# Get started with the API
This section describes how to set up your environment to make Amazon Bedrock requests through the AWS API. AWS offers the following tools to streamline your experience:
+ AWS Command Line Interface (AWS CLI)
+ AWS SDKs
+ Amazon SageMaker AI notebooks
To get started with the API, you need credentials to grant programmatic access. If the following sections pertain to you, expand them and follow the instructions. Otherwise, proceed through the remaining sections.
## I'm new to AWS
If you do not have an AWS account, complete the following steps to create one.
**To sign up for an AWS account**
1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup).
1. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad.
When you sign up for an AWS account, an *AWS account root user* is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks).
AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to [https://aws.amazon.com/](https://aws.amazon.com/) and choosing **My Account**.
**Secure your AWS account root user**
1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) as the account owner by choosing **Root user** and entering your AWS account email address. On the next page, enter your password.
For help signing in by using root user, see [Signing in as the root user](https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html#introduction-to-root-user-sign-in-tutorial) in the *AWS Sign-In User Guide*.
1. Turn on multi-factor authentication (MFA) for your root user.
For instructions, see [Enable a virtual MFA device for your AWS account root user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-virt-mfa-for-root.html) in the *IAM User Guide*.
## I need to install the AWS CLI or an AWS SDK
To install the AWS CLI, follow the steps at [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
To install an AWS SDK, select the tab that corresponds to the programming language that you want to use at [Tools to Build on AWS](https://aws.amazon.com/developer/tools/). AWS software development kits (SDKs) are available for many popular programming languages. Each SDK provides an API, code examples, and documentation that make it easier for developers to build applications in their preferred language. SDKs automatically perform useful tasks for you, such as:
+ Cryptographically sign your service requests
+ Retry requests
+ Handle error responses
## Get credentials to grant programmatic access
Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. AWS provides multiple options, depending on your security concerns.
**Note**
For a step-by-step guide to generate an API key that you can use to quickly access the Amazon Bedrock API, see [Get started with Amazon Bedrock API keys: Generate a 30-day key and make your first API call](getting-started-api-keys.md).
For greater security requirements, continue through this section.
The way to grant programmatic access depends on the type of user that's accessing AWS.
To grant users programmatic access, choose one of the following options.
****
| Which principal needs programmatic access? | To | By |
| --- | --- | --- |
| IAM users | Limit the duration of long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/bedrock/latest/userguide/getting-started-api.html) |
| IAM roles | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions in [Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the IAM User Guide. |
| Workforce identity (Users managed in IAM Identity Center) | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions for the interface that you want to use. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/bedrock/latest/userguide/getting-started-api.html) |
## How to configure access keys for an IAM user
If you decide to use access keys for an IAM user, AWS recommends that you set an expiration for the IAM user by including a restrictive inline policy.
**Important**
Heed the following warnings:
**Do NOT** use your account's root credentials to access AWS resources. These credentials provide unrestricted account access and are difficult to revoke.
**Do NOT** put literal access keys or credential information in your application files. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.
**Do NOT** include files that contain credentials in your project area.
Manage your access keys securely. Do not provide your access keys to unauthorized parties, even to help [find your account identifiers](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html). By doing this, you might give someone permanent access to your account.
Be aware that any credentials stored in the shared AWS credentials file are stored in plaintext.
For more details, see [Best practices for managing AWS access keys](https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html) in the AWS General Reference.
**Create an IAM user**
1. On the AWS Management Console Home page, select the IAM service or navigate to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane, select **Users** and then select **Create user**.
1. Follow the guidance in the IAM console to set up a programmatic user (without access to the AWS Management Console) and without permissions.
**Restrict user access to a limited time window**
Any IAM user access keys that you create are long-term credentials. To ensure that these credentials expire in case they are mishandled, you can make these credentials time-bound by creating an inline policy that specifies a date after which the keys will no longer be valid.
1. Open the IAM user that you just created. In the **Permissions** tab, choose **Add permissions** and then choose **Create inline policy**.
1. In the JSON editor, specify the following permissions. To use this policy, replace the value for `aws:CurrentTime` timestamp value in the example policy with your own end date.
**Note**
IAM recommends that you limit your access keys to 12 hours.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"DateGreaterThan": {
"aws:CurrentTime": "2024-01-01T00:00:000"
}
}
}
]
}
```
------
**Create an access key**
1. On the **User details** page, select the **Security credentials** tab. In the **Access keys** section, choose **Create access key**.
1. Indicate that you plan to use these access keys as **Other** and choose **Create access key**.
1. On the **Retrieve access key** page, choose **Show** to reveal the value of your user's secret access key. You can copy the credentials or download a .csv file.
**Important**
When you no longer need this IAM user, we recommend that you remove it and align with the [AWS security best practice](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials), we recommend that you require your human users to use temporary credentials through [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/getting-started.html) when accessing AWS.
## Attach Amazon Bedrock permissions to a user or role
After setting up credentials for programmatic access, you need to configure permissions for a user or IAM role to have access a set of Amazon Bedrock-related actions. To set up these permissions, do the following:
1. On the AWS Management Console Home page, select the IAM service or navigate to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Select **Users** or **Roles** and then select your user or role.
1. In the **Permissions** tab, choose **Add permissions** and then choose **Add AWS managed policy**. Choose the [AmazonBedrockFullAccess]() AWS managed policy.
1. To allow the user or role to subscribe to models, choose **Create inline policy** and then specify the following permissions in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "MarketplaceBedrock",
"Effect": "Allow",
"Action": [
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:Unsubscribe",
"aws-marketplace:Subscribe"
],
"Resource": "*"
}
]
}
```
------
## Try making API calls to Amazon Bedrock
After you've fulfilled all the prerequisites, select one of the following topics to test out making model invocation requests using Amazon Bedrock models:
**Topics**
+ [
## Get credentials to grant programmatic access
](#gs-grant-program-access)
+ [
## Attach Amazon Bedrock permissions to a user or role
](#gs-api-br-permissions)
+ [
## Try making API calls to Amazon Bedrock
](#gs-try-bedrock)
+ [
# Get started with Amazon Bedrock API keys: Generate a 30-day key and make your first API call
](getting-started-api-keys.md)
+ [
# Run example Amazon Bedrock API requests with the AWS Command Line Interface
](getting-started-api-ex-cli.md)
+ [
# Run example Amazon Bedrock API requests through the AWS SDK for Python (Boto3)
](getting-started-api-ex-python.md)
+ [
# Run example Amazon Bedrock API requests using an Amazon SageMaker AI notebook
](getting-started-api-ex-sm.md)
# Get started with Amazon Bedrock API keys: Generate a 30-day key and make your first API call
This tutorial walks you through creating a long-term Amazon Bedrock API key that expires in 30 days and using it to make a simple [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) API call using Python. This is the fastest way to start experimenting with Amazon Bedrock without setting up complex AWS credentials.
**Warning**
Long-term API keys are recommended only for exploration and development of Amazon Bedrock. For production applications, use [alternatives to long-term access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds-programmatic-access.html#security-creds-alternatives-to-long-term-access-keys) such as IAM roles or temporary credentials.
Follow these steps to create a long-term Amazon Bedrock API key that expires in 30 days:
1. Sign in to the AWS Management Console with an IAM identity that has permissions to use the Amazon Bedrock console. Then, open the Amazon Bedrock console at [https://console.aws.amazon.com/bedrock](https://console.aws.amazon.com/bedrock).
1. In the left navigation pane, select **API keys**.
1. In the **Long-term API keys** tab, choose **Generate long-term API keys**.
1. In the **API key expiration** section, select **30 days**.
1. Choose **Generate**. The key you generate provides permissions to carry out core Amazon Bedrock actions, as defined in the attached [AmazonBedrockLimitedAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonBedrockLimitedAccess) policy.
1. Copy the generated API key and store it securely. You'll need this key for the next step.
**Important**
The API key is only displayed once. Make sure to copy and save it before closing the dialog. Remember that your API key will expire in 30 days. You can generate a new one by following the same steps, or consider transitioning to more secure authentication methods for ongoing use.
1. Set the API key as an environment variable by replacing *\$1\$1api-key\$1* with your generated API key value and use it to generate a response in your method of choice:
------
#### [ Python ]
```
import boto3
import os
# Set the API key as an environment variable
os.environ['AWS_BEARER_TOKEN_BEDROCK'] = "${api-key}"
# Create the Bedrock client
client = boto3.client(
service_name="bedrock-runtime",
region_name="us-east-1"
)
# Define the model and message
model_id = "us.anthropic.claude-3-5-haiku-20241022-v1:0"
messages = [{"role": "user", "content": [{"text": "Hello! Can you tell me about Amazon Bedrock?"}]}]
# Make the API call
response = client.converse(
modelId=model_id,
messages=messages,
)
# Print the response
print(response['output']['message']['content'][0]['text'])
```
------
#### [ HTTP client using Python ]
```
import requests
url = "https://bedrock-runtime.us-east-1.amazonaws.com/model/us.anthropic.claude-3-5-haiku-20241022-v1:0/converse"
payload = {
"messages": [
{
"role": "user",
"content": [{"text": "Hello"}]
}
]
}
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer ${api-key}"
}
response = requests.request("POST", url, json=payload, headers=headers)
print(response.text)
```
------
#### [ HTTP request using cURL ]
```
curl -X POST "https://bedrock-runtime.us-east-1.amazonaws.com/model/us.anthropic.claude-3-5-haiku-20241022-v1:0/converse" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${api-key}" \
-d '{
"messages": [
{
"role": "user",
"content": [{"text": "Hello"}]
}
]
}'
```
------
Congratulations\$1 You've successfully generated an Amazon Bedrock API key and made your first API call to the Amazon Bedrock service. After exploring some more Amazon Bedrock actions, you should transition to more secure methods of authentication such as short-term Amazon Bedrock API keys or AWS-wide temporary credentials. Refer to the following resources to learn more:
+ **Explore different models** – Learn about other foundation models available in Amazon Bedrock at [Amazon Bedrock foundation model information](foundation-models-reference.md) and change the `model_id` in your code to try them out.
+ **Learn about model inference** – Learn about generating responses with model inference by reading about concepts and the options available in Amazon Bedrock at [Submit prompts and generate responses with model inference](inference.md).
+ **Plan for production with more secure authentication methods** – Read about Amazon Bedrock API keys in greater detail in the Build chapter and how to create more secure, short-term Amazon Bedrock API keys. When you're ready to build production applications, you should also review [alternatives to long-term access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds-programmatic-access.html#security-creds-alternatives-to-long-term-access-keys) for more secure options that also allow access to other AWS services.
# Run example Amazon Bedrock API requests with the AWS Command Line Interface
This section guides you through trying out some common operations in Amazon Bedrock using the AWS Command Line Interface to test that your permissions and authentication are set up properly. Before you run the following examples, you should check that you have fulfilled the following prerequisites:
**Prerequisites**
+ You have an AWS account and a user or role with authentication set up and the necessary permissions for Amazon Bedrock. Otherwise, follow the steps at [Get started with the API](getting-started-api.md).
+ You've installed and set up authentication for the AWS CLI. To install the AWS CLI, follow the steps at [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). Verify that you've set up your credentials to use the CLI by following the steps at [Get credentials to grant programmatic access](getting-started-api.md#gs-grant-program-access).
Test that your permissions are set up properly for Amazon Bedrock, using a user or role that you set up with the proper permissions.
**Topics**
+ [
## List the foundation models that Amazon Bedrock has to offer
](#getting-started-api-ex-cli-listfm)
+ [
## Submit a text prompt to a model and generate a text response with InvokeModel
](#getting-started-api-ex-cli-invoke-text)
+ [
## Submit a text prompt to a model and generate a text response with Converse
](#getting-started-api-ex-cli-converse)
## List the foundation models that Amazon Bedrock has to offer
The following example runs the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) operation using the AWS CLI. `ListFoundationModels` lists the foundation models (FMs) that are available in Amazon Bedrock in your Region. In a terminal, run the following command:
```
aws bedrock list-foundation-models
```
If the command is successful, the response returns a list of foundation models that are available in Amazon Bedrock.
