From 0c65da6ab4fc87f56660b7af35e92576d92fe9f4 Mon Sep 17 00:00:00 2001 From: Rafael Mosca Date: Thu, 27 Feb 2025 11:05:47 +0000 Subject: [PATCH 1/3] fix(bedrock): modify iam policies --- .../cross-region-inference-profile.ts | 2 +- src/cdk-lib/bedrock/models.ts | 24 +- test/integ/issue991.integ.snapshot/cdk.out | 1 + .../issue991.integ.snapshot/manifest.json | 125 +++++++ test/integ/issue991.integ.snapshot/tree.json | 329 ++++++++++++++++++ test/integ/issue991.integ.ts | 0 6 files changed, 468 insertions(+), 13 deletions(-) create mode 100644 test/integ/issue991.integ.snapshot/cdk.out create mode 100644 test/integ/issue991.integ.snapshot/manifest.json create mode 100644 test/integ/issue991.integ.snapshot/tree.json create mode 100644 test/integ/issue991.integ.ts diff --git a/src/cdk-lib/bedrock/inference-profiles/cross-region-inference-profile.ts b/src/cdk-lib/bedrock/inference-profiles/cross-region-inference-profile.ts index 547535f2..b9b74951 100644 --- a/src/cdk-lib/bedrock/inference-profiles/cross-region-inference-profile.ts +++ b/src/cdk-lib/bedrock/inference-profiles/cross-region-inference-profile.ts @@ -151,7 +151,7 @@ export class CrossRegionInferenceProfile implements IInvokable, IInferenceProfil grantProfileUsage(grantee: IGrantable): Grant { const grant = Grant.addToPrincipal({ grantee: grantee, - actions: ['bedrock:GetInferenceProfile', 'bedrock:InvokeModel'], + actions: ['bedrock:GetInferenceProfile', 'bedrock:InvokeModel*'], resourceArns: [this.inferenceProfileArn], }); return grant; diff --git a/src/cdk-lib/bedrock/models.ts b/src/cdk-lib/bedrock/models.ts index d6135c9f..8000e65f 100644 --- a/src/cdk-lib/bedrock/models.ts +++ b/src/cdk-lib/bedrock/models.ts @@ -140,32 +140,32 @@ export class BedrockFoundationModel implements IInvokable { ***************************************************************************/ public static readonly ANTHROPIC_CLAUDE_3_5_SONNET_V2_0 = new BedrockFoundationModel( 'anthropic.claude-3-5-sonnet-20241022-v2:0', - { supportsAgents: true, supportsCrossRegion: true }, + { supportsAgents: true, supportsCrossRegion: true } ); public static readonly ANTHROPIC_CLAUDE_3_5_SONNET_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-5-sonnet-20240620-v1:0', - { supportsAgents: true, supportsCrossRegion: true }, + { supportsAgents: true, supportsCrossRegion: true } ); public static readonly ANTHROPIC_CLAUDE_3_5_HAIKU_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-5-haiku-20241022-v1:0', - { supportsAgents: true, supportsCrossRegion: true }, + { supportsAgents: true, supportsCrossRegion: true } ); public static readonly ANTHROPIC_CLAUDE_OPUS_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-opus-20240229-v1:0', - { supportsAgents: true }, + { supportsAgents: true } ); public static readonly ANTHROPIC_CLAUDE_SONNET_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-sonnet-20240229-v1:0', - { supportsAgents: true, supportsCrossRegion: true }, + { supportsAgents: true, supportsCrossRegion: true } ); public static readonly ANTHROPIC_CLAUDE_HAIKU_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-haiku-20240307-v1:0', - { supportsAgents: true, supportsCrossRegion: true }, + { supportsAgents: true, supportsCrossRegion: true } ); public static readonly ANTHROPIC_CLAUDE_V2_1 = new BedrockFoundationModel('anthropic.claude-v2:1', { @@ -206,14 +206,14 @@ export class BedrockFoundationModel implements IInvokable { 'meta.llama3-1-70b-instruct-v1:0', { supportsCrossRegion: true, - }, + } ); public static readonly META_LLAMA_3_2_11B_INSTRUCT_V1 = new BedrockFoundationModel( 'meta.llama3-2-11b-instruct-v1:0', { supportsCrossRegion: true, - }, + } ); public static readonly META_LLAMA_3_2_3B_INSTRUCT_V1 = new BedrockFoundationModel('meta.llama3-2-3b-instruct-v1:0', { @@ -226,13 +226,13 @@ export class BedrockFoundationModel implements IInvokable { public static fromCdkFoundationModelId( modelId: FoundationModelIdentifier, - props: BedrockFoundationModelProps = {}, + props: BedrockFoundationModelProps = {} ): BedrockFoundationModel { return new BedrockFoundationModel(modelId.modelId, props); } public static fromCdkFoundationModel( modelId: FoundationModel, - props: BedrockFoundationModelProps = {}, + props: BedrockFoundationModelProps = {} ): BedrockFoundationModel { return new BedrockFoundationModel(modelId.modelId, props); } @@ -293,7 +293,7 @@ export class BedrockFoundationModel implements IInvokable { public grantInvoke(grantee: IGrantable): Grant { const grant = Grant.addToPrincipal({ grantee: grantee, - actions: ['bedrock:InvokeModel'], + actions: ['bedrock:InvokeModel*', 'bedrock:GetFoundationModel'], resourceArns: [this.invokableArn], }); return grant; @@ -315,7 +315,7 @@ export class BedrockFoundationModel implements IInvokable { return Grant.addToPrincipal({ grantee: grantee, - actions: ['bedrock:InvokeModel'], + actions: ['bedrock:InvokeModel*', 'bedrock:GetFoundationModel'], resourceArns: [invokableArn], }); } diff --git a/test/integ/issue991.integ.snapshot/cdk.out b/test/integ/issue991.integ.snapshot/cdk.out new file mode 100644 index 00000000..91e1a8b9 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"39.0.0"} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/manifest.json b/test/integ/issue991.integ.snapshot/manifest.json new file mode 100644 index 00000000..96ee2514 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/manifest.json @@ -0,0 +1,125 @@ +{ + "version": "39.0.0", + "artifacts": { + "Claude37Test.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Claude37Test.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Claude37Test": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/us-east-1", + "properties": { + "templateFile": "Claude37Test.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/562e7780249315c0b1887c5920287c7bd77b418367039720482c9e3f44ce1da7.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Claude37Test.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Claude37Test.assets" + ], + "metadata": { + "/Claude37Test/Agent/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AgentRole9D587F56" + } + ], + "/Claude37Test/Agent/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AgentRoleDefaultPolicyA34CCA36" + } + ], + "/Claude37Test/Agent/AgentResource": [ + { + "type": "aws:cdk:logicalId", + "data": "AgentAgentResourceD435B430" + } + ], + "/Claude37Test/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Claude37Test/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Claude37Test" + }, + "Claude37TestIntegDefaultTestDeployAssert7B904896.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Claude37TestIntegDefaultTestDeployAssert7B904896.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Claude37TestIntegDefaultTestDeployAssert7B904896": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Claude37TestIntegDefaultTestDeployAssert7B904896.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Claude37TestIntegDefaultTestDeployAssert7B904896.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Claude37TestIntegDefaultTestDeployAssert7B904896.assets" + ], + "metadata": { + "/Claude37Test-Integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Claude37Test-Integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Claude37Test-Integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/tree.json b/test/integ/issue991.integ.snapshot/tree.json new file mode 100644 index 00000000..6520c993 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/tree.json @@ -0,0 +1,329 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Claude37Test": { + "id": "Claude37Test", + "path": "Claude37Test", + "children": { + "Agent": { + "id": "Agent", + "path": "Claude37Test/Agent", + "children": { + "Role": { + "id": "Role", + "path": "Claude37Test/Agent/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "Claude37Test/Agent/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.178.0", + "metadata": [] + } + }, + "Resource": { + "id": "Resource", + "path": "Claude37Test/Agent/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + }, + "ArnLike": { + "aws:SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:us-east-1:", + { + "Ref": "AWS::AccountId" + }, + ":agent/*" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "bedrock.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "roleName": "AmazonBedrockExecutionRoleForAgents_Claude37TestAgent6E1B1693" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.178.