Create a service role for Amazon Bedrock Knowledge Bases - Amazon Bedrock

Create a service role for Amazon Bedrock Knowledge Bases

To use a custom role for a knowledge base instead of the one Amazon Bedrock automatically creates, create an IAM role and attach the following permissions by following the steps at Creating a role to delegate permissions to an AWS service. Include only the necessary permissions for your own security.

  • Trust relationship

  • Access to the Amazon Bedrock base models

  • Access to the data source for where you store your data

  • (If you create a vector database in Amazon OpenSearch Service) Access to your OpenSearch Service collection

  • (If you create a vector database in Amazon Aurora) Access to your Aurora cluster

  • (If you create a vector database in Pinecone or Redis Enterprise Cloud) Permissions for AWS Secrets Manager to authenticate your Pinecone or Redis Enterprise Cloud account

  • (Optional) If you encrypt any of the following resources with a KMS key, permissions to decrypt the key (see Encryption of knowledge base resources).

    • Your knowledge base

    • Data sources for your knowledge base

    • Your vector database in Amazon OpenSearch Service

    • The secret for your third-party vector database in AWS Secrets Manager

    • A data ingestion job

Trust relationship

The following policy allows Amazon Bedrock to assume this role and create and manage knowledge bases. The following shows an example policy you can use. You can restrict the scope of the permission by using one or more global condition context keys. For more information, see AWS global condition context keys. Set the aws:SourceAccount value to your account ID. Use the ArnEquals or ArnLike condition to restrict the scope to specific knowledge bases.

Note

As a best practice for security purposes, replace the * with specific knowledge base IDs after you have created them.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "${AccountId}" }, "ArnLike": { "AWS:SourceArn": "arn:aws:bedrock:${Region}:${AccountId}:knowledge-base/*" } } }] }

Permissions to access Amazon Bedrock models

Attach the following policy to provide permissions for the role to use Amazon Bedrock models to embed your source data.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:ListFoundationModels", "bedrock:ListCustomModels" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": [ "arn:aws:bedrock:${Region}::foundation-model/amazon.titan-embed-text-v1", "arn:aws:bedrock:${Region}::foundation-model/cohere.embed-english-v3", "arn:aws:bedrock:${Region}::foundation-model/cohere.embed-multilingual-v3" ] } ] }

Permissions to access your data sources

Select from the following data sources to attach the necessary permissions for the role.

Permissions to access your Amazon S3 data source

Attach the following policy to provide permissions for the role to access Amazon S3.

If you encrypted the data source with a AWS KMS key, attach permissions to decrypt the key to the role by following the steps at Permissions to decrypt your AWS KMS key for your data sources in Amazon S3.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::${bucket/path/to/folder}", "arn:aws:s3:::${bucket/path/to/folder}/*" ], "Condition": { "StringEquals": { "aws:PrincipalAccount": "${AccountId}" } } }] }

Permissions to access your Confluence data source

Note

Confluence data source connector is in preview release and is subject to change.

Attach the following policy to provide permissions for the role to access Confluence.

Note

secretsmanager:PutSecretValue is only necessary if you use OAuth 2.0 authentication with a refresh token.

Confluence OAuth2.0 access token has a default expiry time of 60 minutes. If this token expires while your data source is syncing (sync job), Amazon Bedrock will use the provided refresh token to regenerate this token. This regeneration refreshes both the access and refresh tokens. To keep the tokens updated from the current sync job to the next sync job, Amazon Bedrock requires write/put permissions for your secret credentials.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Resource": [ "arn:aws:secretsmanager:${Region}:${AccountId}:secret:${secret-id}" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:${Region}:${AccountId}:key/${KeyId}" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.${Region}.amazonaws.com" ] } } }, }

Permissions to access your Microsoft SharePoint data source

Note

SharePoint data source connector is in preview release and is subject to change.

Attach the following policy to provide permissions for the role to access SharePoint.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:${Region}:${AccountId}:secret:${SecretId}" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:${Region}:${AccountId}:key/${KeyId}" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.${Region}.amazonaws.com" ] } } }, }

Permissions to access your Salesforce data source

Note

Salesforce data source connector is in preview release and is subject to change.

Attach the following policy to provide permissions for the role to access Salesforce.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:${Region}:${AccountId}:secret:${SecretId}" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:${Region}:${AccountId}:key/${KeyId}" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.${Region}.amazonaws.com" ] } } }, }

Permissions to chat with your document

Attach the following policy to provide permissions for the role to use Amazon Bedrock models to chat with your document:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:RetrieveAndGenerate" ], "Resource": "*" } ] }

If you only want to grant a user access to chat with your document (and not to RetrieveAndGenerate on all Knowledge Bases), use the following policy:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:RetrieveAndGenerate" ], "Resource": "*" }, { "Effect": "Deny", "Action": [ "bedrock:Retrieve" ], "Resource": "*" } ] }

If you want both chat with your document and use RetrieveAndGenerate on a specific Knowledge Base, provide a ${KnowledgeBaseArn}, and use the following policy:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:RetrieveAndGenerate" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "bedrock:Retrieve" ], "Resource": ${KnowledgeBaseArn} } ] }

(Optional) Permissions to access your Amazon Kendra GenAI index

If you created an Amazon Kendra GenAI index for your knowledge base, then attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow access to the index. In the policy, replace ${Partition}, ${Region}, ${AccountId}, and ${IndexId} with the values for your index. You can allow access to multiple indexes by adding them to the Resource list. To allow access to every index in your AWS account, replace ${IndexId} with a wildcard (*).

