Skip to content

Commit 0abe589

Browse files
authored
feat: add archive command for batch evaluations and recommendations (#1112) (#1121)
* feat: add archive command for batch evaluations and recommendations. Introduces a new top-level archive command with two subcommands: archive batch-evaluation and archive recommendation. Each calls the corresponding service delete API and removes the matching local .cli/ history file.
1 parent 9a68c33 commit 0abe589

18 files changed

Lines changed: 1323 additions & 28 deletions

File tree

docs/policies/iam-policy-user.json

Lines changed: 163 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,169 @@
159159
"s3:GetObject"
160160
],
161161
"Resource": "*"
162+
},
163+
{
164+
"Sid": "AgentCoreResourceManagement",
165+
"Effect": "Allow",
166+
"Action": [
167+
"bedrock-agentcore:CreateAgentRuntime",
168+
"bedrock-agentcore:UpdateAgentRuntime",
169+
"bedrock-agentcore:DeleteAgentRuntime",
170+
"bedrock-agentcore:ListAgentRuntimes",
171+
"bedrock-agentcore:CreateAgentRuntimeEndpoint",
172+
"bedrock-agentcore:CreateWorkloadIdentity",
173+
"bedrock-agentcore:DeleteWorkloadIdentity",
174+
"bedrock-agentcore:CreateMemory",
175+
"bedrock-agentcore:GetMemory",
176+
"bedrock-agentcore:UpdateMemory",
177+
"bedrock-agentcore:DeleteMemory",
178+
"bedrock-agentcore:ListMemories",
179+
"bedrock-agentcore:CreateEvaluator",
180+
"bedrock-agentcore:DeleteEvaluator",
181+
"bedrock-agentcore:ListOnlineEvaluationConfigs",
182+
"bedrock-agentcore:TagResource",
183+
"bedrock-agentcore:ListTagsForResource",
184+
"bedrock-agentcore:CreateGateway",
185+
"bedrock-agentcore:UpdateGateway",
186+
"bedrock-agentcore:DeleteGateway",
187+
"bedrock-agentcore:GetGateway",
188+
"bedrock-agentcore:ListGateways",
189+
"bedrock-agentcore:CreateGatewayTarget",
190+
"bedrock-agentcore:UpdateGatewayTarget",
191+
"bedrock-agentcore:DeleteGatewayTarget",
192+
"bedrock-agentcore:GetGatewayTarget",
193+
"bedrock-agentcore:SynchronizeGatewayTargets"
194+
],
195+
"Resource": "*"
196+
},
197+
{
198+
"Sid": "CloudFormationFull",
199+
"Effect": "Allow",
200+
"Action": "cloudformation:*",
201+
"Resource": "*"
202+
},
203+
{
204+
"Sid": "SsmParameterLookup",
205+
"Effect": "Allow",
206+
"Action": ["ssm:GetParameters", "ssm:GetParameter"],
207+
"Resource": "*"
208+
},
209+
{
210+
"Sid": "CloudFormationTemplateVerification",
211+
"Effect": "Allow",
212+
"Action": "cloudformation:GetTemplate",
213+
"Resource": "*"
214+
},
215+
{
216+
"Sid": "ImportTestIam",
217+
"Effect": "Allow",
218+
"Action": ["iam:GetRole", "iam:CreateRole", "iam:AttachRolePolicy", "iam:PutRolePolicy"],
219+
"Resource": "arn:aws:iam::ACCOUNT_ID:role/bugbash-agentcore-role"
220+
},
221+
{
222+
"Sid": "ImportTestPassRole",
223+
"Effect": "Allow",
224+
"Action": "iam:PassRole",
225+
"Resource": "arn:aws:iam::ACCOUNT_ID:role/bugbash-agentcore-role",
226+
"Condition": {
