Amazon Bedrock (bedrock)

2023-07-18

17 new actions, 3 new resources, 3 new conditions

Additions

    Actions
  • CreateModelCustomizationJob
    • Description:  Grants permission to create a job for customizing the model with your custom training data
    • Access:  Write
    • Resources: 

      Name: custom-model

      Required: Yes

      Name: model-customization-job

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • DeleteCustomModel
    • Description:  Grants permission to delete a custom model that you created earlier
    • Access:  Write
    • Resources: 

      Name: model-customization-job

      Required: Yes

  • DeletePrompt
    • Description:  Grants permission to delete a saved prompt
    • Access:  Write
  • GetCustomModel
    • Description:  Grants permission to get the properties associated with a Bedrock custom model that you have created
    • Access:  Read
    • Resources: 

      Name: custom-model

      Required: Yes

  • GetModelCustomizationJob
    • Description:  Grants permission to get the properties associated with a model-customization job. Use this operation to get the status of a model-customization job
    • Access:  Read
    • Resources: 

      Name: model-customization-job

      Required: Yes

  • GetPrompt
    • Description:  Grants permission to get a saved prompt
    • Access:  Read
  • InvokeModel
    • Description:  Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body
    • Access:  Write
    • Resources: 

      Name: custom-model

      Required: Yes

      Name: foundation-model

      Required: Yes

  • InvokeModelWithResponseStream
    • Description:  Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body with streaming response
    • Access:  Write
    • Resources: 

      Name: custom-model

      Required: Yes

      Name: foundation-model

      Required: Yes

  • ListCustomModels
    • Description:  Grants permission to get a list of Bedrock custom models that you have created
    • Access:  List
  • ListFoundationModels
    • Description:  Grants permission to list Bedrock foundation models that you can use
    • Access:  List
  • ListModelCustomizationJobs
    • Description:  Grants permission to get the list of model customization jobs that you have submitted
    • Access:  List
  • ListPrompts
    • Description:  Grants permission to lists all prompts saved to a playground
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list tags for a Bedrock resource
    • Access:  List
    • Resources: 

      Name: custom-model

      Required: Yes

      Name: model-customization-job

      Required: Yes

  • StopModelCustomizationJob
    • Description:  Grants permission to stop a Bedrock model customization job while in progress. This is an asynchronous operation, \n you need to call GetModelCustomizationJob API to get the status of model-customization job. \n If the job state is IN_PROGRESS the job is marked for termination and put into the STOPPING state. \n If the job completes before it can be stopped, it is put into the COMPLETED state. \n otherwise the job is stopped and put into the STOPPED state
    • Access:  Write
    • Resources: 

      Name: model-customization-job

      Required: Yes

  • TagResource
    • Description:  Grants permission to Tag a Bedrock resource
    • Access:  Tagging
    • Resources: 

      Name: custom-model

      Required: No

      Name: model-customization-job

      Required: No

    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}

  • UntagResource
    • Description:  Grants permission to Untag a Bedrock resource
    • Access:  Tagging
    • Resources: 

      Name: custom-model

      Required: No

      Name: model-customization-job

      Required: No

    • Conditions: 

      aws:TagKeys

  • UpdatePrompt
    • Description:  Grants permission to updates a saved prompt
    • Access:  Write
    Resources
  • foundation-model
    • Arn:  arn:${Partition}:bedrock:${Region}::foundation-model/${ResourceId}
  • custom-model
    • Arn:  arn:${Partition}:bedrock:${Region}::custom-model/${ResourceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • model-customization-job
    • Arn:  arn:${Partition}:bedrock:${Region}::model-customization-job/${ResourceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by creating requests based on the allowed set of values for each of the mandatory tags
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by having actions based on the tag value associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by creating requests based on the presence of mandatory tags in the request
    • Type:  ArrayOfString