Skip to main content
Feedback

Amazon Bedrock provider

When provisioning your AWS account, adding your account ID and region creates a CloudFormation template with the necessary permissions. This provisioning is a one-time process performed when adding an AWS account with a particular AWS account ID and region for the first time.

The CloudFormation template enables cross-account access between the Boomi Agent Control Tower and your AWS account to manage and monitor your Amazon Bedrock agents.

The template creates an IAM role containing the BedrockCustomerRole usage and the OamLinkCustomerRole usage permissions. BedrockCustomerRole usage permission syncs the Amazon Bedrock Agent and its related entities from the customer's AWS account to the Agent Control Tower on a periodic basis. The OamLinkCustomerRole usage permission establishes a link between the customer's AWS account and the Boomi account for a specific AWS region. Additionally, it establishes the sharing of CloudWatch metrics through AWS CloudWatch Observability Access Manager (OAM), enabling centralized monitoring of your Bedrock agents.

Once these metrics are in the Boomi ACT AWS account, they are further streamed to the Boomi Agent Control Tower over a secure HTTPS connection via AWS Firehose. This data pipeline ensures that all relevant monitoring data is available in the Boomi Agent Control Tower for comprehensive monitoring and management of your Bedrock agents.

On the Manage providers page for an AWS account, you can have provider accounts for each different region under the same AWS Account ID.

Prerequisites

Adding an AWS account requires you to have either IAMFullAccess permission or the following IAM permissions enabled:

  • cloudformation:CreateStack: Create the CloudFormation stack.
  • cloudformation:DescribeStacks: Monitor stack creation progress.
  • iam:CreateRole: Create the required IAM roles.
  • iam:CreateManagedPolicy: Create the managed policies.
  • iam:PutRolePolicy: Configure role policies.
  • iam:AttachRolePolicy: Attach policies to roles.
  • iam:PassRole: Pass roles to CloudFormation service.

To check if your account has the following permission policies enabled:

  1. Navigate to the IAM dashboard in your AWS account.
  2. Select User.
  3. Search for your account user name and select it.
  4. Under Permission policies, check if you have the above permissions. To add permissions refer to adding and removing IAM identity permissions.

Next steps:

  1. Adding an Amazon Bedrock Provider account
  2. Enabling Amazon Bedrock agent metrics
On this Page