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "Claude37Test/Agent/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "Claude37Test/Agent/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "bedrock:InvokeModel", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:*::foundation-model/anthropic.claude-3-7-sonnet-20250219-v1:0" + ] + ] + } + }, + { + "Action": [ + "bedrock:GetInferenceProfile", + "bedrock:InvokeModel" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":inference-profile/us.anthropic.claude-3-7-sonnet-20250219-v1:0" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "AgentRoleDefaultPolicyA34CCA36", + "roles": [ + { + "Ref": "AgentRole9D587F56" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.178.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.178.0", + "metadata": [] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.178.0", + "metadata": [] + } + }, + "AgentResource": { + "id": "AgentResource", + "path": "Claude37Test/Agent/AgentResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Bedrock::Agent", + "aws:cdk:cloudformation:props": { + "actionGroups": [ + { + "actionGroupName": "UserInputAction", + "actionGroupState": "DISABLED", + "parentActionGroupSignature": "AMAZON.UserInput", + "skipResourceInUseCheckOnDelete": false + }, + { + "actionGroupName": "CodeInterpreterAction", + "actionGroupState": "DISABLED", + "parentActionGroupSignature": "AMAZON.CodeInterpreter", + "skipResourceInUseCheckOnDelete": false + } + ], + "agentName": "test-agent", + "agentResourceRoleArn": { + "Fn::GetAtt": [ + "AgentRole9D587F56", + "Arn" + ] + }, + "autoPrepare": false, + "description": "Agent description.", + "foundationModel": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":inference-profile/us.anthropic.claude-3-7-sonnet-20250219-v1:0" + ] + ] + }, + "idleSessionTtlInSeconds": 3600, + "instruction": "You're a nice agent saying Konnichiwa in Hiragana at the start of every interaction", + "skipResourceInUseCheckOnDelete": false + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_bedrock.CfnAgent", + "version": "2.178.0" + } + }, + "DefaultAlias": { + "id": "DefaultAlias", + "path": "Claude37Test/Agent/DefaultAlias", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.178.0", + "metadata": [] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.178.0", + "metadata": [] + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Claude37Test/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "2.178.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Claude37Test/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "2.178.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.178.0" + } + }, + "Claude37Test-Integ": { + "id": "Claude37Test-Integ", + "path": "Claude37Test-Integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Claude37Test-Integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Claude37Test-Integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Claude37Test-Integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Claude37Test-Integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "2.178.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Claude37Test-Integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "2.178.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.178.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "2.178.0-alpha.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "2.178.0-alpha.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "2.178.0" + } + } +} \ No newline at end of file diff --git a/test/integ/issue991.integ.ts b/test/integ/issue991.integ.ts new file mode 100644 index 00000000..e69de29b From 4c7e229a9db54e85ec66136001c2a1b56767ea1a Mon Sep 17 00:00:00 2001 From: Rafael Mosca Date: Thu, 27 Feb 2025 11:17:13 +0000 Subject: [PATCH 2/3] fix(bedrock): working integ test --- .gitignore | 8 + .npmignore | 1 + .projen/tasks.json | 69 ++++++ package.json | 5 + .../Claude37Test.assets.json | 20 ++ .../Claude37Test.template.json | 197 ++++++++++++++++++ ...efaultTestDeployAssert7B904896.assets.json | 19 ++ ...aultTestDeployAssert7B904896.template.json | 36 ++++ test/integ/issue991.integ.snapshot/integ.json | 19 ++ .../issue991.integ.snapshot/manifest.json | 2 +- test/integ/issue991.integ.snapshot/tree.json | 11 +- test/integ/issue991.integ.ts | 57 +++++ 12 files changed, 439 insertions(+), 5 deletions(-) create mode 100644 