Bedrock Connection

Amazon Bedrock is a fully managed service that provides access to foundation models (FMs) from leading AI companies.

Leverage Gathr to connect to Bedrock and seamlessly access FMs from top AI companies.

Learn how to authenticate to Amazon Bedrock by setting up connection properties in the Bedrock connection connector.

Prerequisites

Prerequisites for Connecting to Bedrock from Gathr:

  • Ensure you have an AWS account.

  • Create or use an existing IAM role for Gathr to assume.

    Note down the secret and access keys for Gathr connection.

    For detailed information on how to create an IAM role in AWS, click here.

  • Assign the IAM policy/permissions to the role to access Bedrock via Gathr.

    For detailed information on how to create IAM Policy in AWS, click here.

    For detailed information on how to add permissions to an IAM role, click here.

Required Permissions & Policy Actions in AWS

The minimum required permissions are outlined in the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
              "Sid": "BedrockMinimumForAllModels",
              "Effect": "Allow",
              "Action": [
                  "bedrock:ListFoundationModels",
                  "bedrock:GetFoundationModel",
                  "bedrock:InvokeModel",
                  "bedrock:ListCustomModels",
                  "bedrock:InvokeModelWithResponseStream",
                  "bedrock:ListTagsForResource",
                  "bedrock:GetModelInvocationLoggingConfiguration"
              ],
              "Resource": [
                  "arn:aws:bedrock:*:632963553276:foundation-model/Amazon",
                  "arn:aws:bedrock:*:632963553276:tag/foundation-model/Amazon",
                  "arn:aws:bedrock:*:632963553276:foundation-model/AI21 Labs",
                  "arn:aws:bedrock:*:632963553276:tag/foundation-model/AI21 Labs",
                  "arn:aws:bedrock:*:632963553276:foundation-model/Anthropic",
                  "arn:aws:bedrock:*:632963553276:tag/foundation-model/Anthropic",
                  "arn:aws:bedrock:*:632963553276:foundation-model/Cohere",
                  "arn:aws:bedrock:*:632963553276:tag/foundation-model/Cohere",
                  "arn:aws:bedrock:*:632963553276:foundation-model/Meta",
                  "arn:aws:bedrock:*:632963553276:tag/foundation-model/Meta",
                  "arn:aws:bedrock:*:632963553276:foundation-model/Stability AI",
                  "arn:aws:bedrock:*:632963553276:tag/foundation-model/Stability AI"		
              ]
          }
      ]
}
  • Before using a foundation model, request access to it. Follow the guidelines at Model Access for requesting and gaining access to foundation models.

Update Trust Relationship in AWS for Role ARN Connections

When establishing Role ARN based connections to access Bedrock from Gathr, please make sure that the provided Role ARN has access to the necessary Bedrock models. Additionally, your Gathr Role ARN should be designated as the trusted entity for that role within AWS.

  1. Copy Gathr Role ARN: From Bedrock’s Connection page, copy your Gathr Role ARN. You’ll find this option illustrated below:

    copy-arn

  2. Update Trust Relationship in AWS Console:

    • Navigate to the AWS console and locate the role created for Gathr access.

    • Access the Trust relationships tab and select Edit trust relationship.

    • Replace the Principal details with the Gathr tenant ARN copied from your Gathr User Profile. This step ensures that Gathr is recognized as a trusted entity for accessing Bedrock.

After ensuring all prerequisites are met, proceed to create a Bedrock connection in Gathr and start leveraging its capabilities.

Connection Configuration

Each connection property available in the Bedrock connection configuration is explained below.

Connection Name

The name of the connection to be created should be provided. This is the name that will display on the list of available connections.

Connect Using

Option to authenticate the Bedrock connection using AWS keys or Role ARN.

Connect with AWS Keys

Provide your AWS account access key and secret key for connection.

AWS KeyId

Enter your AWS account access key.

Secret Access Key

Enter your AWS account secret key.

Connect with Role ARN

Use Role ARN for connection.

Role ARN

Copy this tenant ARN and ensure that the Trust relationship for the AWS role created or intended for Gathr access is updated. Replace the Principal details in the Trust Relationship tab of the AWS role with the copied tenant ARN.

Updated Trust Policy Example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::123456789123:role/gathr_tenant_role"
                ],
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Customer Role ARN

Please provide the Role ARN of the AWS role created or intended for Gathr’s access to Bedrock models.

Region

Select the region for testing Bedrock connection.

Add Configuration: Additional properties can be added using this option as key-value pairs.

After entering all the details, click on the TEST button.

If the connection service identification and authentication details are provided correctly, a success message stating “connection available” is generated.

Click on the CREATE button to save the changes.

If the details are incorrect or the server is down, you will get a message “Connection unavailable”.

If you have any feedback on Gathr documentation, please email us!

← Azure OpenAI Processor
Bedrock Text →