I have access to the model in the correct region but the semantic-search-NBRole does not have the bedrock:InvokeModel IAM permissions.
ValueError: Error raised by bedrock service: An error occurred (AccessDeniedException) when calling the InvokeModel operation: User: arn:aws:sts::**:assumed-role/semantic-search-NBRole-EjdXfAalJlpo/SageMaker is not authorized to perform: bedrock:InvokeModel on resource: arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-haiku-20240307-v1:0 because no identity-based policy allows the bedrock:InvokeModel action
I added the Bedrock Full access to the temporary NBRole and it worked. Clearly a less permissive set of permissions need to be added to the NBRole in the CloudFormation template.
I have access to the model in the correct region but the
semantic-search-NBRole
does not have thebedrock:InvokeModel
IAM permissions.ValueError: Error raised by bedrock service: An error occurred (AccessDeniedException) when calling the InvokeModel operation: User: arn:aws:sts::**:assumed-role/semantic-search-NBRole-EjdXfAalJlpo/SageMaker is not authorized to perform: bedrock:InvokeModel on resource: arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-haiku-20240307-v1:0 because no identity-based policy allows the bedrock:InvokeModel action
https://github.com/aws-samples/semantic-search-with-amazon-opensearch/blob/main/Module%207%20-%20Retrieval%20Augmented%20Generation.ipynb