": { "string" : "we" } }

  • Looking at the explanation in the document, I think it will be as follows. The following example uses OpenSearch Serverless. You must specify the OpenSearch Serverless that you created in advance. Please create the OpenSearchServerless index in advance by following the steps in the document below. https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-setup.html

    {
       "description": "test KnowledgeBase",
       "knowledgeBaseConfiguration": { 
          "type": "VECTOR",
          "vectorKnowledgeBaseConfiguration": { 
             "embeddingModelArn": "arn:aws:bedrock:ap-northeast-1::foundation-model/amazon.titan-embed-text-v1" # The Amazon Resource Name (ARN) of the model used to create vector embeddings for the knowledge base.
          }
       },
       "name": "test",
       "roleArn": "arn:aws:iam::11111111111:role/service-role/AmazonBedrockExecutionRoleForKnowledgeBase_wv0nu", # KnowledgeBase IAM Role ARN
       "storageConfiguration": { 
          "opensearchServerlessConfiguration": { 
             "collectionArn": "arn:aws:aoss:ap-northeast-1:11111111111:collection/aaaaaaaaaaaaaa", # OpenSearchServerless ARN
             "fieldMapping": { 
                "metadataField": "metadata",
                "textField": "text",
                "vectorField": "test-vector-field"
             },
             "vectorIndexName": "test-index"
          },
          "type": "OPENSEARCH_SERVERLESS"
       }
    }
    
  • Thanks for the example Riku! but too bad i still got the response:

    { "message": "User: arn:aws:iam::**:user/* is not authorized to perform: bedrock:CreateKnowledgeBase" }

    And it the cloudtrail i still see the same error: "errorCode": "AccessDenied", "requestParameters": { "error": "Request body is invalid." },

0
`{
    "eventVersion": "1.09",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "******",
        "arn": "arn:aws:iam::*******",
        "accountId": "********",
        "accessKeyId": "*****",
        "userName": "****"
    },
    "eventTime": "2024-08-16T11:23:56Z",
    "eventSource": "bedrock.amazonaws.com",
    "eventName": "CreateKnowledgeBase",
    "awsRegion": "eu-central-1",
    "sourceIPAddress": "217.123.95.153",
    "userAgent": "PostmanRuntime/7.40.0",
    "errorCode": "AccessDenied",
    "requestParameters": {
        "error": "Request body is invalid."
    },
    "responseElements": {
        "Access-Control-Expose-Headers": "x-amzn-errortype,x-amzn-requestid,x-amzn-trace-id",
        "message": "User: arn:aws:iam::******* is not authorized to perform: bedrock:CreateKnowledgeBase"
    },
    "requestID": "82e5b9aa-4f17-4ab7-b9f2-7b5657f11b25",
    "eventID": "1c117ac9-5582-42c3-b163-6a1734587ebb",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "******",
    "eventCategory": "Management"
}`
Sjon
answered 2 months ago
0

No clue how to add a image in the comments so i put it in here:

dsdsd This are all the policies i have now on the bedrockuser

Sjon
answered 2 months ago
0

Feel Feels like same settings as you showed in your picture.

Sjon
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions