|
159 | 159 | "s3:GetObject" |
160 | 160 | ], |
161 | 161 | "Resource": "*" |
| 162 | + }, |
| 163 | + { |
| 164 | + "Sid": "AgentCoreResourceManagement", |
| 165 | + "Effect": "Allow", |
| 166 | + "Action": [ |
| 167 | + "bedrock-agentcore:CreateAgentRuntime", |
| 168 | + "bedrock-agentcore:UpdateAgentRuntime", |
| 169 | + "bedrock-agentcore:DeleteAgentRuntime", |
| 170 | + "bedrock-agentcore:ListAgentRuntimes", |
| 171 | + "bedrock-agentcore:CreateAgentRuntimeEndpoint", |
| 172 | + "bedrock-agentcore:CreateWorkloadIdentity", |
| 173 | + "bedrock-agentcore:DeleteWorkloadIdentity", |
| 174 | + "bedrock-agentcore:CreateMemory", |
| 175 | + "bedrock-agentcore:GetMemory", |
| 176 | + "bedrock-agentcore:UpdateMemory", |
| 177 | + "bedrock-agentcore:DeleteMemory", |
| 178 | + "bedrock-agentcore:ListMemories", |
| 179 | + "bedrock-agentcore:CreateEvaluator", |
| 180 | + "bedrock-agentcore:DeleteEvaluator", |
| 181 | + "bedrock-agentcore:ListOnlineEvaluationConfigs", |
| 182 | + "bedrock-agentcore:TagResource", |
| 183 | + "bedrock-agentcore:ListTagsForResource", |
| 184 | + "bedrock-agentcore:CreateGateway", |
| 185 | + "bedrock-agentcore:UpdateGateway", |
| 186 | + "bedrock-agentcore:DeleteGateway", |
| 187 | + "bedrock-agentcore:GetGateway", |
| 188 | + "bedrock-agentcore:ListGateways", |
| 189 | + "bedrock-agentcore:CreateGatewayTarget", |
| 190 | + "bedrock-agentcore:UpdateGatewayTarget", |
| 191 | + "bedrock-agentcore:DeleteGatewayTarget", |
| 192 | + "bedrock-agentcore:GetGatewayTarget", |
| 193 | + "bedrock-agentcore:SynchronizeGatewayTargets" |
| 194 | + ], |
| 195 | + "Resource": "*" |
| 196 | + }, |
| 197 | + { |
| 198 | + "Sid": "CloudFormationFull", |
| 199 | + "Effect": "Allow", |
| 200 | + "Action": "cloudformation:*", |
| 201 | + "Resource": "*" |
| 202 | + }, |
| 203 | + { |
| 204 | + "Sid": "SsmParameterLookup", |
| 205 | + "Effect": "Allow", |
| 206 | + "Action": ["ssm:GetParameters", "ssm:GetParameter"], |
| 207 | + "Resource": "*" |
| 208 | + }, |
| 209 | + { |
| 210 | + "Sid": "CloudFormationTemplateVerification", |
| 211 | + "Effect": "Allow", |
| 212 | + "Action": "cloudformation:GetTemplate", |
| 213 | + "Resource": "*" |
| 214 | + }, |
| 215 | + { |
| 216 | + "Sid": "ImportTestIam", |
| 217 | + "Effect": "Allow", |
| 218 | + "Action": ["iam:GetRole", "iam:CreateRole", "iam:AttachRolePolicy", "iam:PutRolePolicy"], |
| 219 | + "Resource": "arn:aws:iam::ACCOUNT_ID:role/bugbash-agentcore-role" |
| 220 | + }, |
| 221 | + { |
| 222 | + "Sid": "ImportTestPassRole", |
| 223 | + "Effect": "Allow", |
| 224 | + "Action": "iam:PassRole", |
| 225 | + "Resource": "arn:aws:iam::ACCOUNT_ID:role/bugbash-agentcore-role", |
| 226 | + "Condition": { |
| 227 | + "StringEquals": { |
| 228 | + "iam:PassedToService": "bedrock-agentcore.amazonaws.com" |
| 229 | + } |
| 230 | + } |
| 231 | + }, |
| 232 | + { |
| 233 | + "Sid": "ImportTestS3", |
| 234 | + "Effect": "Allow", |
| 235 | + "Action": ["s3:ListBucket", "s3:CreateBucket", "s3:PutObject"], |
| 236 | + "Resource": "*" |
| 237 | + }, |
| 238 | + { |
| 239 | + "Sid": "SecretsManager", |
| 240 | + "Effect": "Allow", |
