- Newest
- Most votes
- Most comments
The required permission was AmazonBedrockFullAccess
. Adding it to the SAM template fixes the issue.
Hi Nicolas,
it looks like the role that is attached to your Lambda function does not have permissions to call InvokeModel
.
User: arn:aws:sts::<account-id>:assumed-role/bedrock-gateway-stack-BedrockGatewayApiRole-37LTyaxmS5Gi/bedrock-gateway-stack-BedrockGatewayApi-UbY8COwJ3v6I is not authorized to perform: bedrock:InvokeModel on resource: arn:aws:bedrock:eu-west-3::foundation-model/amazon.titan-text-express-v1 because no identity-based policy allows the bedrock:InvokeModel action (Service: BedrockRuntime, Status Code: 403, Request ID: 0781f5c7-a0f9-4f5a-99b0-127c20dd69b2)
To resolve this, add the relevant permission to the function execution role. Currently, the role only has the Policies: AWSLambdaBasicExecutionRole
role.
And consider removing your account id from your post
Relevant content
- asked 5 months ago
- asked 5 months ago
- asked 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
This answer is void. While it's obvious that a required permission is missing here, answering the question would have involved mentioning what this permission would be. Saying "do what you need to do" doesn't help.