IT-4232: Add permission to access S3 #1321

xschildw · 2025-01-10T01:30:46Z

This PR adds permissions for a bedrock agent to access S3

zaro0508 · 2025-01-10T15:23:16Z

org-formation/300-account-defaults/bedrock-agent-role.yaml

+              - Effect: Allow
+                Action: "s3:*"
+                Resource: "*"


why not use just apply the AmazonS3FullAccess managed policy?

Good idea! Updated.

zaro0508 · 2025-01-27T16:51:17Z

org-formation/300-account-defaults/bedrock-agent-role.yaml

@@ -18,6 +18,8 @@ Resources:
                aws:SourceAccount: !Ref AWS::AccountId
              ArnLike:
                aws:SourceArn: !Sub "arn:aws:bedrock:${AWS::Region}:${AWS::AccountId}:agent/*"
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonS3FullAccess


you can also replace your bedrockAgentPolicy with the AWS managed AWSLambdaRole policy..

Add permission to access S3

84eef37

xschildw requested a review from a team as a code owner January 10, 2025 01:30

xschildw requested review from john-hill and zaro0508 January 10, 2025 01:31

zaro0508 requested changes Jan 10, 2025

View reviewed changes

Use managed policy per review

d89e6fc

xschildw requested a review from zaro0508 January 22, 2025 17:01

zaro0508 requested changes Jan 27, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IT-4232: Add permission to access S3 #1321

IT-4232: Add permission to access S3 #1321

xschildw commented Jan 10, 2025

zaro0508 Jan 10, 2025 •

edited

Loading

xschildw Jan 10, 2025

zaro0508 Jan 27, 2025

IT-4232: Add permission to access S3 #1321

Are you sure you want to change the base?

IT-4232: Add permission to access S3 #1321

Conversation

xschildw commented Jan 10, 2025

zaro0508 Jan 10, 2025 • edited Loading

Choose a reason for hiding this comment

xschildw Jan 10, 2025

Choose a reason for hiding this comment

zaro0508 Jan 27, 2025

Choose a reason for hiding this comment

zaro0508 Jan 10, 2025 •

edited

Loading