227+
"StringEquals": {
228+
"iam:PassedToService": "bedrock-agentcore.amazonaws.com"
229+
}
230+
}
231+
},
232+
{
233+
"Sid": "ImportTestS3",
234+
"Effect": "Allow",
235+
"Action": ["s3:ListBucket", "s3:CreateBucket", "s3:PutObject"],
236+
"Resource": "*"
237+
},
238+
{
239+
"Sid": "SecretsManager",
240+
"Effect": "Allow",
241+
"Action": ["secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret"],
242+
"Resource": "*"
243+
},
244+
{
245+
"Sid": "CustomJwtCognitoSetup",
246+
"Effect": "Allow",
247+
"Action": [
248+
"cognito-idp:CreateUserPool",
249+
"cognito-idp:CreateUserPoolDomain",
250+
"cognito-idp:CreateResourceServer",
251+
"cognito-idp:CreateUserPoolClient",
252+
"cognito-idp:DeleteResourceServer",
253+
"cognito-idp:DeleteUserPoolDomain",
254+
"cognito-idp:DeleteUserPool"
255+
],
256+
"Resource": "*"
257+
},
258+
{
259+
"Sid": "HarnessManagement",
260+
"Effect": "Allow",
261+
"Action": [
262+
"bedrock-agentcore:CreateHarness",
263+
"bedrock-agentcore:GetHarness",
264+
"bedrock-agentcore:UpdateHarness",
265+
"bedrock-agentcore:DeleteHarness",
266+
"bedrock-agentcore:ListHarnesses",
267+
"bedrock-agentcore:InvokeHarness"
268+
],
269+
"Resource": "*"
270+
},
271+
{
272+
"Sid": "HarnessPassRole",
273+
"Effect": "Allow",
274+
"Action": "iam:PassRole",
275+
"Resource": "arn:aws:iam::ACCOUNT_ID:role/*",
276+
"Condition": {
277+
"StringEquals": {
278+
"iam:PassedToService": "bedrock-agentcore.amazonaws.com"
279+
}
280+
}
281+
},
282+
{
283+
"Sid": "ConfigBundleManagement",
284+
"Effect": "Allow",
285+
"Action": [
286+
"bedrock-agentcore:CreateConfigurationBundle",
287+
"bedrock-agentcore:UpdateConfigurationBundle",
288+
"bedrock-agentcore:DeleteConfigurationBundle",
289+
"bedrock-agentcore:GetConfigurationBundle",
290+
"bedrock-agentcore:GetConfigurationBundleVersion",
291+
"bedrock-agentcore:ListConfigurationBundles",
292+
"bedrock-agentcore:ListConfigurationBundleVersions"
293+
],
294+
"Resource": "*"
295+
},
296+
{
297+
"Sid": "HttpGatewayIamRoleManagement",
298+
"Effect": "Allow",
299+
"Action": [
300+
"iam:CreateRole",
301+
"iam:DeleteRole",
302+
"iam:GetRole",
303+
"iam:PutRolePolicy",
304+
"iam:DeleteRolePolicy",
305+
"iam:TagRole",
306+
"iam:PassRole"
307+
],
308+
"Resource": "arn:aws:iam::*:role/AgentCore-*"
309+
},
310+
{
311+
"Sid": "BatchEvalAndRecommendation",
312+
"Effect": "Allow",
313+
"Action": [
314+
"bedrock-agentcore:StartBatchEvaluation",
315+
"bedrock-agentcore:GetBatchEvaluation",
316+
"bedrock-agentcore:ListBatchEvaluations",
317+
"bedrock-agentcore:StopBatchEvaluation",
318+
"bedrock-agentcore:DeleteBatchEvaluation",
319+
"bedrock-agentcore:StartRecommendation",
320+
"bedrock-agentcore:GetRecommendation",
321+
"bedrock-agentcore:ListRecommendations",
322+
"bedrock-agentcore:DeleteRecommendation"
323+
],
324+
"Resource": "*"
162325
}
163326
]
164327
}

0 commit comments

Comments
 (0)