Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

had "AccessDeniedException" when calling bedrock from my EC2

0

I'm trying to call bedrock API (to use Claude3) from my EC2 instance. When I run below:

import boto3
print(boto3.__version__)
import json

#Create the connection to Bedrock
bedrock = boto3.client(
    service_name='bedrock',
    region_name='us-west-2', 
    
)

bedrock_runtime = boto3.client(
    service_name='bedrock-runtime',
    region_name='us-west-2', 
    
)

# Let's see all available Anthropic Models
available_models = bedrock.list_foundation_models()

for model in available_models['modelSummaries']:
  if 'anthropic' in model['modelId']:
    print(model)

I get the following error:

AccessDeniedException: An error occurred (AccessDeniedException) when calling the ListFoundationModels operation: User: arn:aws:sts::099508051555:assumed-role/s3_tammosta_p4/i-0e3279369120156ef is not authorized to perform: bedrock:ListFoundationModels because no identity-based policy allows the bedrock:ListFoundationModels action

Does anyone know how to solve this?

Themen
KalkulationMaschinelles Lernen & KIGenerative KI auf AWS
Tags
Amazon EC2Amazon Bedrock
Sprache
English
rePost-User-2198189
gefragt vor einem Monat300 Aufrufe
1 Antwort
0

Hello.

Since the error message states "no identity-based policy", I think that the IAM policy that executes "bedrock:ListFoundationModels" is not attached to the IAM role attached to EC2.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrock.html

So, try attaching the IAM policy for operating Bedrock to the IAM role (s3_tammosta_p4) used in EC2.
If it is an AWS managed policy, I think you can use it by attaching "AmazonBedrockReadOnly".
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonBedrockReadOnly.html

If you want to allow only "bedrock:ListFoundationModels" with a custom policy, I think you should create an IAM policy like the one below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "test",
            "Effect": "Allow",
            "Action": [
                "bedrock:ListFoundationModels"
            ],
            "Resource": "*"
        }
    ]
}
profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Monat
profile pictureAWS
EXPERTE
ben-from-aws
überprüft vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt