AWS App Studio is in preview and is subject to change.
Connect to Amazon Bedrock
To connect App Studio with Amazon Bedrock so builders can access and use Amazon Bedrock in applications, you must perform the following steps:
Enable Amazon Bedrock models
Use the following procedure to enable Amazon Bedrock models.
To enable Amazon Bedrock models
-
Sign in to the AWS Management Console and open the Amazon Bedrock console at https://console.aws.amazon.com/bedrock/
. -
In the left navigation pane, choose Model access.
-
Enable the models that you want to use. For more information, see Manage access to Amazon Bedrock foundation models.
Create an IAM role to give App Studio access to Amazon Bedrock
To use Amazon Bedrock with App Studio, administrators must create an IAM role to give App Studio permissions to access the resources. The IAM role controls the scope of permissions for App Studio apps to use, and is used when creating the connector. We recommend creating at least one IAM role per service and policy.
To create an IAM role to give App Studio access to Amazon Bedrock
-
Sign in to the IAM console
with a user that has permissions to create IAM roles. We recommend using the administrative user created in Create an administrative user for managing AWS resources. -
In the navigation pane of the console, choose Roles and then choose Create role.
-
In Trusted entity type, choose Custom trust policy.
-
Replace the default policy with the following policy to allow App Studio applications to assume this role in your account.
You must replace
111122223333with the AWS account number of the account used to set up the App Studio instance.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:PrincipalTag/IsAppStudioAccessRole": "true" } } } ] }Choose Next.
-
In Add permissions, search for and select the policies that grant the appropriate permissions for the role. Choosing the + next to a policy will expand the policy to show the permissions granted by it and choosing the checkbox selects the policy. For Amazon Bedrock, you may consider adding the
AmazonBedrockFullAccesspolicy, which grants full access to Amazon Bedrock.For more information about using IAM policies with Amazon Bedrock, including a list of managed policies and their descriptions, see Identity and Access Management for Amazon Bedrock in the Amazon Bedrock User Guide.
Choose Next.
-
In Role details, provide a name and description.
In Step 3: Add tags, choose Add new tag to add the following tag to provide App Studio access:
Key:
IsAppStudioDataAccessRoleValue:
true
-
Choose Create role and make note of the generated Amazon Resource Name (ARN), you will need it when creating the Amazon Bedrock connector in App Studio in the next step.
Create Amazon Bedrock connector
To create a connector for Amazon Bedrock
-
Navigate to App Studio.
-
In the left-side navigation pane, choose Connectors in the Manage section. You will be taken to a page displaying a list of existing connectors with some details about each.
-
Choose + Create connector.
-
Choose AWS Services from the list of connector types.
-
Configure your connector by filling out the following fields:
Name: Enter a name for your Amazon Bedrock connector.
Description: Enter a description for your Amazon Bedrock connector.
IAM role: Enter the Amazon Resource Name (ARN) from the IAM role created in Create an IAM role to give App Studio access to Amazon Bedrock. For more information about IAM, see the IAM User Guide.
Service: Choose Bedrock Runtime.
Region: Choose the AWS Region where your Amazon Bedrock resources are located.
-
Choose Create.
-
The newly created connector will appear in the Connectors list.
