Create a service role for Amazon Bedrock Knowledge Bases
To use a custom role for a knowledge base instead of the one Amazon Bedrock automatically creates, create an IAM role and attach the following permissions by following the steps at Creating a role to delegate permissions to an AWS service. Include only the necessary permissions for your own security.
-
Trust relationship
-
Access to the Amazon Bedrock base models
-
Access to the data source for where you store your data
-
(If you create a vector database in Amazon OpenSearch Service) Access to your OpenSearch Service collection
-
(If you create a vector database in Amazon Aurora) Access to your Aurora cluster
-
(If you create a vector database in Pinecone or Redis Enterprise Cloud) Permissions for AWS Secrets Manager to authenticate your Pinecone or Redis Enterprise Cloud account
-
(Optional) If you encrypt any of the following resources with a KMS key, permissions to decrypt the key (see Encryption of knowledge base resources).
-
Your knowledge base
-
Data sources for your knowledge base
-
Your vector database in Amazon OpenSearch Service
-
The secret for your third-party vector database in AWS Secrets Manager
-
A data ingestion job
-
Topics
- Trust relationship
- Permissions to access Amazon Bedrock models
- Permissions to access your data sources
- Permissions to chat with your document
- (Optional) Permissions to access your vector database in Amazon OpenSearch Service
- (Optional) Permissions to access your Amazon Aurora database cluster
- (Optional) Permissions to access a vector database configured with an AWS Secrets Manager secret
- (Optional) Permissions for AWS to manage a AWS KMS key for transient data storage during data ingestion
- (Optional) Permissions for AWS to manage a data sources from another user's AWS account.
Trust relationship
The following policy allows Amazon Bedrock to assume this role and create and manage knowledge bases. The following shows an example policy you can use. You can restrict the scope of the permission by using one or more global condition context keys. For more information, see AWS global condition context keys. Set the aws:SourceAccount
value to your account ID. Use the ArnEquals
or ArnLike
condition to restrict the scope to specific knowledge bases.
Note
As a best practice for security purposes, replace the *
with specific knowledge base IDs after you have created them.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "
account-id
" }, "ArnLike": { "AWS:SourceArn": "arn:aws:bedrock:region
:account-id
:knowledge-base/*
" } } }] }
Permissions to access Amazon Bedrock models
Attach the following policy to provide permissions for the role to use Amazon Bedrock models to embed your source data.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:ListFoundationModels", "bedrock:ListCustomModels" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": [ "arn:aws:bedrock:
region
::foundation-model/amazon.titan-embed-text-v1", "arn:aws:bedrock:region
::foundation-model/cohere.embed-english-v3", "arn:aws:bedrock:region
::foundation-model/cohere.embed-multilingual-v3" ] } ] }
Permissions to access your data sources
Select from the following data sources to attach the necessary permissions for the role.
Topics
Permissions to access your Amazon S3 data source
Attach the following policy to provide permissions for the role to access Amazon S3.
If you encrypted the data source with a AWS KMS key, attach permissions to decrypt the key to the role by following the steps at Permissions to decrypt your AWS KMS key for your data sources in Amazon S3.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::
bucket/path/to/folder
", "arn:aws:s3:::bucket/path/to/folder
/*" ], "Condition": { "StringEquals": { "aws:PrincipalAccount": "account-id
" } } }] }
Permissions to access your Confluence data source
Note
Confluence data source connector is in preview release and is subject to change.
Attach the following policy to provide permissions for the role to access Confluence.
Note
secretsmanager:PutSecretValue
is only necessary if you use OAuth 2.0
authentication with a refresh token.
Confluence OAuth2.0 access token has a default expiry time of 60 minutes. If this token expires while your data source is syncing (sync job), Amazon Bedrock will use the provided refresh token to regenerate this token. This regeneration refreshes both the access and refresh tokens. To keep the tokens updated from the current sync job to the next sync job, Amazon Bedrock requires write/put permissions for your secret credentials.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Resource": [ "arn:aws:secretsmanager:your-region:your-account-id:secret:secret-id" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:your-region:your-account-id:key/key-id" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.your-region.amazonaws.com" ] } } }, }
Permissions to access your Microsoft SharePoint data source
Note
SharePoint data source connector is in preview release and is subject to change.
Attach the following policy to provide permissions for the role to access SharePoint.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:your-region:your-account-id:secret:secret-id" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:your-region:your-account-id:key/key-id" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.your-region.amazonaws.com" ] } } }, }
Permissions to access your Salesforce data source
Note
Salesforce data source connector is in preview release and is subject to change.
