Create a service role for Amazon Bedrock Prompt flows in Amazon Bedrock
To create and manage a prompt flow in Amazon Bedrock, you must use a service role with the necessary permissions outlined on this page. You can use a service role that Amazon Bedrock automatically creates for you in the console or use one that you customize yourself.
Note
If you use the service role that Amazon Bedrock automatically creates for you in the console, it will attach permissions dynamically if you add nodes to your flow and save the flow. If you remove nodes, however, the permissions won't be deleted, so you will have to delete the permissions you no longer need. To manage the permissions for the role that was created for you, follow the steps at Modifying a role in the IAM User Guide.
To create a custom service role for Amazon Bedrock Prompt flows, create an IAM role by following the steps at Creating a role to delegate permissions to an AWS service. Then attach the following permissions to the role.
-
Trust policy
-
The following identity-based permissions:
-
Access to the Amazon Bedrock base models that the prompt flow will use. Add each model that's used in the prompt flow to the
Resource
list. -
If you invoke a model using Provisioned Throughput, permissions to access and invoke the provisioned model. Add each model that's used in the prompt flow to the
Resource
list. -
If you invoke a custom model, permissions to access and invoke the custom model. Add each model that's used in the prompt flow to the
Resource
list. -
Permissions based on the nodes that you add to the flow:
-
If you include prompt nodes that use prompts from Prompt management, permissions to access the prompt. Add each prompt that's used in the prompt flow to the
Resource
list. -
If you include knowledge base nodes, permissions to query the knowledge base. Add each knowledge base that's queried in the prompt flow to the
Resource
list. -
If you include agent nodes, permissions to invoke an alias of the agent. Add each agent that's invoked in the prompt flow to the
Resource
list. -
If you include S3 retrieval nodes, permissions to access the Amazon S3 bucket from which data will be retrieved. Add each bucket from which data is retrieved to the
Resource
list. -
If you include S3 storage nodes, permissions to write to the Amazon S3 bucket in which output data will be stored. Add each bucket to which data is written to the
Resource
list. -
If you encrypted any resource invoked in a prompt flow, permissions to decrypt the key. Add each key to the
Resource
list.
-
-
You might also need to attach the following resource-based policies:
-
If you include a Lambda function node, attach a resource-based policy to the Lambda function that the prompt flow invokes to provide permissions for the service role to access the function. For more information, see Resource-based policy to allow Amazon Bedrock to invoke an action group Lambda function.
-
If you include an Amazon Lex node, attach a resource-based policy to the Amazon Lex bot that the prompt flow invokes to provide permissions for the service role to access the Amazon Lex bot. For more information, see Resource-based policy examples for Amazon Lex.
-
If you encrypt the prompt flow, attach a key policy to the KMS key that you use to encrypt the prompt flow.
Topics
Trust relationship
Attach the following trust policy to the prompt flow execution role to allow Amazon Bedrock to assume this role and manage a prompt flow. Replace the values
as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition
field that we recommend you use as a security best practice.
Note
As a best practice, replace the *
with a prompt flow ID after you have created it.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "
FlowsTrustBedrock
", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "${account-id}
" }, "ArnLike": { "AWS:SourceArn": "arn:aws:bedrock:${region}
:${account-id}
:flow/*
" } } } ] }
Identity-based permissions for the flows service role.
Attach the following policy to provide permissions for the service role, replacing values
as necessary. The policy contains the following statements. Omit a statement if it isn't applicable to your use-case. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition
field that we recommend you use as a security best practice.
-
Access to the Amazon Bedrock base models that the prompt flow will use. Add each model that's used in the prompt flow to the
Resource
list. -
If you invoke a model using Provisioned Throughput, permissions to access and invoke the provisioned model. Add each model that's used in the prompt flow to the
Resource
list. -
If you invoke a custom model, permissions to access and invoke the custom model. Add each model that's used in the prompt flow to the
Resource
list. -
Permissions based on the nodes that you add to the flow:
-
If you include prompt nodes that use prompts from Prompt management, permissions to access the prompt. Add each prompt that's used in the prompt flow to the
Resource
list. -
If you include knowledge base nodes, permissions to query the knowledge base. Add each knowledge base that's queried in the prompt flow to the
Resource
list. -
If you include agent nodes, permissions to invoke an alias of the agent. Add each agent that's invoked in the prompt flow to the
Resource
list. -
If you include S3 retrieval nodes, permissions to access the Amazon S3 bucket from which data will be retrieved. Add each bucket from which data is retrieved to the
Resource
list. -
If you include S3 storage nodes, permissions to write to the Amazon S3 bucket in which output data will be stored. Add each bucket to which data is written to the
Resource
list. -
If you encrypted any resource invoked in a prompt flow, permissions to decrypt the key. Add each key to the
Resource
list.
