Agent
Resource for managing an AWS Agents for Amazon Bedrock Agent.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const currentGetRegion = aws.getRegion({});
const exampleAgentTrust = Promise.all([current, currentGetRegion, current]).then(([current, currentGetRegion, current1]) => aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
identifiers: ["bedrock.amazonaws.com"],
type: "Service",
}],
conditions: [
{
test: "StringEquals",
values: [current.accountId],
variable: "aws:SourceAccount",
},
{
test: "ArnLike",
values: [`arn:aws:bedrock:${currentGetRegion.name}:${current1.accountId}:agent/*`],
variable: "AWS:SourceArn",
},
],
}],
}));
const example = new aws.iam.Role("example", {
assumeRolePolicy: exampleAgentTrust.then(exampleAgentTrust => exampleAgentTrust.json),
namePrefix: "AmazonBedrockExecutionRoleForAgents_",
});
const exampleAgentPermissions = currentGetRegion.then(currentGetRegion => aws.iam.getPolicyDocument({
statements: [{
actions: ["bedrock:InvokeModel"],
resources: [`arn:aws:bedrock:${currentGetRegion.name}::foundation-model/anthropic.claude-v2`],
}],
}));
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
policy: exampleAgentPermissions.then(exampleAgentPermissions => exampleAgentPermissions.json),
role: example.id,
});
const test = new aws.bedrock.AgentAgent("test", {
agentName: "my-agent-name",
agentResourceRoleArn: example.arn,
idleSessionTtlInSeconds: 500,
foundationModel: "anthropic.claude-v2",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
current_get_region = aws.get_region()
example_agent_trust = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRole"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
identifiers=["bedrock.amazonaws.com"],
type="Service",
)],
conditions=[
aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
values=[current.account_id],
variable="aws:SourceAccount",
),
aws.iam.GetPolicyDocumentStatementConditionArgs(
test="ArnLike",
values=[f"arn:aws:bedrock:{current_get_region.name}:{current.account_id}:agent/*"],
variable="AWS:SourceArn",
),
],
)])
example = aws.iam.Role("example",
assume_role_policy=example_agent_trust.json,
name_prefix="AmazonBedrockExecutionRoleForAgents_")
example_agent_permissions = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["bedrock:InvokeModel"],
resources=[f"arn:aws:bedrock:{current_get_region.name}::foundation-model/anthropic.claude-v2"],
)])
example_role_policy = aws.iam.RolePolicy("example",
policy=example_agent_permissions.json,
role=example.id)
test = aws.bedrock.AgentAgent("test",
agent_name="my-agent-name",
agent_resource_role_arn=example.arn,
idle_session_ttl_in_seconds=500,
foundation_model="anthropic.claude-v2")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var currentGetRegion = Aws.GetRegion.Invoke();
var exampleAgentTrust = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
"bedrock.amazonaws.com",
},
Type = "Service",
},
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Values = new[]
{
current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
},
Variable = "aws:SourceAccount",
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "ArnLike",
Values = new[]
{
$"arn:aws:bedrock:{currentGetRegion.Apply(getRegionResult => getRegionResult.Name)}:{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:agent/*",
},
Variable = "AWS:SourceArn",
},
},
},
},
});
var example = new Aws.Iam.Role("example", new()
{
AssumeRolePolicy = exampleAgentTrust.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
NamePrefix = "AmazonBedrockExecutionRoleForAgents_",
});
var exampleAgentPermissions = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"bedrock:InvokeModel",
},
Resources = new[]
{
$"arn:aws:bedrock:{currentGetRegion.Apply(getRegionResult => getRegionResult.Name)}::foundation-model/anthropic.claude-v2",
},
},
},
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("example", new()
{
Policy = exampleAgentPermissions.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Role = example.Id,
});
var test = new Aws.Bedrock.AgentAgent("test", new()
{
AgentName = "my-agent-name",
AgentResourceRoleArn = example.Arn,
IdleSessionTtlInSeconds = 500,
FoundationModel = "anthropic.claude-v2",
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/bedrock"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, nil, nil);
if err != nil {
return err
}
currentGetRegion, err := aws.GetRegion(ctx, nil, nil);
if err != nil {
return err
}