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kendra:Retrieve", // To call their Retrieve API "kendra:DescribeIndex" // For validation when creating the KB ], "Resource": "arn:${${Partition}}:kendra:${${Region}}:${${AccountId}}:index/${${IndexId}}" } ] }

(Optional) Permissions to access your vector database in Amazon OpenSearch Service

If you created a vector database in Amazon OpenSearch Service for your knowledge base, attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow access to the collection. Replace ${Region} and ${AccountId} with the region and account ID to which the database belongs. Input the ID of your Amazon OpenSearch Service collection in ${CollectionId}. You can allow access to multiple collections by adding them to the Resource list.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "aoss:APIAccessAll" ], "Resource": [ "arn:aws:aoss:${Region}:${AccountId}:collection/${CollectionId}" ] }] }

(Optional) Permissions to access your Amazon Aurora database cluster

If you created a database (DB) cluster in Amazon Aurora for your knowledge base, attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow access to the DB cluster and to provide read and write permissions on it. Replace ${Region} and ${AccountId} with the region and account ID to which the DB cluster belongs. Input the ID of your Amazon Aurora database cluster in ${DbClusterId}. You can allow access to multiple DB clusters by adding them to the Resource list.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "RdsDescribeStatementID", "Effect": "Allow", "Action": [ "rds:DescribeDBClusters" ], "Resource": [ "arn:aws:rds:${Region}:${AccountId}:cluster:${DbClusterId}" ] }, { "Sid": "DataAPIStatementID", "Effect": "Allow", "Action": [ "rds-data:BatchExecuteStatement", "rds-data:ExecuteStatement" ], "Resource": [ "arn:aws:rds:${Region}:${AccountId}:cluster:${DbClusterId}" ] }] }

(Optional) Permissions to access a vector database configured with an AWS Secrets Manager secret

If your vector database is configured with an AWS Secrets Manager secret, attach the following policy to your Amazon Bedrock Knowledge Bases service role to allow AWS Secrets Manager to authenticate your account to access the database. Replace ${Region} and ${AccountId} with the region and account ID to which the database belongs. Replace ${SecretId} with the ID of your secret.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:${Region}:${AccountId}:secret:${SecretId}" ] }] }

If you encrypted your secret with a AWS KMS key, attach permissions to decrypt the key to the role by following the steps at Permissions to decrypt an AWS Secrets Manager secret for the vector store containing your knowledge base.

(Optional) Permissions for AWS to manage a AWS KMS key for transient data storage during data ingestion

To allow the creation of a AWS KMS key for transient data storage in the process of ingesting your data source, attach the following policy to your Amazon Bedrock Knowledge Bases service role. Replace the ${Region}, ${AccountId}, and ${KeyId} with the appropriate values.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": [ "arn:aws:kms:${Region}:${AccountId}:key/${KeyId}" ] } ] }

(Optional) Permissions for AWS to manage a data sources from another user's AWS account.

To allow the access to another user's AWS account, you must create a role that allows cross-account access to a Amazon S3 bucket in another user's account. Replace the ${BucketName}, ${BucketOwnerAccountId}, and ${BucketNameAndPrefix} with the appropriate values.

Permissions Required on Knowledge Base role

The knowledge base role that is provided during knowledge base creation createKnowledgeBase requires the following Amazon S3 permissions.

{ "Version": "2012-10-17", "Statement": [{ "Sid": "S3ListBucketStatement", "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::${BucketName}" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${BucketOwnerAccountId}" } } },{ "Sid": "S3GetObjectStatement", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::${BucketNameAndPrefix}/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${BucketOwnerAccountId}" } }] }

If the Amazon S3 bucket is encrypted using a AWS KMS key, the following also needs to be added to the knowledge base role. Replace the ${BucketOwnerAccountId} and ${Region} with the appropriate values.

{ "Sid": "KmsDecryptStatement", "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:${Region}:${BucketOwnerAccountId}:key/${KeyId}" ], "Condition": { "StringEquals": { "kms:ViaService": [ "s3.${Region}.amazonaws.com" ] } } }

Permissions required on a cross-account Amazon S3 bucket policy

The bucket in the other account requires the following Amazon S3 bucket policy. Replace the ${KbRoleArn}, ${BucketName}, and ${BucketNameAndPrefix} with the appropriate values.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Example ListBucket permissions", "Effect": "Allow", "Principal": { "AWS": "${KbRoleArn}" }, "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::${BucketName}" ] }, { "Sid": "Example GetObject permissions", "Effect": "Allow", "Principal": { "AWS": "${KbRoleArn}" }, "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::${BucketNameAndPrefix}/*" ] } ] }

Permissions required on cross-account AWS KMS key policy

If the cross-account Amazon S3 bucket is encrypted using a AWS KMS key in that account, the policy of the AWS KMS key requires the following policy. Replace the ${KbRoleArn} and ${KmsKeyArn} with the appropriate values.

{ "Sid": "Example policy", "Effect": "Allow", "Principal": { "AWS": [ "${KbRoleArn}" ] }, "Action": [ "kms:Decrypt" ], "Resource": "${KmsKeyArn}" }