test/integ/issue991.integ.snapshot/Claude37Test.assets.json create mode 100644 test/integ/issue991.integ.snapshot/Claude37Test.template.json create mode 100644 test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.assets.json create mode 100644 test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.template.json create mode 100644 test/integ/issue991.integ.snapshot/integ.json diff --git a/.gitignore b/.gitignore index e77bf11f..6ba45d3b 100644 --- a/.gitignore +++ b/.gitignore @@ -88,6 +88,14 @@ test/integ/issue747.integ.snapshot/manifest.json test/integ/issue747.integ.snapshot/**/manifest.json test/integ/issue747.integ.snapshot/tree.json test/integ/issue747.integ.snapshot/**/tree.json +test/integ/issue991.integ.snapshot/asset.* +test/integ/issue991.integ.snapshot/**/asset.* +test/integ/issue991.integ.snapshot/cdk.out +test/integ/issue991.integ.snapshot/**/cdk.out +test/integ/issue991.integ.snapshot/manifest.json +test/integ/issue991.integ.snapshot/**/manifest.json +test/integ/issue991.integ.snapshot/tree.json +test/integ/issue991.integ.snapshot/**/tree.json test/integ/kendra-genai.integ.snapshot/asset.* test/integ/kendra-genai.integ.snapshot/**/asset.* test/integ/kendra-genai.integ.snapshot/cdk.out diff --git a/.npmignore b/.npmignore index 8a0da457..010f2a00 100644 --- a/.npmignore +++ b/.npmignore @@ -26,6 +26,7 @@ test/integ/chatprompt.integ.snapshot test/integ/guardrails.integ.snapshot test/integ/inference-profiles.integ.snapshot test/integ/issue747.integ.snapshot +test/integ/issue991.integ.snapshot test/integ/kendra-genai.integ.snapshot test/integ/.tmp test/integ/prompt-router.integ.snapshot diff --git a/.projen/tasks.json b/.projen/tasks.json index 5a8e841c..95020662 100644 --- a/.projen/tasks.json +++ b/.projen/tasks.json @@ -483,6 +483,69 @@ } ] }, + "integ:issue991:assert": { + "name": "integ:issue991:assert", + "description": "assert the snapshot of integration test 'issue991'", + "steps": [ + { + "exec": "[ -d \"test/integ/issue991.integ.snapshot\" ] || (echo \"No snapshot available for integration test 'issue991'. Run 'projen integ:issue991:deploy' to capture.\" && exit 1)" + }, + { + "exec": "cdk synth --app \"ts-node -P tsconfig.dev.json test/integ/issue991.integ.ts\" --no-notices --no-version-reporting --no-asset-metadata --no-path-metadata -o test/integ/.tmp/issue991.integ/assert.cdk.out > /dev/null" + }, + { + "exec": "diff -r -x asset.* -x cdk.out -x manifest.json -x tree.json test/integ/issue991.integ.snapshot/ test/integ/.tmp/issue991.integ/assert.cdk.out/" + } + ] + }, + "integ:issue991:deploy": { + "name": "integ:issue991:deploy", + "description": "deploy integration test 'issue991' and capture snapshot", + "steps": [ + { + "exec": "rm -fr test/integ/.tmp/issue991.integ/deploy.cdk.out" + }, + { + "exec": "cdk deploy --app \"ts-node -P tsconfig.dev.json test/integ/issue991.integ.ts\" --no-notices --no-version-reporting --no-asset-metadata --no-path-metadata '**' --require-approval=never -o test/integ/.tmp/issue991.integ/deploy.cdk.out" + }, + { + "exec": "rm -fr test/integ/issue991.integ.snapshot" + }, + { + "exec": "mv test/integ/.tmp/issue991.integ/deploy.cdk.out test/integ/issue991.integ.snapshot" + }, + { + "spawn": "integ:issue991:destroy" + } + ] + }, + "integ:issue991:destroy": { + "name": "integ:issue991:destroy", + "description": "destroy integration test 'issue991'", + "steps": [ + { + "exec": "cdk destroy --app test/integ/issue991.integ.snapshot '**' --no-version-reporting" + } + ] + }, + "integ:issue991:snapshot": { + "name": "integ:issue991:snapshot", + "description": "update snapshot for integration test \"issue991\"", + "steps": [ + { + "exec": "cdk synth --app \"ts-node -P tsconfig.dev.json test/integ/issue991.integ.ts\" --no-notices --no-version-reporting --no-asset-metadata --no-path-metadata -o test/integ/issue991.integ.snapshot > /dev/null" + } + ] + }, + "integ:issue991:watch": { + "name": "integ:issue991:watch", + "description": "watch integration test 'issue991' (without updating snapshots)", + "steps": [ + { + "exec": "cdk watch --app \"ts-node -P tsconfig.dev.json test/integ/issue991.integ.ts\" --no-notices --no-version-reporting --no-asset-metadata --no-path-metadata '**' -o test/integ/.tmp/issue991.integ/deploy.cdk.out" + } + ] + }, "integ:kendra-genai:assert": { "name": "integ:kendra-genai:assert", "description": "assert