Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS managed policy ReadOnlyAccess does not have read only access to Bedrock

0

When using a role with the ReadOnlyAccess policy it is unable to do certain operations on Bedrock resources. I think it is just missing some of the permissions for Bedrock.

For example when I try to use the role as part of a Terraform job I get this error: │ operation error Bedrock Agent: ListTagsForResource, https response error │ StatusCode: 403, RequestID: <request-id>, │ AccessDeniedException: User: │ <assumed-role-arn> │ is not authorized to perform: bedrock:ListTagsForResource on resource: │ <knowledge-base-arn>

Topics
Machine Learning & AISecurity, Identity, & ComplianceGenerative AI on AWS
Tags
AWS Identity and Access ManagementAmazon Bedrock
Language
English
asked 8 months ago284 views
1 Answer
1
Accepted Answer

Hello,

AWS Managed Policy, does not have the action “ListTagsForResource” regarding Bedrock as outlined within the following documentation. [1]

However you can attach the following IAM Policy “AmazonBedrockReadOnly” which would grant the necessary permission to view all your Amazon BedRock resources. [2]

The following is the AWS Managed Policy Reference Guide showing, “AmazonBedrockReadOnly” policy can perform the “ bedrock: List* “ action. [3]

[1] https://docs.aws.amazon.com/aws-managed-policy/latest/reference/ReadOnlyAccess.html

[2] https://docs.aws.amazon.com/bedrock/latest/userguide/security-iam-awsmanpol.html

[3] https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonBedrockReadOnly.html

AWS
answered 8 months ago
EXPERT
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content