AWS Bedrock API Access Suddenly Blocked for Organization Accounts - "Operation not allowed" Error

0

Details:

Our organization’s AWS accounts, which previously had functional access to Bedrock (utilized by multiple applications), can no longer call Bedrock APIs, resulting in an "Operation not allowed" error, even when using the demo chat playground.

  • Models Status: The models are still active.
  • Initial Research: According to this AWS Knowledge Center post, the issue might be due to "AWS account has a security restriction."
  • Steps Taken:
    • Verified there are no security restrictions or related notifications.
    • Opened multiple support tickets, one for each sub-account within the organization that use AWS bedrock, but have yet to receive a resolution.

Question:

Has anyone encountered a similar issue within an AWS organization? If so, how was it resolved?

2 Answers
0
Accepted Answer

Update after 2 months of AWS Support exchanges:

The official response: "The requested information is internal and cannot be shared"

We asked for monitoring or visibility to prevent future disruptions, but apparently, this isn’t possible due to internal processes:"This was due to an internal requirement and verification process on our end."

Conclusion: If you get "Operation not permitted" or "Operation not allowed" errors with Bedrock, the only resolution seems to be creating a support ticket (Developer Support level minimum) for each affected account.

Hope this helps save time for others facing similar issues.

Cyril__
answered 2 days ago
0

I have had luck with two paths. There are limits placed on accounts until certain actions are taken. I have not seen this specific behavior but this may be worth a try

  1. Start two t2.micros for 15 minutes. This action frequently removes the limitations on accounts
  2. open a ticket for AWS to remove account limitations. Describe the limit in enough detail so you tell them the Observed and Expected behavior. They usually resolve this quickly (a few hours) - I am aware you did this; this is how I resolved in the past as well
Michael
answered 2 months ago
  • Thank you for your rapid response and helpful suggestions.

    Unfortunately, I am still waiting for a resolution on my first case, which has been pending since Friday( so option 2 is in pending for 2 AWS accounts) .

    On one of our accounts, we have had an EC2 instance running for several months. Following your advice, I attempted to launch an additional T2 instance, but encountered a quota limitation. It appears that for this account, the quota is was set to just 1 for all Standard (A, C, D, H, I, M, R, T, Z) instances. I had requested an increase to 5, but this was denied. I will now try requesting an increase to 2 and see if that helps. EDIT: increased to 2 was deny also ,i try running on another region without success

    I appreciate your support and will keep you updated on the progress.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions