diff --git a/agentcore-deployment/agentcore_iam_policy.json b/agentcore-deployment/agentcore_iam_policy.json index d40a5b9..6d2f9f8 100644 --- a/agentcore-deployment/agentcore_iam_policy.json +++ b/agentcore-deployment/agentcore_iam_policy.json @@ -102,20 +102,20 @@ ] }, { - "Sid": "CloudWatchLogsAccess", - "Effect": "Allow", - "Action": [ - "logs:GetLogEvents", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/bedrock-agentcore/*", - "arn:aws:logs:*:*:log-group:/aws/codebuild/*" - ] + "Sid": "CloudWatchLogsAccess", + "Effect": "Allow", + "Action": [ + "logs:GetLogEvents", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": [ + "arn:aws:logs:*:*:log-group:/aws/bedrock-agentcore/*", + "arn:aws:logs:*:*:log-group:/aws/codebuild/*" + ] }, { "Sid": "CreateBedrockAgentCoreRuntimeIdentityServiceLinkedRolePermissions", @@ -129,85 +129,85 @@ } }, { - "Sid": "AllowAnthropicAndAmazonModelsOnly", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:*:*:inference-profile/us.anthropic.claude-sonnet-4-20250514-v1:0", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-sonnet-4-20250514-v1:0" - ] - }, - { - "Sid": "GrantGlobalCrisInferenceProfileRegionAccess", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:us-east-1:*:inference-profile/global.anthropic.claude-sonnet-4-20250514-v1:0" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": "us-east-1" - } + "Sid": "AllowAnthropicAndAmazonModelsOnly", + "Effect": "Allow", + "Action": [ + "bedrock:InvokeModel", + "bedrock:InvokeModelWithResponseStream" + ], + "Resource": [ + "arn:aws:bedrock:*:*:inference-profile/us.anthropic.claude-sonnet-4-6", + "arn:aws:bedrock:*::foundation-model/anthropic.anthropic.claude-sonnet-4-6" + ] + }, + { + "Sid": "GrantGlobalCrisInferenceProfileRegionAccess", + "Effect": "Allow", + "Action": [ + "bedrock:InvokeModel", + "bedrock:InvokeModelWithResponseStream" + ], + "Resource": [ + "arn:aws:bedrock:us-east-1:*:inference-profile/global.anthropic.claude-sonnet-4-6" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": "us-east-1" } - }, - { - "Sid": "GrantGlobalCrisInferenceProfileInRegionModelAccess", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-20250514-v1:0" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": "us-east-1", - "bedrock:InferenceProfileArn": "arn:aws:bedrock:us-east-1:*:inference-profile/global.anthropic.claude-sonnet-4-20250514-v1:0" - } + } + }, + { + "Sid": "GrantGlobalCrisInferenceProfileInRegionModelAccess", + "Effect": "Allow", + "Action": [ + "bedrock:InvokeModel", + "bedrock:InvokeModelWithResponseStream" + ], + "Resource": [ + "arn:aws:bedrock:us-east-1::foundation-model/.anthropic.claude-sonnet-4-6" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": "us-east-1", + "bedrock:InferenceProfileArn": "arn:aws:bedrock:us-east-1:*:inference-profile/global.anthropic.claude-sonnet-4-6" } - }, - { - "Sid": "GrantGlobalCrisInferenceProfileGlobalModelAccess", - "Effect": "Allow", - "Action": [ - "bedrock:InvokeModel", - "bedrock:InvokeModelWithResponseStream" - ], - "Resource": [ - "arn:aws:bedrock:::foundation-model/anthropic.claude-sonnet-4-20250514-v1:0" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": "unspecified", - "bedrock:InferenceProfileArn": "arn:aws:bedrock:us-east-1:*:inference-profile/global.anthropic.claude-sonnet-4-20250514-v1:0" - } + } + }, + { + "Sid": "GrantGlobalCrisInferenceProfileGlobalModelAccess", + "Effect": "Allow", + "Action": [ + "bedrock:InvokeModel", + "bedrock:InvokeModelWithResponseStream" + ], + "Resource": [ + "arn:aws:bedrock:::foundation-model/anthropic.claude-sonnet-4-6" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": "unspecified", + "bedrock:InferenceProfileArn": "arn:aws:bedrock:us-east-1:*:inference-profile/global.anthropic.claude-sonnet-4-6" } - }, - { - "Sid": "AllowOnlySpecificMarketplaceSubscription", - "Effect": "Allow", - "Action": [ - "aws-marketplace:ViewSubscriptions", - "aws-marketplace:Subscribe" - ], - "Resource": "*", - "Condition": { - "ForAllValues:StringEquals": { - "aws-marketplace:ProductId": [ - "prod-4pmewlybdftbs" - ] - }, - "StringEquals": { - "aws:CalledViaLast": "bedrock.amazonaws.com" - } + } + }, + { + "Sid": "AllowOnlySpecificMarketplaceSubscription", + "Effect": "Allow", + "Action": [ + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:Subscribe" + ], + "Resource": "*", + "Condition": { + "ForAllValues:StringEquals": { + "aws-marketplace:ProductId": [ + "prod-4pmewlybdftbs" + ] + }, + "StringEquals": { + "aws:CalledViaLast": "bedrock.amazonaws.com" } } - ] -} + } + ] +} \ No newline at end of file diff --git a/agentcore-deployment/blockchain_agent_agentcore.py b/agentcore-deployment/blockchain_agent_agentcore.py index 5e328ce..6894b85 100644 --- a/agentcore-deployment/blockchain_agent_agentcore.py +++ b/agentcore-deployment/blockchain_agent_agentcore.py @@ -70,7 +70,7 @@ def initialize_blockchain_agent(): mcp_client = MCPClient(lambda: stdio_client( StdioServerParameters( command="uvx", - args=["awslabs.aws-dataprocessing-mcp-server@latest"] + args=["awslabs.aws-dataprocessing-mcp-server@latest", "--allow-sensitive-data-access"] ) ))