Trust relationship Identity-based permissions for the flows service role.Resource-based policies for prompt flows

Create a service role for Prompt flows in Amazon Bedrock

To create and manage a prompt flow in Amazon Bedrock, you must use a service role with the necessary permissions outlined on this page. You can use a service role that Amazon Bedrock automatically creates for you in the console or use one that you customize yourself.

Note

If you use the service role that Amazon Bedrock automatically creates for you in the console, it will attach permissions dynamically if you add nodes to your flow and save the flow. If you remove nodes, however, the permissions won't be deleted, so you will have to delete the permissions you no longer need. To manage the permissions for the role that was created for you, follow the steps at Modifying a role in the IAM User Guide.

To create a custom service role for Prompt flows, create an IAM role by following the steps at Creating a role to delegate permissions to an AWS service. Then attach the following permissions to the role.

Trust policy
The following identity-based permissions:
- Access to the Amazon Bedrock base models that the prompt flow will use. Add each model that's used in the prompt flow to the Resource list.
- If you invoke a model using Provisioned Throughput, permissions to access and invoke the provisioned model. Add each model that's used in the prompt flow to the Resource list.
- If you invoke a custom model, permissions to access and invoke the custom model. Add each model that's used in the prompt flow to the Resource list.
- Permissions based on the nodes that you add to the flow:
  - If you include prompt nodes that use prompts from Prompt management, permissions to access the prompt. Add each prompt that's used in the prompt flow to the Resource list.
  - If you include knowledge base nodes, permissions to query the knowledge base. Add each knowledge base that's queried in the prompt flow to the Resource list.
  - If you include agent nodes, permissions to invoke an alias of the agent. Add each agent that's invoked in the prompt flow to the Resource list.
  - If you include S3 retrieval nodes, permissions to access the Amazon S3 bucket from which data will be retrieved. Add each bucket from which data is retrieved to the Resource list.
  - If you include S3 storage nodes, permissions to write to the Amazon S3 bucket in which output data will be stored. Add each bucket to which data is written to the Resource list.
  - If you encrypted any resource invoked in a prompt flow, permissions to decrypt the key. Add each key to the Resource list.

You might also need to attach the following resource-based policies:

If you include a Lambda function node, attach a resource-based policy to the Lambda function that the prompt flow invokes to provide permissions for the service role to access the function. For more information, see Resource-based policy to allow Amazon Bedrock to invoke an action group Lambda function.
If you include an Amazon Lex node, attach a resource-based policy to the Amazon Lex bot that the prompt flow invokes to provide permissions for the service role to access the Amazon Lex bot. For more information, see Resource-based policy examples for Amazon Lex.
If you encrypt the prompt flow, attach a key policy to the KMS key that you use to encrypt the prompt flow.

Topics

Trust relationship
Identity-based permissions for the flows service role.
Resource-based policies for prompt flows

Trust relationship

Attach the following trust policy to the prompt flow execution role to allow Amazon Bedrock to assume this role and manage a prompt flow. Replace the values as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition field that we recommend you use as a security best practice.

Note

As a best practice, replace the * with a prompt flow ID after you have created it.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FlowsTrustBedrock",
            "Effect": "Allow",
            "Principal": {
                "Service": "bedrock.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "${account-id}"
                },
                "ArnLike": {
                    "AWS:SourceArn": "arn:aws:bedrock:${region}:${account-id}:flow/*"
                }
            }
        }
    ]
}

Identity-based permissions for the flows service role.

Attach the following policy to provide permissions for the service role, replacing values as necessary. The policy contains the following statements. Omit a statement if it isn't applicable to your use-case. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition field that we recommend you use as a security best practice.

