Permissions for Automated Reasoning policies with agents

When you create an agent in Amazon Bedrock, the service role for the agent automatically includes policies for invoking guardrails (bedrock:ApplyGuardrail) and foundation models. To attach a guardrail that includes an Automated Reasoning policy to your agent, manually add permissions to the agent's service role.

Update the AmazonBedrockAgentBedrockApplyGuardrailPolicy policy on your agent's service role to include the bedrock:GetGuardrail action and access to guardrail profiles. Then, add a separate statement that grants the bedrock:InvokeAutomatedReasoningPolicy action for your Automated Reasoning policy resource.

The following example shows the complete statements list:



    "Statement": [
        {
            "Sid": "AmazonBedrockAgentBedrockApplyGuardrailPolicyProd",
            "Effect": "Allow",
            "Action": [
                "bedrock:ApplyGuardrail",
                "bedrock:GetGuardrail"
            ],
            "Resource": [
                "arn:aws:bedrock:region:account-id:guardrail/guardrail-id",
                "arn:aws:bedrock:*:account-id:guardrail-profile/*"
            ]
        },
        {
            "Sid": "InvokeAutomatedReasoningPolicyProd",
            "Effect": "Allow",
            "Action": "bedrock:InvokeAutomatedReasoningPolicy",
            "Resource": [
                "arn:aws:bedrock:region:account-id:automated-reasoning-policy/policy-id:policy-version"
            ]
        }
    ]

Note

The existing AmazonBedrockAgentBedrockFoundationModelPolicy on your agent's service role does not need to be modified. Only the AmazonBedrockAgentBedrockApplyGuardrailPolicy requires the changes described above.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Permissions for Automated Reasoning policies

(Optional) Permissions for encrypting a guardrail