Skip to main content
Feedback

Amazon Bedrock provider

When provisioning your AWS account, adding your account ID and region creates a CloudFormation template with the necessary permissions. This provisioning is a one-time process performed when adding an AWS account with a particular AWS account ID and region for the first time.

The CloudFormation template enables cross-account access between the Boomi Agent Control Tower and your AWS account to manage and monitor your Amazon Bedrock agents.

The template creates an IAM role containing the BedrockCustomerRole usage and the OamLinkCustomerRole usage permissions. BedrockCustomerRole usage permission syncs the Amazon Bedrock Agent and its related entities from the customer's AWS account to the Agent Control Tower on a periodic basis. The OamLinkCustomerRole usage permission establishes a link between the customer's AWS account and the Boomi account for a specific AWS region. Additionally, it establishes the sharing of CloudWatch metrics through AWS CloudWatch Observability Access Manager (OAM), enabling centralized monitoring of your Bedrock agents.

Once these metrics are in the Boomi ACT AWS account, they are further streamed to the Boomi Agent Control Tower over a secure HTTPS connection via AWS Firehose. This data pipeline ensures that all relevant monitoring data is available in the Boomi Agent Control Tower for comprehensive monitoring and management of your Bedrock agents.

On the Manage providers page for an AWS account, you can have provider accounts for each different region under the same AWS Account ID.

The status of an Amazon Bedrock provider account can be:

  • Incomplete: The process of adding an account is left incomplete.
  • Sync enabled: Syncing is enabled between the provider account and AWS Bedrock.
  • Sync disabled: Syncing is disabled between the provider account and AWS Bedrock.
  • Error: When a provider account is not able to establish a connection with the source.
  • Connected: Authentication is complete, and the provider account is connected to the AWS dashboard.

If a provider account has an Error/ Disconnected status, refer to Amazon Bedrock Troubleshooting.

The sync statuses are:

  • In Queue: The sync process is yet to start and has been queued.
  • Syncing: The account is being synced.
  • Partially Synced: Partially synced due to reaching system limits.
  • Error: The provider account is not able to establish a connection with the source.
  • Success The provider account has been synced successfully.

Prerequisites

Adding an AWS account requires you to have either IAMFullAccess permission or the following IAM permissions enabled:

  • cloudformation:CreateStack: Create the CloudFormation stack.
  • cloudformation:DescribeStacks: Monitor stack creation progress.
  • iam:CreateRole: Create the required IAM roles.
  • iam:CreateManagedPolicy: Create the managed policies.
  • iam:PutRolePolicy: Configure role policies.
  • iam:AttachRolePolicy: Attach policies to roles.
  • iam:PassRole: Pass roles to CloudFormation service.

To check if your account has the following permissions:

  1. Navigate to the IAM dashboard in your AWS account.
  2. Select User.
  3. Search for your account user name and select it.
  4. Under Permission policies, check if you have the above permissions. To add permissions refer to adding and removing IAM identity permissions.
On this Page