the snapshot of integration test 'kendra-genai'", @@ -625,6 +688,9 @@ { "spawn": "integ:issue747:snapshot" }, + { + "spawn": "integ:issue991:snapshot" + }, { "spawn": "integ:kendra-genai:snapshot" }, @@ -773,6 +839,9 @@ { "spawn": "integ:issue747:assert" }, + { + "spawn": "integ:issue991:assert" + }, { "spawn": "integ:kendra-genai:assert" }, diff --git a/package.json b/package.json index a5f55137..b88d6840 100644 --- a/package.json +++ b/package.json @@ -40,6 +40,11 @@ "integ:issue747:destroy": "npx projen integ:issue747:destroy", "integ:issue747:snapshot": "npx projen integ:issue747:snapshot", "integ:issue747:watch": "npx projen integ:issue747:watch", + "integ:issue991:assert": "npx projen integ:issue991:assert", + "integ:issue991:deploy": "npx projen integ:issue991:deploy", + "integ:issue991:destroy": "npx projen integ:issue991:destroy", + "integ:issue991:snapshot": "npx projen integ:issue991:snapshot", + "integ:issue991:watch": "npx projen integ:issue991:watch", "integ:kendra-genai:assert": "npx projen integ:kendra-genai:assert", "integ:kendra-genai:deploy": "npx projen integ:kendra-genai:deploy", "integ:kendra-genai:destroy": "npx projen integ:kendra-genai:destroy", diff --git a/test/integ/issue991.integ.snapshot/Claude37Test.assets.json b/test/integ/issue991.integ.snapshot/Claude37Test.assets.json new file mode 100644 index 00000000..474d4b14 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/Claude37Test.assets.json @@ -0,0 +1,20 @@ +{ + "version": "39.0.0", + "files": { + "1f9354e3c8c90e6a6e4f3adf164e2746481f44ff6494e937f784a37964b01274": { + "source": { + "path": "Claude37Test.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "1f9354e3c8c90e6a6e4f3adf164e2746481f44ff6494e937f784a37964b01274.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/Claude37Test.template.json b/test/integ/issue991.integ.snapshot/Claude37Test.template.json new file mode 100644 index 00000000..bb48f2ec --- /dev/null +++ b/test/integ/issue991.integ.snapshot/Claude37Test.template.json @@ -0,0 +1,197 @@ +{ + "Resources": { + "AgentRole9D587F56": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + }, + "ArnLike": { + "aws:SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:us-east-1:", + { + "Ref": "AWS::AccountId" + }, + ":agent/*" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "bedrock.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": "AmazonBedrockExecutionRoleForAgents_Claude37TestAgent6E1B1693" + } + }, + "AgentRoleDefaultPolicyA34CCA36": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:*::foundation-model/anthropic.claude-3-7-sonnet-20250219-v1:0" + ] + ] + } + }, + { + "Action": [ + "bedrock:GetInferenceProfile", + "bedrock:InvokeModel*" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":inference-profile/us.anthropic.claude-3-7-sonnet-20250219-v1:0" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AgentRoleDefaultPolicyA34CCA36", + "Roles": [ + { + "Ref": "AgentRole9D587F56" + } + ] + } + }, + "AgentAgentResourceD435B430": { + "Type": "AWS::Bedrock::Agent", + "Properties": { + "ActionGroups": [ + { + "ActionGroupName": "UserInputAction", + "ActionGroupState": "DISABLED", + "ParentActionGroupSignature": "AMAZON.UserInput", + "SkipResourceInUseCheckOnDelete": false + }, + { + "ActionGroupName": "CodeInterpreterAction", + "ActionGroupState": "DISABLED", + "ParentActionGroupSignature": "AMAZON.CodeInterpreter", + "SkipResourceInUseCheckOnDelete": false + } + ], + "AgentName": "test-agent-claude37", + "AgentResourceRoleArn": { + "Fn::GetAtt": [ + "AgentRole9D587F56", + "Arn" + ] + }, + "AutoPrepare": true, + "Description": "Agent description.", + "FoundationModel": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":bedrock:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":inference-profile/us.anthropic.claude-3-7-sonnet-20250219-v1:0" + ] + ] + }, + "IdleSessionTTLInSeconds": 3600, + "Instruction": "You're a nice agent saying Konnichiwa in Hiragana at the start of every interaction", + "SkipResourceInUseCheckOnDelete": false + }, + "DependsOn": [ + "AgentRoleDefaultPolicyA34CCA36" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.assets.json b/test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.assets.json new file mode 100644 index 00000000..381e0408 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.assets.json @@ -0,0 +1,19 @@ +{ + "version": "39.