Add bedrock agents grained access permissions sample #167
Conversation
There was a problem hiding this comment.
not sure we need this file.. there is already a git ignore in the repo
There was a problem hiding this comment.
I've added this as aws-exports.js has environment details and it is not in the current gitignore
| permit ( | ||
| principal in avp::claim::app::Role::"ClaimsAdministrator", | ||
| action in [ | ||
| avp::claim::app::Action::"ListClaims" |
There was a problem hiding this comment.
the claim admin can only list the claims?
|
|
||
|
|
||
| def get_claim(event): | ||
| claim_id = int(get_named_parameter(event, 'claimId')) |
There was a problem hiding this comment.
get claim is not connected with the claims in list claims? would make sense to have the same claim on the list claims
There was a problem hiding this comment.
Updated the list so that the dummy claims are matching
| logger.info(f'event: {event}') | ||
| logger.info(f'context: {context}') | ||
|
|
||
| sessionAttributes = event.get("sessionAttributes") |
There was a problem hiding this comment.
we should add a comment that here is where the sessionAttribute is recovered from the sessionState
| Validate JWT claims & retrieve user identifier along with additional claims | ||
| """ | ||
| try: | ||
| verified_user = cognitojwt.decode( |
There was a problem hiding this comment.
can we add some comments here on what the decode function does?
There was a problem hiding this comment.
we shouldn't be committing the react logo
|
|
||
| [Link AWS Blog: https://aws.amazon.com/blogs/aws/](https://aws.amazon.com/blogs/aws/) | ||
|
|
||
| This is sample code we will demonstrate how to design fine-grained access controls using Verified Permissions for a generative AI application that uses agents for Bedrock to answer questions about insurance claims that exist in a claims review system using textual prompts as inputs and outputs. |
There was a problem hiding this comment.
add link for https://aws.amazon.com/verified-permissions/
| When the amplify project is published, it should show a message like this with the url of the frontend application: | ||
|
|
||
| ✔ Deployment complete! | ||
| https://code.din67qnkcrl26.amplifyapp.com |
There was a problem hiding this comment.
remove link, this should be generated by the application. This one is publicly accessible right now
There was a problem hiding this comment.
duplicated architecture photo from the frontend folder. Can we have only one copy to reduce the size of the repo
There was a problem hiding this comment.
removed unused reference
|
Completed the changes as per the feedback |
There was a problem hiding this comment.
we should remove this one as it is created automatically running the app
This is sample code we will demonstrate how to design fine-grained access controls using Verified Permissions for a generative AI application that uses agents for Bedrock to answer questions about insurance claims that exist in a claims review system using textual prompts as inputs and outputs.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.