I'm seeing an error after following the deploying guide for this github repo: https://github.com/aws-samples/generative-ai-amazon-bedrock-langchain-agent-example/blob/main/documentation/deployment-guide.md#deployment
The error is clear and lets me know that the caller does not have access to the specified model
Error raised by bedrock service: An error occurred (AccessDeniedException) when calling the InvokeModel operation: You don't have access to the model with the specified model ID.
We can see in the code that the specified model id is "anthopic.claude-v2": lambda function specifying anthropic claude v2
However, when I go to request access to this model or any other model in AWS console, I get an operation not allowed error:
Access request for 1 models failed • Llama 2 Chat 13B - Operation not allowed
In an attempt to fix this I've added the necessary AWS managed polices (AmazonBedrockFullAccess and AWSMarketplaceFullAccess) to every role and user that could possibly be involved. I've also gone ahead and created an IAM Identity Center Managing Instance with an administrative user group that explicitly specifies the policies above alongside the default admin policy. Using a newly creating account within that group has not resolved the issue.
The service role with the required policies explicitly attached
I'm expecting that the newly created user account in the admin group with the required policies explicitly attached would work to request access to the Bedrock models but that is not the case. Please let me know if I'm missing something here!