Access to the Amazon Bedrock base models that the prompt flow will use. Add each model that's used in the prompt flow to the Resource list.
If you invoke a model using Provisioned Throughput, permissions to access and invoke the provisioned model. Add each model that's used in the prompt flow to the Resource list.
If you invoke a custom model, permissions to access and invoke the custom model. Add each model that's used in the prompt flow to the Resource list.
Permissions based on the nodes that you add to the flow:
- If you include prompt nodes that use prompts from Prompt management, permissions to access the prompt. Add each prompt that's used in the prompt flow to the Resource list.
- If you include knowledge base nodes, permissions to query the knowledge base. Add each knowledge base that's queried in the prompt flow to the Resource list.
- If you include agent nodes, permissions to invoke an alias of the agent. Add each agent that's invoked in the prompt flow to the Resource list.
- If you include S3 retrieval nodes, permissions to access the Amazon S3 bucket from which data will be retrieved. Add each bucket from which data is retrieved to the Resource list.
- If you include S3 storage nodes, permissions to write to the Amazon S3 bucket in which output data will be stored. Add each bucket to which data is written to the Resource list.
- If you encrypted any resource invoked in a prompt flow, permissions to decrypt the key. Add each key to the Resource list.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "InvokeModel",
            "Effect": "Allow",
            "Action": [
                "bedrock:InvokeModel"
            ],
            "Resource": [
                "arn:aws:bedrock:${region}::foundation-model/${model-id}"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "bedrock:InvokeModel",
                "bedrock:GetProvisionedModelThroughput"
            ],
            "Resource": [
                "arn:aws:bedrock:${region}:${account-id}:provisioned-model/${model-id}"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "bedrock:InvokeModel",
                "bedrock:GetCustomModel"
            ],
            "Resource": [
                "arn:aws:bedrock:${region}:${account-id}:custom-model/${model-id}"
            ]
        },
        {
            "Sid": "UsePromptManagement",
            "Effect": "Allow",
            "Action": [
                "bedrock:GetPrompt"
            ],
            "Resource": [
                "arn:aws:bedrock:${region}:${account-id}:prompt/${prompt-id}"
            ]
        },
        {
            "Sid": "QueryKnowledgeBase",
            "Effect": "Allow",
            "Action": [
                "bedrock:Retrieve",
                "bedrock:RetrieveAndGenerate"
            ],
            "Resource": [
                "arn:aws:bedrock:${region}:${account-id}:knowledge-base/knowledge-base-id"
            ]
        },
        {
            "Sid": "InvokeAgent",
            "Effect": "Allow",
            "Action": [
                "bedrock:InvokeAgent"
            ],
            "Resource": [
                "arn:aws:bedrock:${region}:${account-id}:agent-alias/${agent-alias-id}"
            ]
        },
        {
            "Sid": "AccessS3Bucket",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::${bucket-name}/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:ResourceAccount": "${account-id}"
                }
            }
        },
        {
            "Sid": "WriteToS3Bucket",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::${bucket-name}",
                "arn:aws:s3:::${bucket-name}/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:ResourceAccount": "${account-id}"
                }
            }
        },
        {
            "Sid": "KMSPermissions",
            "Effect": "Allow",
            "Action": [
                "kms:GenerateDataKey",
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:${region}:${account-id}:key/${key-id}"
            ],
             "Condition": {
                "StringEquals": {
                    "aws:ResourceAccount": "${account-id}"
                }
            }
        }
    ]
}

Resource-based policies for prompt flows

If you include a Lambda function node or a Amazon Lex node in a prompt flow, you must attach the following policies to each resource to provide permissions for Amazon Bedrock to access it when invoking the prompt flow.

Topics

Resource-based policy to allow Amazon Bedrock to invoke a Lambda function when invoking a prompt flow
Resource-based policy to allow Amazon Bedrock to call an Amazon Lex bot
Key policy to allow Amazon Bedrock to encrypt and decrypt a flow

Resource-based policy to allow Amazon Bedrock to invoke a Lambda function when invoking a prompt flow

Follow the steps at Using resource-based policies for Lambda and attach the following resource-based policy to a Lambda function to allow Amazon Bedrock to access the Lambda function for your prompt flow, replacing the values as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition field that we recommend you use as a security best practice.


{
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "AllowBedrockToAccessLambdaFunction",
        "Effect": "Allow",
        "Principal": {
            "Service": "bedrock.amazonaws.com"
        },
        "Action": "lambda:InvokeFunction",
        "Resource":  "arn:aws:lambda:${region}:${account-id}:function:${function-name}",
        "Condition": {
            "StringEquals": {
                "AWS:SourceAccount": "${account-id}"
            },
            "ArnLike": {
                "AWS:SourceArn": "arn:aws:bedrock:${region}:${account-id}:flows/${flow-id}"
            }
        }
    }]
}

Resource-based policy to allow Amazon Bedrock to call an Amazon Lex bot

Follow the steps at Resource-based policy examples for Amazon Lex and attach the following resource-based policy to a Amazon Lex bot to allow Amazon Bedrock to call it in a prompt flow, replacing the values as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition field that we recommend you use as a security best practice.


{
  "Version": "2012-10-17",
  "Statement": [
      {        
        "Sid": "AllowBedrockToAccessLexBot",
        "Effect": "Allow",
        "Principal": {
            "Service": [
                "bedrock.amazonaws.com"
            ]
        },
        "Action": [
            "lex:RecognizeUtterance"
        ],
        "Resource": [
            "arn:aws:lex:${region}:${account-id}:bot-alias/${bot-id}/${bot-alias-id}"
        ],
        "Condition": {
            "StringEquals": {
                "AWS:SourceAccount": ${account-id}
            },
            "ArnEquals": {
                "AWS:SourceArn": "arn:aws:bedrock:${region}:${account-id}:flows/${flow-id}"
            }
        }
      }
    ]

Key policy to allow Amazon Bedrock to encrypt and decrypt a flow

Follow the steps at Creating a key policy and attach the following key policy to a KMS key to allow Amazon Bedrock encrypt and decrypt a flow with the key, replacing the values as necessary. The policy contains optional condition keys (see Condition keys for Amazon Bedrock and AWS global condition context keys) in the Condition field that we recommend you use as a security best practice.


{
    "Sid": "EncryptFlowKMS",
    "Effect": "Allow",
    "Principal": {
        "Service": "bedrock.amazonaws.com"
    },
    "Action": [
        "kms:GenerateDataKey",
        "kms:Decrypt"
    ],
    "Resource": "*",
    "Condition": {
        "StringEquals": {
            "kms:EncryptionContext": "arn:aws:bedrock:${region}:${account-id}:flow/${flow-id}"
        }
    }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Knowledge base service role

Bedrock Studio service role