## Submit a text prompt to a model and generate a text response with InvokeModel
The following example runs the [InvokeModel](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html) operation using the AWS CLI. `InvokeModel` lets you submit a prompt to generate a model response. In a terminal, run the following command:
```
aws bedrock-runtime invoke-model \
--model-id amazon.titan-text-express-v1 \
--body '{"inputText": "Describe the purpose of a \"hello world\" program in one line.", "textGenerationConfig" : {"maxTokenCount": 512, "temperature": 0.5, "topP": 0.9}}' \
--cli-binary-format raw-in-base64-out \
invoke-model-output-text.txt
```
If the command is successful, the response generated by the model is written to the `invoke-model-output-text.txt` file. The text response is returned in the `outputText` field, alongside accompanying information.
## Submit a text prompt to a model and generate a text response with Converse
The following example runs the [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) operation using the AWS CLI. `Converse` lets you submit a prompt to generate a model response. We recommend using `Converse` operation over `InvokeModel` when supported, because it unifies the inference request across Amazon Bedrock models and simplifies the management of multi-turn conversations. In a terminal, run the following command:
```
aws bedrock-runtime converse \
--model-id amazon.titan-text-express-v1 \
--messages '[{"role": "user", "content": [{"text": "Describe the purpose of a \"hello world\" program in one line."}]}]' \
--inference-config '{"maxTokens": 512, "temperature": 0.5, "topP": 0.9}'
```
If the command is successful, the response generated by the model is returned in the `text` field, alongside accompanying information.
# Run example Amazon Bedrock API requests through the AWS SDK for Python (Boto3)
This section guides you through trying out some common operations in Amazon Bedrock with the AWS Python to test that your permissions and authentication are set up properly. Before you run the following examples, you should check that you have fulfilled the following prerequisites:
**Prerequisites**
+ You have an AWS account and a user or role with authentication set up and the necessary permissions for Amazon Bedrock. Otherwise, follow the steps at [Get started with the API](getting-started-api.md).
+ You've installed and set up authentication for the AWS SDK for Python (Boto3). To install Boto3, follow the steps at [Quickstart](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html) in the Boto3 documentation. Verify that you've set up your credentials to use Boto3 by following the steps at [Get credentials to grant programmatic access](getting-started-api.md#gs-grant-program-access).
Test that your permissions are set up properly for Amazon Bedrock, using a user or role that you set up with the proper permissions.
The Amazon Bedrock documentation also includes code examples for other programming languages. For more information, see [Code examples for Amazon Bedrock using AWS SDKs](service_code_examples.md).
**Topics**
+ [
## List the foundation models that Amazon Bedrock has to offer
](#getting-started-api-ex-python-listfm)
+ [
## Submit a text prompt to a model and generate a text response with InvokeModel
](#getting-started-api-ex-python-invoke-text)
+ [
## Submit a text prompt to a model and generate a text response with Converse
](#getting-started-api-ex-python-converse)
## List the foundation models that Amazon Bedrock has to offer
The following example runs the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) operation using an Amazon Bedrock client. `ListFoundationModels` lists the foundation models (FMs) that are available in Amazon Bedrock in your Region. Run the following SDK for Python script to create an Amazon Bedrock client and test the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) operation:
```
"""
Lists the available Amazon Bedrock models in an &AWS-Region;.
"""
import logging
import json
import boto3
from botocore.exceptions import ClientError
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
def list_foundation_models(bedrock_client):
"""
Gets a list of available Amazon Bedrock foundation models.
:return: The list of available bedrock foundation models.
"""
try:
response = bedrock_client.list_foundation_models()
models = response["modelSummaries"]
logger.info("Got %s foundation models.", len(models))
return models
except ClientError:
logger.error("Couldn't list foundation models.")
raise
def main():
"""Entry point for the example. Change aws_region to the &AWS-Region;
that you want to use."""
aws_region = "us-east-1"
bedrock_client = boto3.client(service_name="bedrock", region_name=aws_region)
fm_models = list_foundation_models(bedrock_client)
for model in fm_models:
print(f"Model: {model["modelName"]}")
print(json.dumps(model, indent=2))
print("---------------------------\n")
logger.info("Done.")
if __name__ == "__main__":
main()
```
If the script is successful, the response returns a list of foundation models that are available in Amazon Bedrock.
## Submit a text prompt to a model and generate a text response with InvokeModel
The following example runs the [InvokeModel](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html) operation using an Amazon Bedrock client. `InvokeModel` lets you submit a prompt to generate a model response. Run the following SDK for Python script to create an Amazon Bedrock runtime client and generate a text response with the `` operation:
```
# Use the native inference API to send a text message to Amazon Titan Text G1 - Express.
import boto3
import json
from botocore.exceptions import ClientError
# Create an Amazon Bedrock Runtime client.
brt = boto3.client("bedrock-runtime")
# Set the model ID, e.g., Amazon Titan Text G1 - Express.
model_id = "amazon.titan-text-express-v1"
# Define the prompt for the model.
prompt = "Describe the purpose of a 'hello world' program in one line."
# Format the request payload using the model's native structure.
native_request = {
"inputText": prompt,
"textGenerationConfig": {
"maxTokenCount": 512,
"temperature": 0.5,
"topP": 0.9
},
}
# Convert the native request to JSON.
request = json.dumps(native_request)
try:
# Invoke the model with the request.
response = brt.invoke_model(modelId=model_id, body=request)
except (ClientError, Exception) as e:
print(f"ERROR: Can't invoke '{model_id}'. Reason: {e}")
exit(1)
# Decode the response body.
model_response = json.loads(response["body"].read())
# Extract and print the response text.
response_text = model_response["results"][0]["outputText"]
print(response_text)
```
If the command is successful, the response returns the text generated by the model in response to the prompt.
## Submit a text prompt to a model and generate a text response with Converse
The following example runs the [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) operation using an Amazon Bedrock client. We recommend using `Converse` operation over `InvokeModel` when supported, because it unifies the inference request across Amazon Bedrock models and simplifies the management of multi-turn conversations. Run the following SDK for Python script to create an Amazon Bedrock runtime client and generate a text response with the `Converse` operation:
```
# Use the Conversation API to send a text message to Amazon Titan Text G1 - Express.
import boto3
from botocore.exceptions import ClientError
# Create an Amazon Bedrock Runtime client.
brt = boto3.client("bedrock-runtime")
# Set the model ID, e.g., Amazon Titan Text G1 - Express.
model_id = "amazon.titan-text-express-v1"
# Start a conversation with the user message.
user_message = "Describe the purpose of a 'hello world' program in one line."
conversation = [
{
"role": "user",
"content": [{"text": user_message}],
}
]
try:
# Send the message to the model, using a basic inference configuration.
response = brt.converse(
modelId=model_id,
messages=conversation,
inferenceConfig={"maxTokens": 512, "temperature": 0.5, "topP": 0.9},
)
# Extract and print the response text.
response_text = response["output"]["message"]["content"][0]["text"]
print(response_text)
except (ClientError, Exception) as e:
print(f"ERROR: Can't invoke '{model_id}'. Reason: {e}")
exit(1)
```
If the command is successful, the response returns the text generated by the model in response to the prompt.
# Run example Amazon Bedrock API requests using an Amazon SageMaker AI notebook
This section guides you through trying out some common operations in Amazon Bedrock with an Amazon SageMaker AI notebook to test that your Amazon Bedrock role permissions are set up properly. Before you run the following examples, you should check that you have fulfilled the following prerequisites:
**Prerequisites**
+ You have an AWS account and have permissions to access a role with the necessary permissions for Amazon Bedrock. Otherwise, follow the steps at [Quickstart](getting-started.md).
