Closed barnesrobert closed 2 months ago
@barnesrobert FYI I get an AccessDeniedException.
I managed to fix this by updating the BedrockPermissions
in the InvokeBedrockModelFunctionRole
resource as follows:
- PolicyName: BedrockPermissions
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- bedrock:InvokeModel
Resource:
- !Sub arn:aws:bedrock:${AWS::Region}::foundation-model/anthropic.claude-v2
- !Sub arn:aws:bedrock:${AWS::Region}::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0
- !Sub arn:aws:bedrock:${AWS::Region}::foundation-model/anthropic.claude-3-haiku-20240307-v1:0
Ah, thanks, @amcginlay. I created a pull request to update the IAM role policy. The least-privilege IAM policy will be constrained to the selected model ID.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.