diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts index bbe396b4fcac4..c28307ab85d99 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts @@ -122,6 +122,7 @@ export class CallAwsService extends sfn.TaskStateBase { } const iamServiceMap: Record = { + bedrockagent: 'bedrock', cloudwatchlogs: 'logs', efs: 'elasticfilesystem', elasticloadbalancingv2: 'elasticloadbalancing', diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/aws-sdk/call-aws-service.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/aws-sdk/call-aws-service.test.ts index d02afa55bcc47..375f43cfd7b78 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/aws-sdk/call-aws-service.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/aws-sdk/call-aws-service.test.ts @@ -371,6 +371,38 @@ test('IAM policy for mediapackagevod', () => { }); }); +test('IAM policy for bedrockagent', () => { + // WHEN + const task = new tasks.CallAwsService(stack, 'StartIngestionJob', { + service: 'bedrockagent', + action: 'startIngestionJob', + parameters: { + DataSourceId: 'test-datasource-id', + KnowledgeBaseId: 'test-kb-id', + }, + resultPath: sfn.JsonPath.DISCARD, + iamResources: ['*'], + }); + + new sfn.StateMachine(stack, 'StateMachine', { + definitionBody: sfn.DefinitionBody.fromChainable(task), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: 'bedrock:startIngestionJob', + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }, + }); +}); + test('IAM policy for mwaa', () => { // WHEN const task = new tasks.CallAwsService(stack, 'ListMWAAEnvironments', {