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "Claude37TestIntegDefaultTestDeployAssert7B904896.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.template.json b/test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.template.json new file mode 100644 index 00000000..ad9d0fb7 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/Claude37TestIntegDefaultTestDeployAssert7B904896.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/integ.json b/test/integ/issue991.integ.snapshot/integ.json new file mode 100644 index 00000000..89853ab0 --- /dev/null +++ b/test/integ/issue991.integ.snapshot/integ.json @@ -0,0 +1,19 @@ +{ + "version": "39.0.0", + "testCases": { + "Claude37Test-Integ/DefaultTest": { + "stacks": [ + "Claude37Test" + ], + "cdkCommandOptions": { + "deploy": { + "args": { + "rollback": false + } + } + }, + "assertionStack": "Claude37Test-Integ/DefaultTest/DeployAssert", + "assertionStackName": "Claude37TestIntegDefaultTestDeployAssert7B904896" + } + } +} \ No newline at end of file diff --git a/test/integ/issue991.integ.snapshot/manifest.json b/test/integ/issue991.integ.snapshot/manifest.json index 96ee2514..00391254 100644 --- a/test/integ/issue991.integ.snapshot/manifest.json +++ b/test/integ/issue991.integ.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/562e7780249315c0b1887c5920287c7bd77b418367039720482c9e3f44ce1da7.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/1f9354e3c8c90e6a6e4f3adf164e2746481f44ff6494e937f784a37964b01274.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/test/integ/issue991.integ.snapshot/tree.json b/test/integ/issue991.integ.snapshot/tree.json index 6520c993..02628321 100644 --- a/test/integ/issue991.integ.snapshot/tree.json +++ b/test/integ/issue991.integ.snapshot/tree.json @@ -89,7 +89,10 @@ "policyDocument": { "Statement": [ { - "Action": "bedrock:InvokeModel", + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ @@ -107,7 +110,7 @@ { "Action": [ "bedrock:GetInferenceProfile", - "bedrock:InvokeModel" + "bedrock:InvokeModel*" ], "Effect": "Allow", "Resource": { @@ -181,14 +184,14 @@ "skipResourceInUseCheckOnDelete": false } ], - "agentName": "test-agent", + "agentName": "test-agent-claude37", "agentResourceRoleArn": { "Fn::GetAtt": [ "AgentRole9D587F56", "Arn" ] }, - "autoPrepare": false, + "autoPrepare": true, "description": "Agent description.", "foundationModel": { "Fn::Join": [ diff --git a/test/integ/issue991.integ.ts b/test/integ/issue991.integ.ts index e69de29b..99c53ae1 100644 --- a/test/integ/issue991.integ.ts +++ b/test/integ/issue991.integ.ts @@ -0,0 +1,57 @@ +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { + BedrockFoundationModel, + CrossRegionInferenceProfile, + CrossRegionInferenceProfileRegion, + Agent, +} from '../../src/cdk-lib/bedrock'; + +class TestStack extends cdk.Stack { + constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { + super(scope, id, props); + + const modelId = 'anthropic.claude-3-7-sonnet-20250219-v1:0'; + const model = BedrockFoundationModel.fromCdkFoundationModelId( + { modelId: modelId }, + { + supportsAgents: true, + supportsCrossRegion: true, + } + ); + + const inferenceProfile = CrossRegionInferenceProfile.fromConfig({ + geoRegion: CrossRegionInferenceProfileRegion.US, + model: model, + }); + + new Agent(this, 'Agent', { + name: 'test-agent-claude37', + instruction: "You're a nice agent saying Konnichiwa in Hiragana at the start of every interaction", + description: 'Agent description.', + foundationModel: inferenceProfile, + shouldPrepareAgent: true, + }); + } +} + +// Integration test +const app = new cdk.App(); +const stack = new TestStack(app, 'Claude37Test', { + env: { + region: 'us-east-1', + }, +}); + +new integ.IntegTest(app, 'Claude37Test-Integ', { + testCases: [stack], + cdkCommandOptions: { + deploy: { + args: { + rollback: false, + }, + }, + }, +}); + +app.synth(); From 1f69bdbe829641725c254fef638a44e08ec60fb1 Mon Sep 17 00:00:00 2001 From: krokoko Date: Thu, 27 Feb 2025 13:46:31 -0600 Subject: [PATCH 3/3] chore(build): fix build and add sonnet 3 7 --- .../bedrock/classes/BedrockFoundationModel.md | 6 +++++ src/cdk-lib/bedrock/models.ts | 25 +++++++++++-------- ...