Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

had "AccessDeniedException" when calling bedrock from my EC2

0

I'm trying to call bedrock API (to use Claude3) from my EC2 instance. When I run below:

import boto3
print(boto3.__version__)
import json

#Create the connection to Bedrock
bedrock = boto3.client(
    service_name='bedrock',
    region_name='us-west-2', 
    
)

bedrock_runtime = boto3.client(
    service_name='bedrock-runtime',
    region_name='us-west-2', 
    
)

# Let's see all available Anthropic Models
available_models = bedrock.list_foundation_models()

for model in available_models['modelSummaries']:
  if 'anthropic' in model['modelId']:
    print(model)

I get the following error:

AccessDeniedException: An error occurred (AccessDeniedException) when calling the ListFoundationModels operation: User: arn:aws:sts::099508051555:assumed-role/s3_tammosta_p4/i-0e3279369120156ef is not authorized to perform: bedrock:ListFoundationModels because no identity-based policy allows the bedrock:ListFoundationModels action

Does anyone know how to solve this?

Argomenti
ComputazionaliApprendimento automatico e intelligenza artificialeIA generativa su AWS
Tag
Amazon EC2Amazon Bedrock
Lingua
English
rePost-User-2198189
posta 25 giorni fa289 visualizzazioni
1 Risposta
0

Hello.

Since the error message states "no identity-based policy", I think that the IAM policy that executes "bedrock:ListFoundationModels" is not attached to the IAM role attached to EC2.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrock.html

So, try attaching the IAM policy for operating Bedrock to the IAM role (s3_tammosta_p4) used in EC2.
If it is an AWS managed policy, I think you can use it by attaching "AmazonBedrockReadOnly".
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonBedrockReadOnly.html

If you want to allow only "bedrock:ListFoundationModels" with a custom policy, I think you should create an IAM policy like the one below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "test",
            "Effect": "Allow",
            "Action": [
                "bedrock:ListFoundationModels"
            ],
            "Resource": "*"
        }
    ]
}
profile picture
ESPERTO
Riku_Kobayashi
con risposta 25 giorni fa
profile pictureAWS
ESPERTO
ben-from-aws
verificato 25 giorni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente