Service roles
Amazon Bedrock uses IAM service roles for some features to let Amazon Bedrock carry out tasks on your behalf.
The console automatically creates service roles for supported features.
You can also create a custom service role and customize the attached permissions to your specific use-case. If you use the console, you can select this role instead of letting Amazon Bedrock create one for you.
To set up the custom service role, you carry out the following general steps.
-
Create the role by following the steps at Creating a role to delegate permissions to an AWS service.
-
Attach a trust policy.
-
Attach the relevant identity-based permissions.
Refer to the following links for more information about IAM concepts that are relevant to setting service role permissions.
Select a topic to learn more about service roles for a specific feature.
Topics
- Create a service role for batch inference
- Create a service role for model customization
- Create a service role for model import
- Create a service role for Amazon Bedrock Agents
- Create a service role for Amazon Bedrock Knowledge Bases
- Create a service role for Amazon Bedrock Flows in Amazon Bedrock
- Create a service role for Amazon Bedrock Studio
- Create a provisioning role for Amazon Bedrock Studio
