Aws bedrock creation issue

578vinnu · February 10, 2025, 3:41pm

terraform {
required_providers {
opensearch = {
source = “opensearch-project/opensearch”
version = “= 2.2.0”
}
}
}

locals {

collection_name = var.collection_name != “”? var.collection_name : “default-collection-name”

}

resource “aws_opensearchserverless_collection” “vector-collection” {
name = var.collection_name
description = var.collection_description
type = “VECTORSEARCH”
depends_on = [aws_opensearchserverless_security_policy.vector-collection-policy]
}

Opensearch provider Index

provider “opensearch” {
url = aws_opensearchserverless_collection.vector-collection.collection_endpoint
healthcheck = false
}

Index

resource “opensearch_index” “bedrock-knowledge-base-default-index” {
name = var.index_name
number_of_shards = var.number_of_shards
number_of_replicas = var.number_of_replicas
index_knn = var.index_knn
index_knn_algo_param_ef_search = var.index_knn_algo_param_ef_search
mappings = var.mappings
force_destroy = var.force_destroy
depends_on = [aws_opensearchserverless_collection.vector-collection]
}

Kms

resource “aws_kms_key” “vector-kms” {
description = var.kms_key_description
enable_key_rotation = var.enable_key_rotation
}

Encryption Plicy

resource “aws_opensearchserverless_security_policy” “vector-collection-policy” {
name = var.security_policy_name
type = “encryption”
policy = jsonencode({
“Rules” = [
{
“Resource” = [
“collection/coll*”
],
“ResourceType” = “collection”
}
],
“AWSOwnedKey” = true
})
}

Network Policy

resource “aws_opensearchserverless_security_policy” “vector-collection-network” {
name = var.network_security_policy_name
type = “network”
description = var.network_security_policy_description
depends_on = [ aws_opensearchserverless_collection.vector-collection ]
policy = jsonencode([
{
Description = “Public access to collection and Dashboards endpoint for example collection”,
Rules = [
{
ResourceType = “collection”,
Resource = [
“collection/{var.collection_name}*" ] }, { ResourceType = "dashboard", Resource = [ "collection/{var.collection_name}”
]
}
],
AllowFromPublic = true
}
])
}

data “aws_caller_identity” “current” {}

Data policy

resource “aws_opensearchserverless_access_policy” “vector-collection-data” {
name = var.data_access_policy_name
type = “data”
depends_on = [ aws_opensearchserverless_collection.vector-collection ]
description = var.data_access_policy_description
policy = jsonencode([
{
Rules = [
{
ResourceType = “index”,
Resource = [
“index/{var.collection_name}/*" ], Permission = [ "aoss:*" ] }, { ResourceType = "collection", Resource = [ "collection/{var.collection_name}"
],
Permission = [
"aoss:”
]
}
],
Principal = [
data.aws_caller_identity.current.arn,
var.knowledge_base_role_arn
]
}
])
}

Knowledge_Base

resource “aws_bedrockagent_knowledge_base” “knowledge_base” {
name = var.knowledge_base_name
role_arn = var.knowledge_base_role_arn
knowledge_base_configuration {
vector_knowledge_base_configuration {
embedding_model_arn = var.embedding_model_arn
}
type = “VECTOR”
}
storage_configuration {
type = “OPENSEARCH_SERVERLESS”
opensearch_serverless_configuration {
collection_arn = aws_opensearchserverless_collection.vector-collection.arn
vector_index_name = var.index_name
field_mapping {
vector_field = var.vector_field
text_field = var.text_field
metadata_field = var.metadata_field
}
}
}
depends_on = [aws_opensearchserverless_collection.vector-collection,opensearch_index.bedrock-knowledge-base-default-index,aws_opensearchserverless_security_policy.vector-collection-policy,aws_opensearchserverless_access_policy.vector-collection-data,aws_opensearchserverless_security_policy.vector-collection-network]
}

This is my terraform code, everything is fine, it is creating all the resource but while creating knowledgebase. I am getting error -
2025-02-10T14:22:09.6596905Z e[31m│e[0m e[0me[1me[31mError: e[0me[0me[1mcreating Bedrock Agent Knowledge Basee[0m
2025-02-10T14:22:09.6597222Z e[31m│e[0m e[0m
2025-02-10T14:22:09.6597512Z e[31m│e[0m e[0me[0m with module.knowledgebase.aws_bedrockagent_knowledge_base.knowledge_base,
2025-02-10T14:22:09.6597957Z e[31m│e[0m e[0m on modules/knowledgebase/main.tf line 132, in resource “aws_bedrockagent_knowledge_base” “knowledge_base”:
2025-02-10T14:22:09.6598653Z e[31m│e[0m e[0m 132: resource “aws_bedrockagent_knowledge_base” “knowledge_base” e[4m{e[0me[0m
2025-02-10T14:22:09.6598949Z e[31m│e[0m e[0m
2025-02-10T14:22:09.6599224Z e[31m│e[0m e[0moperation error Bedrock Agent: CreateKnowledgeBase, https response error
2025-02-10T14:22:09.6599594Z e[31m│e[0m e[0mStatusCode: 400, RequestID: 68e57361-2118-418b-aad0-5fd1844d59c4,
2025-02-10T14:22:09.6600287Z e[31m│e[0m e[0mValidationException: The knowledge base storage configuration provided is
2025-02-10T14:22:09.6600679Z e[31m│e[0m e[0minvalid… Dependency error document status code: 403, error message: Bad
2025-02-10T14:22:09.6600989Z e[31m│e[0m e[0mAuthorization
2025-02-10T14:22:09.6601241Z e[31m╵e[0me[0m
2025-02-10T14:22:09.6680547Z

Topic		Replies	Views
Facing issue with the terraform file CDK for Terraform	0	172	March 22, 2024
Provider within module Terraform	5	2045	July 20, 2021
Terraform init fails AWS	1	166	March 25, 2024
Https://github.com/hashicorp/terraform/issues/32754 AWS	0	1194	March 6, 2023
CSV driven terraform deployment for creating resources using for_each expressions Terraform	1	1251	July 7, 2020