exampleAgentTrust, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Identifiers: []string{
"bedrock.amazonaws.com",
},
Type: "Service",
},
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Values: interface{}{
current.AccountId,
},
Variable: "aws:SourceAccount",
},
{
Test: "ArnLike",
Values: []string{
fmt.Sprintf("arn:aws:bedrock:%v:%v:agent/*", currentGetRegion.Name, current.AccountId),
},
Variable: "AWS:SourceArn",
},
},
},
},
}, nil);
if err != nil {
return err
}
example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(exampleAgentTrust.Json),
NamePrefix: pulumi.String("AmazonBedrockExecutionRoleForAgents_"),
})
if err != nil {
return err
}
exampleAgentPermissions, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"bedrock:InvokeModel",
},
Resources: []string{
fmt.Sprintf("arn:aws:bedrock:%v::foundation-model/anthropic.claude-v2", currentGetRegion.Name),
},
},
},
}, nil);
if err != nil {
return err
}
_, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{
Policy: pulumi.String(exampleAgentPermissions.Json),
Role: example.ID(),
})
if err != nil {
return err
}
_, err = bedrock.NewAgentAgent(ctx, "test", &bedrock.AgentAgentArgs{
AgentName: pulumi.String("my-agent-name"),
AgentResourceRoleArn: example.Arn,
IdleSessionTtlInSeconds: pulumi.Int(500),
FoundationModel: pulumi.String("anthropic.claude-v2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.bedrock.AgentAgent;
import com.pulumi.aws.bedrock.AgentAgentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity();
final var currentGetRegion = AwsFunctions.getRegion();
final var exampleAgentTrust = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("bedrock.amazonaws.com")
.type("Service")
.build())
.conditions(
GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.values(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()))
.variable("aws:SourceAccount")
.build(),
GetPolicyDocumentStatementConditionArgs.builder()
.test("ArnLike")
.values(String.format("arn:aws:bedrock:%s:%s:agent/*", currentGetRegion.applyValue(getRegionResult -> getRegionResult.name()),current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId())))
.variable("AWS:SourceArn")
.build())
.build())
.build());
var example = new Role("example", RoleArgs.builder()
.assumeRolePolicy(exampleAgentTrust.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.namePrefix("AmazonBedrockExecutionRoleForAgents_")
.build());
final var exampleAgentPermissions = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("bedrock:InvokeModel")
.resources(String.format("arn:aws:bedrock:%s::foundation-model/anthropic.claude-v2", currentGetRegion.applyValue(getRegionResult -> getRegionResult.name())))
.build())
.build());
var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()
.policy(exampleAgentPermissions.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.role(example.id())
.build());
var test = new AgentAgent("test", AgentAgentArgs.builder()
.agentName("my-agent-name")
.agentResourceRoleArn(example.arn())
.idleSessionTtlInSeconds(500)
.foundationModel("anthropic.claude-v2")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:iam:Role
properties:
assumeRolePolicy: ${exampleAgentTrust.json}
namePrefix: AmazonBedrockExecutionRoleForAgents_
exampleRolePolicy:
type: aws:iam:RolePolicy
name: example
properties:
policy: ${exampleAgentPermissions.json}
role: ${example.id}
test:
type: aws:bedrock:AgentAgent
properties:
agentName: my-agent-name
agentResourceRoleArn: ${example.arn}
idleSessionTtlInSeconds: 500
foundationModel: anthropic.claude-v2
variables:
exampleAgentTrust:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
principals:
- identifiers:
- bedrock.amazonaws.com
type: Service
conditions:
- test: StringEquals
values:
- ${current.accountId}
variable: aws:SourceAccount
- test: ArnLike
values:
- arn:aws:bedrock:${currentGetRegion.name}:${current.accountId}:agent/*
variable: AWS:SourceArn
exampleAgentPermissions:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- bedrock:InvokeModel
resources:
- arn:aws:bedrock:${currentGetRegion.name}::foundation-model/anthropic.claude-v2
current:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}
currentGetRegion:
fn::invoke:
Function: aws:getRegion
Arguments: {}Content copied to clipboard
Import
Using pulumi import, import Agents for Amazon Bedrock Agent using the abcdef1234. For example:
$ pulumi import aws:bedrock/agentAgent:AgentAgent example abcdef1234Content copied to clipboard
//////
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard