I am trying to create a bedrock knowledgebase using aws sdk. but when i try to hit the createKnowledgeBase method if gives me the below error.
User: arn:aws:iam::85172538xxxx:user/bedrock_assist_user is not authorized to perform: bedrock:CreateKnowledgeBase
I even tried giving the bedrock:CreateKnowledgeBase
in policy to the user
and it still gives the same error, i even gave AdministratorAccess
, but still same error.
Any pointers on what can be happening wrong? Below is my java code
VectorKnowledgeBaseConfiguration vkbc = VectorKnowledgeBaseConfiguration.builder()
.embeddingModelArn(embeddingModelArn)
.build();
KnowledgeBaseConfiguration kbc = KnowledgeBaseConfiguration.builder()
.vectorKnowledgeBaseConfiguration(vkbc)
.build();
OpenSearchServerlessConfiguration sssc = OpenSearchServerlessConfiguration.builder()
.collectionArn(collectionArn)
.vectorIndexName("bedrock-knowledge-base-default-index")
.fieldMapping(builder -> builder
.metadataField("AMAZON_BEDROCK_METADATA")
.textField("AMAZON_BEDROCK_TEXT_CHUNK")
.vectorField("bedrock-knowledge-base-default-vector")
.build()
)
.build();
StorageConfiguration sc = StorageConfiguration.builder()
.opensearchServerlessConfiguration(sssc)
.build();
CreateKnowledgeBaseRequest req = CreateKnowledgeBaseRequest.builder()
.knowledgeBaseConfiguration(kbc)
.storageConfiguration(sc)
.roleArn(kbServiceRole)
.name(knowledgeBaseName)
.description("Knowledge Base ")
.build();
CreateKnowledgeBaseResponse res = bedrockAgentClient.createKnowledgeBase(req);
Apparently on extensive debugging through cloudtrail I found out that I was missing a parameter in payload to the request. As you can see I am missing a type
field in storage configuration. Surprisingly I don't know why it is leading to a Unauthorised error when it should give a bad request or validation error.
Thanks everyone for helping me out!!