AWS Bedrock Setup
LlamaCloud supports AWS Bedrock as part of its multimodal AI capabilities. To enable AWS Bedrock support, update the configuration to turn on the Bedrock integration. This page guides you through the necessary configuration changes and permission settings to integrate AWS Bedrock into your deployment.
Recommended Setup
- A valid AWS account
- Access & Quota to the supported models:
- For LlamaParse advanced parsing features:
- Anthropic Claude Sonnet 3.7
- Anthropic Claude Sonnet 3.5
- For LlamaCloud Playground:
- Anthropic Claude Sonnet 3.5 V2
- Cohere Rerank 3.5
- For LlamaParse advanced parsing features:
Connecting to Bedrock
Below are two ways to configure a connection to AWS Bedrock:
(Recommended) IAM Role for Service Accounts
We recommend creating a new IAM Role and Policy for LlamaCloud. You can then attach the role ARN as a service account annotation.
Below is a loose-goosey example policy to serve as a reference. Please tighten the policy as needed.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream",
"bedrock:CreateModelInvocationJob"
],
"Resource": [
"arn:aws:bedrock:*:*:foundation-model/*",
"arn:aws:bedrock:*:*:inference-profile/*"
]
}
]
}
After creating a policy similar to the above, update the LlamaParse service accounts with the EKS annotation:
# Example for the backend service account. Repeat for each of the services listed above.
llamaparse:
awsBedrock:
enabled: true
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::<account-id>:role/<role-name>
For more information, refer to the official AWS documentation about this topic.
IAM Role w/ Static AWS Credentials
Create a user with a policy attached for Bedrock Model Invocation. Afterwards, configure the platform to use the AWS credentials of that user by setting the following values in your values.yaml
file:
llamaparse:
awsBedrock:
enabled: true
region: "<your-aws-region>"
accessKeyId: "<your-access-key-id>"
secretAccessKey: "<your-secret-access-key>"