S3 Bucket Access Permissions

Settings for accessing files on S3 buckets from AI-Starter. Required when using the following features.

• Downloading files generated by AgentCore Code Interpreter
• Document links in Bedrock Knowledge Base (when set to ALL)

Configuration Steps

1. Add IAM Inline Policy

Add an inline policy to the ECS task IAM role granting access to the S3 bucket.

1. Open IAM in the AWS Management Console
2. Select Roles from the left menu and open cmais-prd-ecs-task-role (replace prd according to your environment)
3. Select Add permissions > Create inline policy
4. Switch to the JSON tab and enter the following policy (change the bucket name as needed)
5. Enter S3DsAccess as the policy name and click Create policy

Inline policy example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}

To allow multiple buckets, specify Resource as an array.

"Resource": [
  "arn:aws:s3:::bucket-a/*",
  "arn:aws:s3:::bucket-b/*"
]

2. Secret Configuration

Specify the allowed S3 locations in allowed_ds_buckets in the cmais-prd/customize secret in Secrets Manager. Use comma-separated values for multiple entries.

• Whole bucket: bucket name only (for example, bucket-a)
• Prefix (folder) scope: bucket/prefix (for example, shared-bucket/team-a/public). Only object keys that match the prefix exactly or start with prefix/ (any depth) are allowed. Leading and trailing slashes are normalized.

allowed_ds_buckets: bucket-a,bucket-b,shared-bucket/team-a/public

Caution

Within the locations allowed by allowed_ds_buckets, any logged-in AI-Starter user who knows the file path can access those objects. Only specify ranges that are safe to expose to logged-in users.

Related Pages

• AgentCore Code Interpreter
• Bedrock Knowledge Base