bumping to latest bedrock module version and removing redundant iam

alperlov · alperlov · commit 1cd9ec2f00f3 · 2025-01-14T12:11:51.000-05:00
diff --git a/samples/bedrock-agent/main.tf b/samples/bedrock-agent/main.tf
@@ -14,7 +14,7 @@ provider "opensearch" {
 module "bedrock" {
   #checkov:skip=CKV_TF_1:Terraform registry has no ability to use a commit hash
   source                       = "aws-ia/bedrock/aws"
-  version                      = "0.0.5"
+  version                      = "0.0.6"
   create_kb                    = true
   create_default_kb            = true
   create_agent                 = true
@@ -47,24 +47,3 @@ module "lambda" {
     }
   ]
 }
-
-resource "aws_lambda_permission" "allow_bedrock_agent" {
-  action        = "lambda:InvokeFunction"
-  function_name = module.lambda.lambda_function_arn
-  principal     = "bedrock.amazonaws.com"
-  source_arn    = module.bedrock.bedrock_agent[0].agent_arn
-}
-
-resource "aws_iam_role_policy" "agent_policy" {
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect   = "Allow"
-        Action   = "lambda:InvokeModel"
-        Resource = module.lambda.lambda_function_arn
-      }
-    ]
-  })
-  role = split("/", provider::aws::arn_parse(module.bedrock.bedrock_agent[0].agent_resource_role_arn).resource)[1]
-}
