-
-
Save KyMidd/14dd6fb5e85ba6a44a982c98b37aab45 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_role_policy" "DevOpsBotSlack_Bedrock" { | |
| name = "Bedrock" | |
| role = aws_iam_role.Ue1TiDevOpsBotRole.id | |
| policy = jsonencode( | |
| { | |
| "Version" : "2012-10-17", | |
| "Statement" : [ | |
| # Grant permission to invoke bedrock models of any type in us-west-2 region | |
| { | |
| "Effect" : "Allow", | |
| "Action" : "bedrock:InvokeModel", | |
| "Resource" : "arn:aws:bedrock:us-west-2::foundation-model/*" | |
| }, | |
| # Grant permission to invoke bedrock guardrails of any type in us-west-2 region | |
| { | |
| "Effect" : "Allow", | |
| "Action" : "bedrock:ApplyGuardrail", | |
| "Resource" : "arn:aws:bedrock:us-west-2:${data.aws_caller_identity.current.account_id}:guardrail/*" | |
| }, | |
| # Grant permissions to use knowledge bases in us-west-2 region | |
| { | |
| "Effect" : "Allow", | |
| "Action" : [ | |
| "bedrock:Retrieve", | |
| "bedrock:RetrieveAndGenerate", | |
| ], | |
| "Resource" : "arn:aws:bedrock:us-west-2:${data.aws_caller_identity.current.account_id}:knowledge-base/*" | |
| }, | |
| ] | |
| } | |
| ) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment