daniel-fudge
commented
1 week ago I added the Bedrock Full access to the temporary NBRole and it worked. Clearly a less permissive set of permissions need to be added to the NBRole in the CloudFormation template.
I have access to the model in the correct region but the
semantic-search-NBRoledoes not have thebedrock:InvokeModelIAM permissions.ValueError: Error raised by bedrock service: An error occurred (AccessDeniedException) when calling the InvokeModel operation: User: arn:aws:sts::**:assumed-role/semantic-search-NBRole-EjdXfAalJlpo/SageMaker is not authorized to perform: bedrock:InvokeModel on resource: arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-haiku-20240307-v1:0 because no identity-based policy allows the bedrock:InvokeModel actionhttps://github.com/aws-samples/semantic-search-with-amazon-opensearch/blob/main/Module%207%20-%20Retrieval%20Augmented%20Generation.ipynb