Amazon Bedrock (IAM)

aws ml

Amazon Bedrock is a fully managed service that makes foundation models from leading AI companies accessible via an API to build generative AI applications.

Common permissions

bedrock:ListAgentsbedrock:GetAgentbedrock:InvokeAgentbedrock:ListFlowsbedrock:GetFlowbedrock:InvokeFlowbedrock:ListPromptsbedrock:GetPrompt

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:ListAgents",
        "bedrock:GetAgent",
        "bedrock:InvokeAgent",
        "bedrock:ListFlows",
        "bedrock:GetFlow",
        "bedrock:InvokeFlow",
        "bedrock:ListPrompts",
        "bedrock:GetPrompt"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid bedrock:* — grants full control including delete and modify of agents, flows, and prompts
Avoid bedrock:DeleteAgent and bedrock:DeleteFlow unless explicitly needed for cleanup

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/bedrock/bedrock.json ↗

API

full doc /v1/iam/bedrock