Authenticate action

To authenticate access to Amazon Bedrock from the Control Room, you need to obtain Amazon Web Services (AWS) access key ID and secret access key. You can include a session token, which is a temporary token used when working with temporary security credentials.

Prerequisites

  1. Create an AWS account (Create a standalone AWS account) or create a member account in your organization (Creating a member account in your organization).
  2. Log in to your AWSAWS account and create a project. If you already have access to a project, you can view it after you log in into your AWS account.
Perform the steps in this procedure to acquire the following key components and use them in the Control Room to authenticate to Amazon Bedrock:
  • AWS access key: The AWS access key serves as your unique identifier within the AWS ecosystem. It is a fundamental part of the authentication process, allowing AWS services to recognize and validate your access.
  • Secret access key: The Secret access key is the confidential counterpart to your Access Key ID. This key is used to sign requests made to AWS, enhancing security by ensuring that only authorized individuals or systems can access your AWS resources.
  • Session token (Optional): Additionally, you have the option to include a Session token. A Session token is a temporary, time-bound token used when working with temporary security credentials. It provides an added layer of security, particularly in scenarios where temporary access is required, such as when using temporary security credentials.

Procedure

  1. Log in to your AWS Console and select the project.
  2. Click Command line or programmatic access corresponding to the project you selected.
  3. Click Windows and scroll down the screen to copy the: AWS access key ID, AWS Secret access key, and AWS session token.
  4. Log in to the Control Room.
  5. Create a new bot.
    For more details, see Create your first bot.
  6. From the Actions pane, select Generative AI > Amazon Bedrock > Authentication and place it under the Start of the bot flow.
  7. Paste all the credentials you copied as follows:
    Note: You can use one of the following options to specify the Access key/Secret access key/Session token (optional):
    • Credential: To implement stronger security, you can use values in the Credential Vault that contains information about the AWS access key/Secret access key/Session token (optional).
    • Variable: To implement stronger security, you can use a credential variable that contains information about the AWS access key/Secret access key/Session token (optional).
    • Insecure string: Enables you to enter the AWS access key/Secret access key/Session token (optional).
    1. In the Access key field, paste the Access key copied from your AWS environment.
    2. In the Secret access key field, paste the Secret access key copied from your AWS environment.
    3. In the Session token (optional) field, paste the Session token (optional) copied from your AWS environment.
    4. Select any one of the following tabs to create an AI session:
      • Local session: Specify a session name that can be used only in the current bot.
      • Global session: Specify a session name that can be used across multiple bots, such as parent bots and child bots.
        Recommendation: The parent and child bots should have the same package version.
      • Variable: Specify or create a session variable of subtype Generative AI session.
  8. Click Run to ensure you are successfully authenticated.