本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 在 Amazon Bedrock 中使用你的 SageMaker JumpStart 模型 您可以将已从亚马逊部署的模型注册 SageMaker JumpStart 到 Amazon Bedrock。您可通过 Amazon Bedrock,在多个端点后面托管模型。您还可以使用 Amazon Bedrock 特征,例如座席和知识库。有关使用 Amazon Bedrock 模型的更多信息,请参阅 [https://docs.aws.amazon.com/bedrock/latest/userguide/amazon-bedrock-marketplace.html](https://docs.aws.amazon.com/bedrock/latest/userguide/amazon-bedrock-marketplace.html)。 **重要** 要将您的模型迁移到 Amazon Bedrock,我们建议将[AmazonBedrockFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonBedrockFullAccess.html)策略附加到您的 IAM 角色。如果无法附加托管策略,请确保您的 IAM 角色拥有下列权限: **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "BedrockAll", "Effect": "Allow", "Action": [ "bedrock:*" ], "Resource": "*" }, { "Sid": "DescribeKey", "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "arn:*:kms:*:::*" }, { "Sid": "APIsWithAllResourceAccess", "Effect": "Allow", "Action": [ "iam:ListRoles", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Sid": "MarketplaceModelEndpointMutatingAPIs", "Effect": "Allow", "Action": [ "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateInferenceComponent", "sagemaker:DeleteInferenceComponent", "sagemaker:DeleteEndpoint", "sagemaker:UpdateEndpoint" ], "Resource": [ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "bedrock.amazonaws.com" } } }, { "Sid": "BedrockEndpointTaggingOperations", "Effect": "Allow", "Action": [ "sagemaker:AddTags", "sagemaker:DeleteTags" ], "Resource": [ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ] }, { "Sid": "MarketplaceModelEndpointNonMutatingAPIs", "Effect": "Allow", "Action": [ "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeInferenceComponent", "sagemaker:ListEndpoints", "sagemaker:ListTags" ], "Resource": [ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "bedrock.amazonaws.com" } } }, { "Sid": "BedrockEndpointInvokingOperations", "Effect": "Allow", "Action": [ "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointWithResponseStream" ], "Resource": [ "arn:aws:sagemaker:*:*:endpoint/*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "bedrock.amazonaws.com" } } }, { "Sid": "DiscoveringMarketplaceModel", "Effect": "Allow", "Action": [ "sagemaker:DescribeHubContent" ], "Resource": [ "arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/*", "arn:aws:sagemaker:*:aws:hub/SageMakerPublicHub" ] }, { "Sid": "AllowMarketplaceModelsListing", "Effect": "Allow", "Action": [ "sagemaker:ListHubContents" ], "Resource": "arn:aws:sagemaker:*:aws:hub/SageMakerPublicHub" }, { "Sid": "RetrieveSubscribedMarketplaceLicenses", "Effect": "Allow", "Action": [ "license-manager:ListReceivedLicenses" ], "Resource": [ "*" ] }, { "Sid": "PassRoleToSageMaker", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/*Sagemaker*ForBedrock*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "sagemaker.amazonaws.com", "bedrock.amazonaws.com" ] } } }, { "Sid": "PassRoleToBedrock", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*AmazonBedrock*", "Condition": { "StringEquals": { "iam:PassedToService": [ "bedrock.amazonaws.com" ] } } } ] } ``` Amazon Bedrock Full Access 策略仅提供对 Amazon Bedrock API 的权限。要在中使用 Amazon Bedrock AWS 管理控制台,您的 IAM 角色还必须具有以下权限: ``` { "Sid": "AllowConsoleS3AccessForBedrockMarketplace", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetBucketCORS", "s3:ListBucket", "s3:ListBucketVersions", "s3:GetBucketLocation" ], "Resource": "*" } ``` 如果您要自行编写策略,则必须附上支持对资源执行 Amazon Bedrock Marketplace 操作的策略声明。例如,以下策略支持 Amazon Bedrock 对已部署到端点的模型使用 `InvokeModel` 操作。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "BedrockAll", "Effect": "Allow", "Action": [ "bedrock:InvokeModel" ], "Resource": [ "arn:aws:bedrock:us-east-1:111122223333:marketplace/model-endpoint/all-access" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": ["sagemaker:InvokeEndpoint"], "Resource": "arn:aws:sagemaker:us-east-1:111122223333:endpoint/*", "Condition": { "StringEquals": { "aws:ResourceTag/project": "example-project-id", "aws:CalledViaLast": "bedrock.amazonaws.com" } } } ] } ``` 部署模型后,您可能就能够在 Amazon Bedrock 中使用该模型了。要查看是否可以在 Amazon Bedrock 中使用该模型,请导航至 Studio 用户界面中的模型详情卡。如果模型卡片上写着 **Bedrock 就绪**,则可以在 Amazon Bedrock 中注册该模型。 **重要** 默认情况下,Amazon SageMaker JumpStart 会禁用您部署的模型的网络访问权限。如果您启用了网络访问权限,则将无法在 Amazon Bedrock 中使用该模型。如果您想在 Amazon Bedrock 中使用该模型,则必须在禁用网络访问权限的情况下重新部署该模型。 要在 Amazon Bedrock 中使用该模型,请导航至**端点详细信息**页面,然后在 Studio 用户界面右上角选择**配合 Bedrock 使用**。看到弹出窗口后,选择**注册到 Bedrock**。