How to resolve Authorizations errors when running lab 03_QuestionAnswering/02_qa_w_rag_claude_opensearch

Question

How to resolve Authorizations errors when running lab 03_QuestionAnswering/02_qa_w_rag_claude_opensearch

Opened this issue a year ago · 2 comments

When running this lab, you will encounter permissions error in the following steps :

The cell trying to create vector store using Opensearch serverless
Step / cell to inject the documents into vector store.
Clean-up step

To resolve permission issue # 1 and # 3 above, attach following inline policy to the IAM SageMaker execution role you used to launch the SageMaker studio and re-run the cells.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aoss:CreateSecurityPolicy",
"aoss:UpdateSecurityPolicy",
"aoss:CreateCollection",
"aoss:ListCollections",
"aoss:CreateAccessPolicy",
"aoss:APIAccessAll",
"aoss:DeleteSecurityPolicy",
"aoss:DeleteCollection",
"aoss:DeleteAccessPolicy"
],
"Resource": ""
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam:::role/aws-service-role/observability.aoss.amazonaws.com/AWSServiceRoleForAmazonOpenSearchServerless"
}
]
}

The permission error in the # 2 above ("Step / cell to inject the documents into vector store. ") is more of a sporadic and timing issue. It is caused because its executed before the index creation is completed in the OpenSearch cluster. Re-run this after a min or two delay, and it should run without error.

Answer 1 · 2024-04-09T20:06:13.000Z

will test - cc: @mani-aiml

Answer 2 · 2024-05-15T19:26:54.000Z

I think this should be fixed by now, can you confirm @mani-aiml