-
{ "Version": "2012-10-17", "Statement": [ { "Sid": "
InvokeModel
", "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": [ "arn:aws:bedrock:${region}
::foundation-model/${model-id}
" ] }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:GetProvisionedModelThroughput" ], "Resource": [ "arn:aws:bedrock:${region}
:${account-id}
:provisioned-model/${model-id}
" ] }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:GetCustomModel" ], "Resource": [ "arn:aws:bedrock:${region}
:${account-id}
:custom-model/${model-id}
" ] }, { "Sid": "UsePromptManagement
", "Effect": "Allow", "Action": [ "bedrock:GetPrompt" ], "Resource": [ "arn:aws:bedrock:${region}
:${account-id}
:prompt/${prompt-id}
" ] }, { "Sid": "QueryKnowledgeBase
", "Effect": "Allow", "Action": [ "bedrock:Retrieve", "bedrock:RetrieveAndGenerate" ], "Resource": [ "arn:aws:bedrock:${region}
:${account-id}
:knowledge-base/knowledge-base-id
" ] }, { "Sid": "InvokeAgent
", "Effect": "Allow", "Action": [ "bedrock:InvokeAgent" ], "Resource": [ "arn:aws:bedrock:${region}
:${account-id}
:agent-alias/${agent-alias-id}
" ] }, { "Sid": "AccessS3Bucket
", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::${bucket-name}
/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${account-id}
" } } }, { "Sid": "WriteToS3Bucket
", "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::${bucket-name}
", "arn:aws:s3:::${bucket-name}
/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${account-id}
" } } }, { "Sid": "KMSPermissions
", "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": [ "arn:aws:kms:${region}
:${account-id}
:key/${key-id}
" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${account-id}
" } } } ] }
Resource-based policies for prompt flows
If you include a Lambda function node or a Amazon Lex node in a prompt flow, you must attach the following policies to each resource to provide permissions for Amazon Bedrock to access it when invoking the prompt flow.
Topics
Resource-based policy to allow Amazon Bedrock to invoke a Lambda function when invoking a prompt flow
Follow the steps at Using resource-based policies for Lambda and attach the following resource-based policy to a Lambda function to allow Amazon Bedrock to access the Lambda function for your prompt flow, replacing the values
as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition
field that we recommend you use as a security best practice.
{ "Version": "2012-10-17", "Statement": [{ "Sid": "AllowBedrockToAccessLambdaFunction", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:
${region}
:${account-id}
:function:${function-name}
", "Condition": { "StringEquals": { "AWS:SourceAccount": "${account-id}
" }, "ArnLike": { "AWS:SourceArn": "arn:aws:bedrock:${region}
:${account-id}
:flow/${flow-id}
" } } }] }
Resource-based policy to allow Amazon Bedrock to call an Amazon Lex bot
Follow the steps at Resource-based policy examples for Amazon Lex and attach the following resource-based policy to a Amazon Lex bot to allow Amazon Bedrock to call it in a prompt flow, replacing the values
as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition
field that we recommend you use as a security best practice.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowBedrockToAccessLexBot", "Effect": "Allow", "Principal": { "Service": [ "bedrock.amazonaws.com" ] }, "Action": [ "lex:RecognizeUtterance" ], "Resource": [ "arn:aws:lex:
${region}
:${account-id}
:bot-alias/${bot-id}
/${bot-alias-id}
" ], "Condition": { "StringEquals": { "AWS:SourceAccount":${account-id}
}, "ArnEquals": { "AWS:SourceArn": "arn:aws:bedrock:${region}
:${account-id}
:flow/${flow-id}
" } } } ]
Key policy to allow Amazon Bedrock to encrypt and decrypt a flow
Follow the steps at Creating a key policy and attach the following key policy to a KMS key to allow Amazon Bedrock encrypt and decrypt a flow with the key, replacing the values
as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition
field that we recommend you use as a security best practice.
{ "Sid": "EncryptFlowKMS", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "*", "Condition": { "StringEquals": { "kms:EncryptionContext": "arn:aws:bedrock:
${region}
:${account-id}
:flow/${flow-id}
" } } }