Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Fulfill prerequisites to copy models

PDF
RSS
Focus mode
Fulfill prerequisites to copy models - Amazon Bedrock

To allow a role to copy a model, you might have to set up permissions, depending on the role's permissions and the model's configuration. Review the permissions in the following list and the circumstances in which you must configure them:

  1. If your role doesn't have the AmazonBedrockFullAccess policy attached, attach the following identity-based policy to the role to allow the minimal permissions to copy models and to track copy jobs.

    { 
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CopyModels",
            "Effect": "Allow",
            "Action": [
                "bedrock:CreateModelCopyJob",
                "bedrock:GetModelCopyJob",
                "bedrock:ListModelCopyJobs"
            ],
            "Resource": [
                "${model-arn}"
            ],
            "Condition": {
               "StringEquals": {
                   "aws:RequestedRegion": [
                        "${region}"
                   ]
               }
            }
        }
    ]
}

    Add ARNs of models to the Resource list. You can restrict the regions that the model is copied to by adding regions to the list in the aws:RequestedRegion condition key.

  2. (Optional) If the model to be copied is encrypted with a KMS key, attach a key policy to the KMS key that encrypted the model to allow a role to decrypt it. Specify the account that the model will be shared with in the Principal field.

  3. (Optional) If you plan to encrypt the model copy with a KMS key, attach a key policy to the KMS key that will be used to encrypt the model to allow a role to encrypt the model with the key. Specify the role in the Principal field.

Related resources

Amazon Bedrock API Reference
AWS CLI commands for Amazon Bedrock
SDKs & Tools 

Related resources

Amazon Bedrock API Reference
AWS CLI commands for Amazon Bedrock
SDKs & Tools 
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.