-bedrock-guardrails-integ-test.assets.json | 4 +-- ...edrock-guardrails-integ-test.template.json | 19 ++++++++++---- ...-cdk-bedrock-agents-integ-test.assets.json | 4 +-- ...dk-bedrock-agents-integ-test.template.json | 10 ++++++-- test/integ/issue991.integ.ts | 17 +++++++++++-- 7 files changed, 62 insertions(+), 23 deletions(-) diff --git a/apidocs/namespaces/bedrock/classes/BedrockFoundationModel.md b/apidocs/namespaces/bedrock/classes/BedrockFoundationModel.md index 3f890ecc..882f6d94 100644 --- a/apidocs/namespaces/bedrock/classes/BedrockFoundationModel.md +++ b/apidocs/namespaces/bedrock/classes/BedrockFoundationModel.md @@ -145,6 +145,12 @@ The ARN of the Bedrock invokable abstraction. > `readonly` `static` **ANTHROPIC\_CLAUDE\_3\_5\_SONNET\_V2\_0**: [`BedrockFoundationModel`](BedrockFoundationModel.md) +*** + +### ANTHROPIC\_CLAUDE\_3\_7\_SONNET\_V1\_0 + +> `readonly` `static` **ANTHROPIC\_CLAUDE\_3\_7\_SONNET\_V1\_0**: [`BedrockFoundationModel`](BedrockFoundationModel.md) + ************************************************************************* ANTHROPIC ************************************************************************* diff --git a/src/cdk-lib/bedrock/models.ts b/src/cdk-lib/bedrock/models.ts index 8000e65f..b19d87b9 100644 --- a/src/cdk-lib/bedrock/models.ts +++ b/src/cdk-lib/bedrock/models.ts @@ -138,34 +138,39 @@ export class BedrockFoundationModel implements IInvokable { /**************************************************************************** * ANTHROPIC ***************************************************************************/ + public static readonly ANTHROPIC_CLAUDE_3_7_SONNET_V1_0 = new BedrockFoundationModel( + 'anthropic.claude-3-7-sonnet-20250219-v1:0', + { supportsAgents: true, supportsCrossRegion: true }, + ); + public static readonly ANTHROPIC_CLAUDE_3_5_SONNET_V2_0 = new BedrockFoundationModel( 'anthropic.claude-3-5-sonnet-20241022-v2:0', - { supportsAgents: true, supportsCrossRegion: true } + { supportsAgents: true, supportsCrossRegion: true }, ); public static readonly ANTHROPIC_CLAUDE_3_5_SONNET_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-5-sonnet-20240620-v1:0', - { supportsAgents: true, supportsCrossRegion: true } + { supportsAgents: true, supportsCrossRegion: true }, ); public static readonly ANTHROPIC_CLAUDE_3_5_HAIKU_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-5-haiku-20241022-v1:0', - { supportsAgents: true, supportsCrossRegion: true } + { supportsAgents: true, supportsCrossRegion: true }, ); public static readonly ANTHROPIC_CLAUDE_OPUS_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-opus-20240229-v1:0', - { supportsAgents: true } + { supportsAgents: true }, ); public static readonly ANTHROPIC_CLAUDE_SONNET_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-sonnet-20240229-v1:0', - { supportsAgents: true, supportsCrossRegion: true } + { supportsAgents: true, supportsCrossRegion: true }, ); public static readonly ANTHROPIC_CLAUDE_HAIKU_V1_0 = new BedrockFoundationModel( 'anthropic.claude-3-haiku-20240307-v1:0', - { supportsAgents: true, supportsCrossRegion: true } + { supportsAgents: true, supportsCrossRegion: true }, ); public static readonly ANTHROPIC_CLAUDE_V2_1 = new BedrockFoundationModel('anthropic.claude-v2:1', { @@ -206,14 +211,14 @@ export class BedrockFoundationModel implements IInvokable { 'meta.llama3-1-70b-instruct-v1:0', { supportsCrossRegion: true, - } + }, ); public static readonly META_LLAMA_3_2_11B_INSTRUCT_V1 = new BedrockFoundationModel( 'meta.llama3-2-11b-instruct-v1:0', { supportsCrossRegion: true, - } + }, ); public static readonly META_LLAMA_3_2_3B_INSTRUCT_V1 = new BedrockFoundationModel('meta.llama3-2-3b-instruct-v1:0', { @@ -226,13 +231,13 @@ export class BedrockFoundationModel implements IInvokable { public static fromCdkFoundationModelId( modelId: FoundationModelIdentifier, - props: BedrockFoundationModelProps = {} + props: BedrockFoundationModelProps = {}, ): BedrockFoundationModel { return new BedrockFoundationModel(modelId.modelId, props); } public static fromCdkFoundationModel( modelId: FoundationModel, - props: BedrockFoundationModelProps = {} + props: BedrockFoundationModelProps = {}, ): BedrockFoundationModel { return new BedrockFoundationModel(modelId.modelId, props); } diff --git a/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.assets.json b/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.assets.json index a7a75bae..5980acb9 100644 --- a/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.assets.json +++ b/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.assets.json @@ -1,7 +1,7 @@ { "version": "39.0.0", "files": { - "fc1142f404eb5443446b22592dc6d75ae8c80055bfb9474da78f4254ae394a4f": { + "ea52821b2f897f4747652193704dc57b09f387d548e94159a698de2d27cca5ca": { "source": { "path": "aws-cdk-bedrock-guardrails-integ-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-eu-central-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-eu-central-1", - "objectKey": "fc1142f404eb5443446b22592dc6d75ae8c80055bfb9474da78f4254ae394a4f.json", + "objectKey": "ea52821b2f897f4747652193704dc57b09f387d548e94159a698de2d27cca5ca.json", "region": "eu-central-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-eu-central-1" } diff --git a/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.template.json b/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.template.json index 76ccbdeb..ff77b88c 100644 --- a/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.template.json +++ b/test/integ/inference-profiles.integ.snapshot/aws-cdk-bedrock-guardrails-integ-test.template.json @@ -49,7 +49,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "bedrock:InvokeModel", + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ @@ -178,7 +181,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "bedrock:InvokeModel", + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ @@ -196,7 +202,7 @@ { "Action": [ "bedrock:GetInferenceProfile", - "bedrock:InvokeModel" + "bedrock:InvokeModel*" ], "Effect": "Allow", "Resource": { @@ -368,7 +374,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "bedrock:InvokeModel", + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ @@ -386,7 +395,7 @@ { "Action": [ "bedrock:GetInferenceProfile", - "bedrock:InvokeModel" + "bedrock:InvokeModel*" ], "Effect": "Allow", "Resource": { diff --git a/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.assets.json b/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.assets.json index 03ac2987..43c15f40 100644 --- a/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.assets.json +++ b/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.assets.json @@ -1,7 +1,7 @@ { "version": "39.0.0", "files": { - "edce2cdca448655b4baa3a3f25397547640d54472ced24d6b7c09954e1b4a72c": { + "7e760cbfec7bfb0f842abf3934b793e311a38bd24c9810f722b3e1b8ac300b23": { "source": { "path": "aws-cdk-bedrock-agents-integ-test.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-eu-central-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-eu-central-1", - "objectKey": "edce2cdca448655b4baa3a3f25397547640d54472ced24d6b7c09954e1b4a72c.json", + "objectKey": "7e760cbfec7bfb0f842abf3934b793e311a38bd24c9810f722b3e1b8ac300b23.json", "region": "eu-central-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-eu-central-1" } diff --git a/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.template.json b/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.template.json index 43877a71..cc735eb3 100644 --- a/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.template.json +++ b/test/integ/issue747.integ.snapshot/aws-cdk-bedrock-agents-integ-test.template.json @@ -49,7 +49,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "bedrock:InvokeModel", + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ @@ -220,7 +223,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "bedrock:InvokeModel", + "Action": [ + "bedrock:InvokeModel*", + "bedrock:GetFoundationModel" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ diff --git a/test/integ/issue991.integ.ts b/test/integ/issue991.integ.ts index 99c53ae1..f3963578 100644 --- a/test/integ/issue991.integ.ts +++ b/test/integ/issue991.integ.ts @@ -1,5 +1,18 @@ -import * as cdk from 'aws-cdk-lib'; +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; import { BedrockFoundationModel, CrossRegionInferenceProfile, @@ -17,7 +30,7 @@ class TestStack extends cdk.Stack { { supportsAgents: true, supportsCrossRegion: true, - } + }, ); const inferenceProfile = CrossRegionInferenceProfile.fromConfig({