+ Carry out the following steps to set up IAM permissions for SageMaker AI and create a notebook:
1. Modify the [trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy) of the Amazon Bedrock role that you set up in [Quickstart](getting-started.md) through the [console](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy), [CLI](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-cli.html#roles-managingrole_edit-trust-policy-cli), or [API](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-api.html#roles-managingrole_edit-trust-policy-api). Attach the following trust policy to the role to allow both the Amazon Bedrock and SageMaker AI services to assume the Amazon Bedrock role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "BedrockTrust",
"Effect": "Allow",
"Principal": {
"Service": "bedrock.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "SagemakerTrust",
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
------
1. Sign into the Amazon Bedrock role whose trust policy you just modified.
1. Follow the steps at [Create an Amazon SageMaker AI Notebook Instance for the tutorial](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-setup-working-env.html) and specify the ARN of the Amazon Bedrock role that you created to create an SageMaker AI notebook instance.
1. When the **Status** of the notebook instance is **InService**, choose the instance and then choose **Open JupyterLab**.
After you open up your SageMaker AI notebook, you can try out the following examples:
**Topics**
+ [
## List the foundation models that Amazon Bedrock has to offer
](#getting-started-api-ex-sm-listfm)
+ [
## Submit a text prompt to a model and generate a response
](#getting-started-api-ex-sm-converse)
## List the foundation models that Amazon Bedrock has to offer
The following example runs the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) operation using an Amazon Bedrock client. `ListFoundationModels` lists the foundation models (FMs) that are available in Amazon Bedrock in your Region. Run the following SDK for Python script to create an Amazon Bedrock client and test the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) operation:
```
"""
Lists the available Amazon Bedrock models in an &AWS-Region;.
"""
import logging
import json
import boto3
from botocore.exceptions import ClientError
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
def list_foundation_models(bedrock_client):
"""
Gets a list of available Amazon Bedrock foundation models.
:return: The list of available bedrock foundation models.
"""
try:
response = bedrock_client.list_foundation_models()
models = response["modelSummaries"]
logger.info("Got %s foundation models.", len(models))
return models
except ClientError:
logger.error("Couldn't list foundation models.")
raise
def main():
"""Entry point for the example. Change aws_region to the &AWS-Region;
that you want to use."""
aws_region = "us-east-1"
bedrock_client = boto3.client(service_name="bedrock", region_name=aws_region)
fm_models = list_foundation_models(bedrock_client)
for model in fm_models:
print(f"Model: {model["modelName"]}")
print(json.dumps(model, indent=2))
print("---------------------------\n")
logger.info("Done.")
if __name__ == "__main__":
main()
```
If the script is successful, the response returns a list of foundation models that are available in Amazon Bedrock.
## Submit a text prompt to a model and generate a response
The following example runs the [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) operation using an Amazon Bedrock client. `Converse` lets you submit a prompt to generate a model response. Run the following SDK for Python script to create an Amazon Bedrock runtime client and test the [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) operation:
```
# Use the Conversation API to send a text message to Amazon Titan Text G1 - Express.
import boto3
from botocore.exceptions import ClientError
# Create an Amazon Bedrock Runtime client.
brt = boto3.client("bedrock-runtime")
# Set the model ID, e.g., Amazon Titan Text G1 - Express.
model_id = "amazon.titan-text-express-v1"
# Start a conversation with the user message.
user_message = "Describe the purpose of a 'hello world' program in one line."
conversation = [
{
"role": "user",
"content": [{"text": user_message}],
}
]
try:
# Send the message to the model, using a basic inference configuration.
response = brt.converse(
modelId=model_id,
messages=conversation,
inferenceConfig={"maxTokens": 512, "temperature": 0.5, "topP": 0.9},
)
# Extract and print the response text.
response_text = response["output"]["message"]["content"][0]["text"]
print(response_text)
except (ClientError, Exception) as e:
print(f"ERROR: Can't invoke '{model_id}'. Reason: {e}")
exit(1)
```
If the command is successful, the response returns the text generated by the model in response to the prompt.