Merge pull request #75 from aws-samples/latest-bedrock-version

alexa-perlov · web-flow · commit 0569af52ab25 · 2025-01-27T15:18:53.000-05:00
bumping to latest bedrock module version and removing redundant iam
diff --git a/samples/bedrock-agent/README.md b/samples/bedrock-agent/README.md
@@ -85,7 +85,7 @@ This project is built using [Terraform](https://www.terraform.io/). See [Getting
    ```shell
    python -m venv .venv
    source .venv/bin/activate
-   pip install poetry
+   pip install poetry==1.8.3
    ```
 
 4. Initialize the neccessary Terraform providers.
diff --git a/samples/bedrock-agent/main.tf b/samples/bedrock-agent/main.tf
@@ -14,7 +14,7 @@ provider "opensearch" {
 module "bedrock" {
   #checkov:skip=CKV_TF_1:Terraform registry has no ability to use a commit hash
   source                       = "aws-ia/bedrock/aws"
-  version                      = "0.0.5"
+  version                      = "0.0.7"
   create_kb                    = true
   create_default_kb            = true
   create_agent                 = true
@@ -47,24 +47,3 @@ module "lambda" {
     }
   ]
 }
-
-resource "aws_lambda_permission" "allow_bedrock_agent" {
-  action        = "lambda:InvokeFunction"
-  function_name = module.lambda.lambda_function_arn
-  principal     = "bedrock.amazonaws.com"
-  source_arn    = module.bedrock.bedrock_agent[0].agent_arn
-}
-
-resource "aws_iam_role_policy" "agent_policy" {
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect   = "Allow"
-        Action   = "lambda:InvokeModel"
-        Resource = module.lambda.lambda_function_arn
-      }
-    ]
-  })
-  role = split("/", provider::aws::arn_parse(module.bedrock.bedrock_agent[0].agent_resource_role_arn).resource)[1]
-}
diff --git a/samples/bedrock-guardrails/main.tf b/samples/bedrock-guardrails/main.tf
@@ -1,7 +1,7 @@
 module "bedrock_withoutguardrail" {
   #checkov:skip=CKV_TF_1:Terraform registry has no ability to use a commit hash
   source                = "aws-ia/bedrock/aws"
-  version               = "0.0.6"
+  version               = "0.0.7"
   create_kb             = false
   create_default_kb     = false
   create_s3_data_source = false
@@ -17,7 +17,7 @@ module "bedrock_withoutguardrail" {
 module "bedrock_withguardrail" {
   #checkov:skip=CKV_TF_1:Terraform registry has no ability to use a commit hash
   source                = "aws-ia/bedrock/aws"
-  version               = "0.0.6"
+  version               = "0.0.7"
   create_kb             = false
   create_default_kb     = false
   create_s3_data_source = false
@@ -38,19 +38,3 @@ module "bedrock_withguardrail" {
   blocked_input_messaging   = var.blocked_input_messaging
   blocked_outputs_messaging = var.blocked_outputs_messaging
 }
-
-resource "aws_iam_role_policy" "guardrail_policy" {
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = [
-          "bedrock:ApplyGuardrail",
-        ]
-        Resource = module.bedrock_withguardrail.bedrock_agent[0].guardrail_configuration.guardrail_identifier
-      }
-    ]
-  })
-  role = split("/", provider::aws::arn_parse(module.bedrock_withguardrail.bedrock_agent[0].agent_resource_role_arn).resource)[1]
-}