Attach the following policy to provide permissions for the role to access Salesforce.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:your-region:your-account-id:secret:secret-id" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:your-region:your-account-id:key/key-id" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.your-region.amazonaws.com" ] } } }, }
Permissions to chat with your document
Attach the following policy to provide permissions for the role to use Amazon Bedrock models to chat with your document:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:RetrieveAndGenerate" ], "Resource": "*" } ] }
If you only want to grant a user access to chat with your document (and not to RetrieveAndGenerate
on all Knowledge Bases), use the following policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:RetrieveAndGenerate" ], "Resource": "*" }, { "Effect": "Deny", "Action": [ "bedrock:Retrieve" ], "Resource": "*" } ] }
If you want both chat with your document and use RetrieveAndGenerate
on a specific Knowledge Base, provide insert KB ARN
, and use the following policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:RetrieveAndGenerate" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:Retrieve" ], "Resource":
insert KB ARN
} ] }
(Optional) Permissions to access your vector database in Amazon OpenSearch Service
If you created a vector database in Amazon OpenSearch Service for your knowledge base, attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow access to the collection. Replace region
and account-id
with the region and account ID to which the database belongs. Input the ID of your Amazon OpenSearch Service collection in collection-id
. You can allow access to multiple collections by adding them to the Resource
list.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "aoss:APIAccessAll" ], "Resource": [ "arn:aws:aoss:
region
:account-id
:collection/collection-id
" ] }] }
(Optional) Permissions to access your Amazon Aurora database cluster
If you created a database (DB) cluster in Amazon Aurora for your knowledge base, attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow access to the DB cluster and to provide read and write permissions on it. Replace region
and account-id
with the region and account ID to which the DB cluster belongs. Input the ID of your Amazon Aurora database cluster in db-cluster-id
. You can allow access to multiple DB clusters by adding them to the Resource
list.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "
RdsDescribeStatementID
", "Effect": "Allow", "Action": [ "rds:DescribeDBClusters" ], "Resource": [ "arn:aws:rds:region
:account-id
:cluster:db-cluster-id
" ] }, { "Sid": "DataAPIStatementID", "Effect": "Allow", "Action": [ "rds-data:BatchExecuteStatement", "rds-data:ExecuteStatement" ], "Resource": [ "arn:aws:rds:region
:account-id
:cluster:db-cluster-id
" ] }] }
(Optional) Permissions to access a vector database configured with an AWS Secrets Manager secret
If your vector database is configured with an AWS Secrets Manager secret, attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow AWS Secrets Manager to authenticate your account to access the database. Replace region
and account-id
with the region and account ID to which the database belongs. Replace secret-id
with the ID of your secret.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:
region
:account-id
:secret:secret-id
" ] }] }
If you encrypted your secret with a AWS KMS key, attach permissions to decrypt the key to the role by following the steps at Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base.
(Optional) Permissions for AWS to manage a AWS KMS key for transient data storage during data ingestion
To allow the creation of a AWS KMS key for transient data storage in the process of ingesting your data source, attach the following policy to your Amazon Bedrock Knowledge Bases service role. Replace the region
, account-id
, and key-id
with the appropriate values.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": [ "arn:aws:kms:
region
:account-id
:key/key-id
" ] } ] }
(Optional) Permissions for AWS to manage a data sources from another user's AWS account.
To allow the access to another user's AWS account, you must create a role that allows cross-account access
to a Amazon S3 bucket in another user's account. Replace the bucketName
, bucketOwnerAccountId
, and
bucketNameAndPrefix
with the appropriate values.
Permissions Required on Knowledge Base role
The knowledge base role that is provided during knowledge base creation createKnowledgeBase
requires the following Amazon S3 permissions.
{ "Version": "2012-10-17", "Statement": [{ "Sid": "S3ListBucketStatement", "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::
bucketName
" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "bucketOwnerAccountId
" } } },{ "Sid": "S3GetObjectStatement", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bucketNameAndPrefix
/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "bucketOwnerAccountId
" } }] }
If the Amazon S3 bucket is encrypted using a AWS KMS key, the following also needs to be added to the knowledge base role. Replace the bucketOwnerAccountId
and region
with the appropriate values.
{ "Sid": "KmsDecryptStatement", "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:
region
:bucketOwnerAccountId
:key/keyId" ], "Condition": { "StringEquals": { "kms:ViaService": [ "s3.region
.amazonaws.com" ] } } }
Permissions required on a cross-account Amazon S3 bucket policy
The bucket in the other account requires the following Amazon S3 bucket policy. Replace the kbRoleArn
,
bucketName
, and bucketNameAndPrefix
with the appropriate values.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Example ListBucket permissions", "Effect": "Allow", "Principal": { "AWS": "
kbRoleArn
" }, "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::bucketName
" ] }, { "Sid": "Example GetObject permissions", "Effect": "Allow", "Principal": { "AWS": "kbRoleArn
" }, "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bucketNameAndPrefix
/*" ] } ] }
Permissions required on cross-account AWS KMS key policy
If the cross-account Amazon S3 bucket is encrypted using a AWS KMS key in that account, the policy of the AWS KMS
key requires the following policy. Replace the kbRoleArn
and
kmsKeyArn
with the appropriate values.
{ "Sid": "Example policy", "Effect": "Allow", "Principal": { "AWS": [ "
kbRoleArn
" ] }, "Action": [ "kms:Decrypt" ], "Resource": "kmsKeyArn
" }