| 241 | + "Action": ["secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret"], |
| 242 | + "Resource": "*" |
| 243 | + }, |
| 244 | + { |
| 245 | + "Sid": "CustomJwtCognitoSetup", |
| 246 | + "Effect": "Allow", |
| 247 | + "Action": [ |
| 248 | + "cognito-idp:CreateUserPool", |
| 249 | + "cognito-idp:CreateUserPoolDomain", |
| 250 | + "cognito-idp:CreateResourceServer", |
| 251 | + "cognito-idp:CreateUserPoolClient", |
| 252 | + "cognito-idp:DeleteResourceServer", |
| 253 | + "cognito-idp:DeleteUserPoolDomain", |
| 254 | + "cognito-idp:DeleteUserPool" |
| 255 | + ], |
| 256 | + "Resource": "*" |
| 257 | + }, |
| 258 | + { |
| 259 | + "Sid": "HarnessManagement", |
| 260 | + "Effect": "Allow", |
| 261 | + "Action": [ |
| 262 | + "bedrock-agentcore:CreateHarness", |
| 263 | + "bedrock-agentcore:GetHarness", |
| 264 | + "bedrock-agentcore:UpdateHarness", |
| 265 | + "bedrock-agentcore:DeleteHarness", |
| 266 | + "bedrock-agentcore:ListHarnesses", |
| 267 | + "bedrock-agentcore:InvokeHarness" |
| 268 | + ], |
| 269 | + "Resource": "*" |
| 270 | + }, |
| 271 | + { |
| 272 | + "Sid": "HarnessPassRole", |
| 273 | + "Effect": "Allow", |
| 274 | + "Action": "iam:PassRole", |
| 275 | + "Resource": "arn:aws:iam::ACCOUNT_ID:role/*", |
| 276 | + "Condition": { |
| 277 | + "StringEquals": { |
| 278 | + "iam:PassedToService": "bedrock-agentcore.amazonaws.com" |
| 279 | + } |
| 280 | + } |
| 281 | + }, |
| 282 | + { |
| 283 | + "Sid": "ConfigBundleManagement", |
| 284 | + "Effect": "Allow", |
| 285 | + "Action": [ |
| 286 | + "bedrock-agentcore:CreateConfigurationBundle", |
| 287 | + "bedrock-agentcore:UpdateConfigurationBundle", |
| 288 | + "bedrock-agentcore:DeleteConfigurationBundle", |
| 289 | + "bedrock-agentcore:GetConfigurationBundle", |
| 290 | + "bedrock-agentcore:GetConfigurationBundleVersion", |
| 291 | + "bedrock-agentcore:ListConfigurationBundles", |
| 292 | + "bedrock-agentcore:ListConfigurationBundleVersions" |
| 293 | + ], |
| 294 | + "Resource": "*" |
| 295 | + }, |
| 296 | + { |
| 297 | + "Sid": "HttpGatewayIamRoleManagement", |
| 298 | + "Effect": "Allow", |
| 299 | + "Action": [ |
| 300 | + "iam:CreateRole", |
| 301 | + "iam:DeleteRole", |
| 302 | + "iam:GetRole", |
| 303 | + "iam:PutRolePolicy", |
| 304 | + "iam:DeleteRolePolicy", |
| 305 | + "iam:TagRole", |
| 306 | + "iam:PassRole" |
| 307 | + ], |
| 308 | + "Resource": "arn:aws:iam::*:role/AgentCore-*" |
| 309 | + }, |
| 310 | + { |
| 311 | + "Sid": "BatchEvalAndRecommendation", |
| 312 | + "Effect": "Allow", |
| 313 | + "Action": [ |
| 314 | + "bedrock-agentcore:StartBatchEvaluation", |
| 315 | + "bedrock-agentcore:GetBatchEvaluation", |
| 316 | + "bedrock-agentcore:ListBatchEvaluations", |
| 317 | + "bedrock-agentcore:StopBatchEvaluation", |
| 318 | + "bedrock-agentcore:DeleteBatchEvaluation", |
| 319 | + "bedrock-agentcore:StartRecommendation", |
| 320 | + "bedrock-agentcore:GetRecommendation", |
| 321 | + "bedrock-agentcore:ListRecommendations", |
| 322 | + "bedrock-agentcore:DeleteRecommendation" |
| 323 | + ], |
| 324 | + "Resource": "*" |
162 | 325 | } |
163 | 326 | ] |
164 | 327 | } |
0 commit comments