- 给iam role加上订阅marketplace产品的权限,或者用管理员账户发一个模型推理请求(自动触发订阅)
- 模型对应的产品id 见https://docs.aws.amazon.com/bedrock/latest/userguide/model-access-product-ids.html
Created
December 8, 2025 02:14
-
-
Save ensean/9c9b2f6df2bf9d85cefb80a34ff711c7 to your computer and use it in GitHub Desktop.
IAM min policy for specific 3rd party model usage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AllowAnthropicAndAmazonModelsOnly", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "bedrock:InvokeModel", | |
| "bedrock:InvokeModelWithResponseStream" | |
| ], | |
| "Resource": [ | |
| "arn:aws:bedrock:*::inference-profile/us.anthropic.claude-haiku-4-5-20251001-v1:0", | |
| "arn:aws:bedrock:*::foundation-model/anthropic.claude-haiku-4-5-20251001-v1:0", | |
| "arn:aws:bedrock:*::inference-profile/us.anthropic.claude-3-7-sonnet-20250219-v1:0", | |
| "arn:aws:bedrock:*::foundation-model/anthropic.claude-3-7-sonnet-20250219-v1:0", | |
| "arn:aws:bedrock:*::inference-profile/us.anthropic.claude-sonnet-4-20250514-v1:0", | |
| "arn:aws:bedrock:*::foundation-model/anthropic.claude-sonnet-4-20250514-v1:0" | |
| ] | |
| }, | |
| { | |
| "Sid": "AllowOnlySpecificMarketplaceSubscription", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "aws-marketplace:ViewSubscriptions", | |
| "aws-marketplace:Subscribe" | |
| ], | |
| "Resource": "*", | |
| "Condition": { | |
| "ForAllValues:StringEquals": { | |
| "aws-marketplace:ProductId": [ | |
| "prod-4pmewlybdftbs", | |
| "prod-xdkflymybwmvi", | |
| "prod-4dlfvry4v5hbi" | |
| ] | |
| }, | |
| "StringEquals": { | |
| "aws:CalledViaLast": "bedrock.amazonaws.com" | |
| } | |
| } | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment