AVB/bedrock-access-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix secret access issue

Browse Source
This commit is contained in:
Aiden Dai
2025-02-09 06:53:23 +08:00
parent 4d88731233
commit a6f3e1176b
3 changed files with 19 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -77,6 +77,9 @@ Please follow the steps below to deploy the Bedrock Proxy APIs into your AWS acc
Description: (Optional) Add a description of your secret Description: (Optional) Add a description of your secret
5. Click "Next" and review all your settings and click "Store" 5. Click "Next" and review all your settings and click "Store"
After creation, you'll see your secret in the Secrets Manager console. Make note of the secret ARN.
**Step 2: Deploy the CloudFormation stack** **Step 2: Deploy the CloudFormation stack**
1. Sign in to AWS Management Console, switch to the region to deploy the CloudFormation Stack to. 1. Sign in to AWS Management Console, switch to the region to deploy the CloudFormation Stack to.
@@ -88,11 +91,11 @@ Please follow the steps below to deploy the Bedrock Proxy APIs into your AWS acc
3. Click "Next". 3. Click "Next".
4. On the "Specify stack details" page, provide the following information: 4. On the "Specify stack details" page, provide the following information:
- Stack name: Change the stack name if needed. - Stack name: Change the stack name if needed.
- ApiKeySecretName: Enter the secret name you used for storing the API key (e.g., `BedrockProxyAPIKey`). Click "Next". - ApiKeySecretArn: Enter the secret ARN you used for storing the API key.
5. On the "Configure stack options" page, you can leave the default settings or customize them according to your needs.
6. Click "Next". Click "Next".
7. On the "Review" page, review the details of the stack you're about to create. Check the "I acknowledge that AWS CloudFormation might create IAM resources" checkbox at the bottom. 5. On the "Configure stack options" page, you can leave the default settings or customize them according to your needs. Click "Next".
8. Click "Create stack". 6. On the "Review" page, review the details of the stack you're about to create. Check the "I acknowledge that AWS CloudFormation might create IAM resources" checkbox at the bottom. Click "Create stack".
That is it! 🎉 Once deployed, click the CloudFormation stack and go to **Outputs** tab, you can find the API Base URL from `APIBaseUrl`, the value should look like `http://xxxx.xxx.elb.amazonaws.com/api/v1`. That is it! 🎉 Once deployed, click the CloudFormation stack and go to **Outputs** tab, you can find the API Base URL from `APIBaseUrl`, the value should look like `http://xxxx.xxx.elb.amazonaws.com/api/v1`.

12
README_CN.md
View File

@@ -76,6 +76,7 @@ OpenAI 的 API 或 SDK 无缝集成并试用 Amazon Bedrock 的模型,而无需
4. 在 "配置密钥" 页面: 密钥名称:输入一个名称(例如:"BedrockProxyAPIKey" 描述:(可选)添加密钥的描述 4. 在 "配置密钥" 页面: 密钥名称:输入一个名称(例如:"BedrockProxyAPIKey" 描述:(可选)添加密钥的描述
5. 点击 "下一步",检查所有设置后点击 "存储" 5. 点击 "下一步",检查所有设置后点击 "存储"
创建完成后,您将在 Secrets Manager 控制台中看到您的密钥。请记下密钥的 ARN。
**第二步: 部署CloudFormation堆栈** **第二步: 部署CloudFormation堆栈**
@@ -88,12 +89,11 @@ OpenAI 的 API 或 SDK 无缝集成并试用 Amazon Bedrock 的模型,而无需
3. 单击"下一步"。 3. 单击"下一步"。
4. 在"指定堆栈详细信息"页面,提供以下信息: 4. 在"指定堆栈详细信息"页面,提供以下信息:
- 堆栈名称: 可以根据需要更改名称。 - 堆栈名称: 可以根据需要更改名称。
- ApiKeySecretName:输入您用于存储API 密钥的名称(例如"BedrockProxyAPIKey"),否则,请将此字段留空 - ApiKeySecretArn:输入您用于存储API 密钥的ARN
单击"下一步"。
5. 在"配置堆栈选项"页面,您可以保留默认设置或根据需要进行自定义 单击"下一步"
6. 单击"下一步"。 5. 在"配置堆栈选项"页面,您可以保留默认设置或根据需要进行自定义。 单击"下一步"。
7. 在"审核"页面,查看您即将创建的堆栈详细信息。勾选底部的"我确认AWS CloudFormation 可能创建 IAM 资源。"复选框。 6. 在"审核"页面,查看您即将创建的堆栈详细信息。勾选底部的"我确认AWS CloudFormation 可能创建 IAM 资源。"复选框。 单击"创建堆栈"。
8. 单击"创建堆栈"。
仅此而已 🎉 。部署完成后,点击CloudFormation堆栈,进入"输出"选项卡,你可以从"APIBaseUrl" 仅此而已 🎉 。部署完成后,点击CloudFormation堆栈,进入"输出"选项卡,你可以从"APIBaseUrl"
中找到API Base URL,它应该类似于`http://xxxx.xxx.elb.amazonaws.com/api/v1` 这样的格式。 中找到API Base URL,它应该类似于`http://xxxx.xxx.elb.amazonaws.com/api/v1` 这样的格式。

27
deployment/BedrockProxyFargate.template
View File

@@ -1,10 +1,10 @@
Description: Bedrock Access Gateway - OpenAI-compatible RESTful APIs for Amazon Bedrock Description: Bedrock Access Gateway - OpenAI-compatible RESTful APIs for Amazon Bedrock
Transform: AWS::LanguageExtensions Transform: AWS::LanguageExtensions
Parameters: Parameters:
ApiKeySecretName: ApiKeySecretArn:
Type: String Type: String
Default: "" AllowedPattern: ^arn:aws:secretsmanager:.*$
Description: The secret name in Secrets Manager used to store the API Key Description: The secret ARN in Secrets Manager used to store the API Key
Resources: Resources:
VPCB9E5F0B4: VPCB9E5F0B4:
Type: AWS::EC2::VPC Type: AWS::EC2::VPC
@@ -144,17 +144,7 @@ Resources:
- secretsmanager:DescribeSecret - secretsmanager:DescribeSecret
Effect: Allow Effect: Allow
Resource: Resource:
Fn::Join: Ref: ApiKeySecretArn
- ""
- - "arn:"
- Ref: AWS::Partition
- ":secretsmanager:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- ":secret:"
- Ref: ApiKeySecretName
- -??????
- Action: - Action:
- ecr:BatchCheckLayerAvailability - ecr:BatchCheckLayerAvailability
- ecr:GetDownloadUrlForLayer - ecr:GetDownloadUrlForLayer
@@ -252,14 +242,7 @@ Resources:
ValueFrom: ValueFrom:
Fn::Join: Fn::Join:
- "" - ""
- - "arn:" - - Ref: ApiKeySecretArn
- Ref: AWS::Partition
- ":secretsmanager:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- ":secret:"
- Ref: ApiKeySecretName
- ":api_key::" - ":api_key::"
Cpu: "1024" Cpu: "1024"
ExecutionRoleArn: ExecutionRoleArn: