Prerequisites for direct ingestion

To use direct ingestion, an IAM role must have permissions to use the KnowledgeBaseDocs API operations. If your IAM role has the AmazonBedrockFullAccess AWS managed policy attached, you can skip this section.

The following policy can be attached to an IAM role to allow it to perform direct ingestion on the knowledge bases that you specify in the Resource field.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DirectIngestion",
            "Effect": "Allow",
            "Action": [  
                "bedrock:IngestKnowledgeBaseDocuments",
                "bedrock:GetKnowledgeBaseDocument",
                "bedrock:ListKnowledgeBaseDocuments",
                "bedrock:DeleteKnowledgebaseDocument"
            ],
            "Resource": [
                "arn:${Partition}:bedrock:${Region}:${Account}:knowledge-base/${KnowledgeBaseId}"
            ]
        }
    ]   
}

To further restrict permissions, you can omit actions, or you can specify resources and condition keys by which to filter permissions. For more information about actions, resources, and condition keys, see the following topics in the Service Authorization Reference:

Actions defined by Amazon Bedrock – Learn about actions, the resource types that you can scope them to in the Resource field, and the condition keys that you can filter permissions on in the Condition field.
Resource types defined by Amazon Bedrock – Learn about the resource types in Amazon Bedrock.
Condition keys for Amazon Bedrock – Learn about the condition keys in Amazon Bedrock.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Ingest changes directly into a knowledge base

Ingest documents directly into a knowledge base