Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
bedrock agent permission error
1
2 回答
- 最新
- 投票最多
- 评论最多
2
Hi,
You should follow the guidance of https://docs.aws.amazon.com/bedrock/latest/userguide/agents-permissions.html
It will give sample policies that you can reuse in your case.
In particular, pay attention to the trust policy (also on this page) that you must have in your role to grant access to the Bedrock agent:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "bedrock.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "${account-id}"
},
"ArnLike": {
"AWS:SourceArn": "arn:aws:bedrock:${region}:${account-id}:agent/*"
}
}
}]
}
Best
Didier
1
This error suggests the AmazonBedrockExecutionRoleForAgents role does not have permission to interact with the Amazon Bedrock service.
To troubleshoot:
- Review the policies attached to the role. You can use the AmazonBedrockFullAccess policy to grant the required permissions.
- If you have applied any resource-based policies to your Bedrock models, ensure they allow access from the AmazonBedrockExecutionRoleForAgents role.
相关内容
- 已提问 2 年前
