Skip to main content
Feedback

Adding an Amazon Bedrock Provider account

Logging into an AWS account requires your AWS account ID and selecting the region hosting your agents. Each region will need one account listing. Adding an account is a two-step process.

You can log into an AWS account ID in only one Agent Control Tower account. If you receive the error Account already exists, contact your admin or Boomi support.

  1. On Agent Control Tower, go to Manage Providers.

  2. Click on Account in the AWS Bedrock provider tile.

  3. Click Add Account.

  4. In Step 1 of 2 in the Add Account window:

    a. Create an Account Name: A unique identifiable account name of your choice.

    b. Select the AWS Region that hosts your agents on Bedrock.

    c. Enter your AWS Account ID: The AWS Account ID is a 12 digit numeric.

    d. Click Continue.

AWS Bedrock Adding account

  1. In step 2 of 2 in the Add Account window

    Important

    Before you begin the following steps, ensure you have read through the legal disclaimer provided.

    a. Download the CloudFormation template (CFT).

    b. Navigate to the AWS CloudFormation Console. Upload your earlier downloaded CFT on to your AWS CloudFormation Console, refer Uploading your AWS CloudFormation template. Ensure you have the right AWS privileges to execute the CloudFormation template. For more information, read prerequisites.

    c. Copy and paste the External ID in the AWS CloudFormation Console when uploading your AWS CloudFormation template.

    d. (Optional) To view metrics for your agents for this account, ensure you Enable Bedrock Agent metric data access. This is an optional step and can be done after adding your account.

    e. Once you uploaded your AWS CloudFormation template, select the checkbox.

  2. Click Add Account.

The above task applies when provisioning an AWS account for the first time. To onboard more regions of the same AWS account, from the two-step onboarding process, you will only have to complete step 1.

Next steps: Enabling Bedrock Agent metric data access

Uploading your AWS CloudFormation template

Complete the following steps in the AWS CloudFormation Console

  1. Create stack > with new resources (standard).

  2. In the create stack screen, under prerequisites, select Choose an existing template.

  3. Under specify template, select Upload a template file.

  4. Upload the CloudFormation template that you downloaded in step "a" of Step 2 and click Next.

  5. Specify a stack name (example ACT_bedrock, do not include spaces) and add your External ID that you recieve from step "c" of Step 2 under Parameters, and click Next.

  6. Leave everything as default under Configure stack options and select the acknowledgement checkbox at the end of the screen.

  7. Click Next.

  8. Review your stack and click Submit.

Once you see a success message, return to the Control Tower screen.

Account management

When provisioning your AWS provider account for a different AWS account ID, ensure you are logged into the correct AWS account in the CloudFormation Console. If you encounter the error RollBack_Complete on the CloudFormation console, it indicates that the present AWS account already has the required permissions configured. To resolve this, switch to the intended AWS account and rerun the deployment.

Every new region added needs the CloudWatch—Putmetricsdata permission enabled. For more information, refer to Enabling Bedrock Agent metric data access.

Your added account will be visible as a tile in the Manage Providers page with an enabled status.

note

Creating an account immediately after deleting one results in an SSM_UPDATE_FAILED error message. You must wait for 30 seconds before attempting to add another account.

Deletion of all regions in your AWS Bedrock Provider

If you delete all regions of your AWS Bedrock Provider account, ensure you delete the CloudFormation template you uploaded when adding your account. The CloudFormation template creates IAM roles that connect the AWS account to Agent Control Tower. Deleting your CloudFormation template ensures that no residual resources remain in your AWS account and prevents any potential charges to your AWS account. While this results in deleting the metadata from Agent Control Tower along with the associated connections, all the metrics received are retained within the Agent Control Tower as historical data.

Failing to delete the CloudFormation template may incur costs and result in an error when re-provisioning the same AWS Bedrock account.

For example, you delete all instances of accounts with account ID X from the agent Control Tower without deleting the uploaded CloudFormation template. Creating a fresh provider account with account ID X will result in an error.

Next Steps: Managing Amazon Bedrock agents

On this Page