Configure an IAM for Agent discovery

Australia Enable AI

Release

australia

ft:locale

pt-BR

ft:publication_title

Australia Enable AI

ft:clusterId

platai

bundleId

platai

workflow

Platform

Configure an IAM for Agent discovery

Versão de lançamento: Australia

Atualizado 12 de mar. de 2026

1 min. de leitura

Configuring IAM policy action permissions necessary for Agent discovery and integration user access on AWS to read bedrock agentic data.

Antes de Iniciar

Role required: Admin

AWS provides the minimum given policies by default:

AmazonBedrockReadOnly
CloudWatchReadOnlyAccess

The minimum policy action permissions needed for the integration user on AWS to read bedrock agentic data:

ListAgents
GetAgent
ListAgentActionsGroups
ListAgentVersions
GetInferenceProfile
GetFoundationModel
ListAgentCollaborators
GetAgentAlias

Nota:

To exclude specific resources from AI Control Tower, you can restrict them from the resources region. Select 'all' to include all AWS bedrock agentic resources data into AI Control Tower.

{ 

    "Version": "2012-10-17", 

    "Statement": [ 

        { 

            "Sid": "VisualEditor0", 

            "Effect": "Allow", 

            "Action": [ 

                "bedrock:ListAgents", 

                "bedrock:ListAgentVersions", 

                "bedrock:ListAgentCollaborators", 

                "bedrock:ListAgentActionGroups", 

                "bedrock:GetInferenceProfile", 

                "bedrock:GetFoundationModel", 

                "bedrock:GetAgent" 

            ], 

            "Resource": "*" 

        } 

    ] 

}

O que Fazer Depois

Configure an IAM policy for Execution monitoring.