The workshop created an IAM Role AmazonKendra-eu-west-1-dojorole in the previous task. This role is used by Kendra to access the S3 bucket, use Kendra APIs and also access credentials from the Amazon Secret Manager for the data sources. The role needs required authorization in order to call the service. The workshop will provide PowerUserAccess access to this role in order to simplify the task. In actual production deployment, you would like to provide only required specific permissions to this role.
-
Go to IAM Management Console. Click on the Roles menu in the left and you can see the list of roles.
-
Search AmazonKendra-eu-west-1-dojorole role and click on the role.
-
On the next screen, click on the Attach policies button.
-
On the next screen, search for the PowerUserAccess policy and select the policy. Click on the Attach policy button.
-
The policy gets attached to the role. Let’s start with the data sources in the next task.