AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
BedRock Agent ignoring lambda provided to answer questions
I try to configure a BedRock Agent to invoke a lambda function and use the returned data to generate the answer to the user.
But unfortunatelly while testing the Agent, in the "Step 0 / Trace" the Agent said "...I know only the action user::askUser..."
My Agent configuration steps:
- defined a new Agent with an Action Group to call a labda function
- provided the target lambda function
- provided openapi3 spec docs exported from ApiGateway
- provided instructions to define the Agent
- provided the lambda function description and purpose to the Agent
- Language
- English
- Newest
- Most votes
- Most comments
I sorted out the issue. Let me write down for others having the same problem.
Basically when you run your agent testing from AWS Console UI, by default you test the DRAFT version of the agent. While when you invoke the agent from code (lambda/webapp) using the AWS SDK you run the agent version specified in the agent alias. That's why I was having different results (agent working in AWS Console UI, not working on my app).
I solved by forcing an agent "prepare" (just after the creation), then an alias update targeting a new version.
After creating the new version and having the agent alias targeting it, the invocation of the agent from lambda does work as in the AWS Console UI.
To configure a Bedrock Agent to invoke a Lambda function and use the returned data to generate the answer:
Define an Action Group in the agent configuration that targets the Lambda function.
Provide the OpenAPI 3.0 spec for the API Gateway endpoint used by the Lambda function.
In the prompt template configuration for the agent, enable the use of a Lambda function for parsing and select the function defined in the Action Group.
Attach permissions to allow the agent to invoke the Lambda function. For example, using an IAM role with a policy allowing
lambda:InvokeFunction .
Test the agent and check the trace to verify the Lambda function is being called and the response parsed correctly. You may need to debug the Lambda function or parsing logic if errors occur.
https://docs.aws.amazon.com/bedrock/latest/userguide/advanced-prompts-configure.html
Hi Fabio,
It seems like the Bedrock agent is unable to invoke your Lambda function due to missing permissions.
To allow the Bedrock agent to invoke the Lambda function, you need to add a permission to the Lambda function's resource-based policy. Specifically, you need to grant the lambda:InvokeFunction permission to the Bedrock agent IAM role.
Go to the configuration section of the lambda function -> Permissions -> Resource-based policy statements
You can check the resource-based policy on the Lambda function and add a statement like:
{ "Sid": "AllowBedrockAgentInvocation",
"Effect": "Allow",
"Principal": {"Service": "bedrock.amazonaws.com"},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:region:account-id:function:function-name"
}
This will allow the Bedrock agent to invoke the Lambda function. Please replace the Resource with the Arn of the bedrock agent.
Let me know if this helps.
Relevant content
- asked 2 years ago
- asked 10 months ago
- asked a year ago
- asked 8 months ago
- AWS OFFICIALUpdated a year ago
Hi Giovanni, I did almost everything you suggested, except for the custom prompt template...
When I test the agent in AWS Console UI it works, it calls the lambda as expected. When I invoke the agent from my app instead, using the
InvokeAgentCommandI see from logs that the agent never calls the lambda... Also, the agent replies with "...unable to due to an error with the function call format...". Those are the params I use to invoke the agent:I also have the following resource policy on the lambda to allow the agent to invoke it:
And this is the agent response: