- 新しい順
- 投票が多い順
- コメントが多い順
Was able to solve my issue. You need to add a resource-based policy statement on the Lambda.
- Go into Lambda function
- Select Configuration tab
- Select Permission menu item
- Scroll down to Resource-based Policy Statements and click Add Permissions button
- Click AWS Service radio button
- Choose
Otherfrom the Service dropdown - Enter anything for Statement ID
- Enter
bedrock.amazonaws.comfor the Principal - Enter your Bedrock Agent's ARN as the Source ARN
- Select
lambda:InvokeFunctionas the Action - Click Save
hey, i feel your BedRock agent IAM Service role is missing lambda:InvokeFunction permission to invoke a lambda function. Make sure to give this permission to BedRock agent on resource(your lambda function ARN) lambda function.
Let me if you need something.
I'm having same error. I gave both Bedrock Agent IAM role and Lambda role AdministratorAccess policy and still getting the error. Executing the Lambda manually is fine but can't run test with Bedrock Agent.
The trace from the Bedrock Agent test shows that in pre-processing step, it correctly classified my input. The orchestration step shows that it understood the input correctly and was ready to call the right function with the right mapping of parameters. But that's all I see. There's only that single step and nothing else and there's nothing on the post-processing tab.
The error states Access denied while invoking Lambda function arn:aws:lambda:us-west-2:xxxxxxxxxxxx:function:yyyyyy Check the permissions on Lambda function and retry the request. I checked the CloudWatch logs for the Lambda and there's nothing which seems to confirm Bedrock is unable to even invoke the Lambda function.
To complete the answer here is the CDK way to add this Resource-based Policy Statement:
lambda_.CfnPermission(
self,
"BedrockInvocationPermission",
action="lambda:InvokeFunction",
function_name=action_group_function.function_name,
principal="bedrock.amazonaws.com",
source_arn=agent.agent_arn,
)
