amazon-web-servicesaws-sdkaws-java-sdk-2.xamazon-bedrock

User is not authorized to perform: bedrock:CreateKnowledgeBase


I am trying to create a bedrock knowledgebase using aws sdk. but when i try to hit the createKnowledgeBase method if gives me the below error.

User: arn:aws:iam::85172538xxxx:user/bedrock_assist_user is not authorized to perform: bedrock:CreateKnowledgeBase

I even tried giving the bedrock:CreateKnowledgeBase in policy to the user and it still gives the same error, i even gave AdministratorAccess, but still same error.

Any pointers on what can be happening wrong? Below is my java code

VectorKnowledgeBaseConfiguration vkbc = VectorKnowledgeBaseConfiguration.builder()
                .embeddingModelArn(embeddingModelArn)
                .build();
        KnowledgeBaseConfiguration kbc = KnowledgeBaseConfiguration.builder()
                .vectorKnowledgeBaseConfiguration(vkbc)
                .build();

        OpenSearchServerlessConfiguration sssc = OpenSearchServerlessConfiguration.builder()
                .collectionArn(collectionArn)
                .vectorIndexName("bedrock-knowledge-base-default-index")
                .fieldMapping(builder -> builder
                                .metadataField("AMAZON_BEDROCK_METADATA")
                                .textField("AMAZON_BEDROCK_TEXT_CHUNK")
                                .vectorField("bedrock-knowledge-base-default-vector")
                                .build()
                )
                .build();
        StorageConfiguration sc = StorageConfiguration.builder()
                .opensearchServerlessConfiguration(sssc)
                .build();
        CreateKnowledgeBaseRequest req = CreateKnowledgeBaseRequest.builder()
                .knowledgeBaseConfiguration(kbc)
                .storageConfiguration(sc)
                .roleArn(kbServiceRole)
                .name(knowledgeBaseName)
                .description("Knowledge Base ")
                .build();
        CreateKnowledgeBaseResponse res =  bedrockAgentClient.createKnowledgeBase(req);

Solution

  • Apparently on extensive debugging through cloudtrail I found out that I was missing a parameter in payload to the request. As you can see I am missing a type field in storage configuration. Surprisingly I don't know why it is leading to a Unauthorised error when it should give a bad request or validation error. Thanks everyone for helping me out!!