Update Bedrock prompt policy to use specific prompt name instead

Author: kris-szlapa

packages/cdk/resources/RuntimePolicies.ts

@@ -16,6 +16,7 @@ export interface RuntimePoliciesProps {
   readonly knowledgeBaseArn: string
   readonly guardrailArn: string
   readonly dataSourceArn: string
+  readonly promptName: string
 }
 
 export class RuntimePolicies extends Construct {
@@ -63,7 +64,10 @@ export class RuntimePolicies extends Construct {
 
     const slackBotPromptPolicy = new PolicyStatement({
       actions: ["bedrock:GetPrompt"],
-      resources: [`arn:aws:bedrock:${props.region}:${props.account}:prompt/*`]
+      resources: [
+        `arn:aws:bedrock:${props.region}:${props.account}:prompt/${props.promptName}`,
+        `arn:aws:bedrock:${props.region}:${props.account}:prompt/${props.promptName}:*`
+      ]
     })
 
     const slackBotKnowledgeBasePolicy = new PolicyStatement({

packages/cdk/stacks/EpsAssistMeStack.ts

@@ -94,7 +94,7 @@ export class EpsAssistMeStack extends Stack {
       account
     })
 
-    // Create runtime policies that depend on VectorKB ARNs
+    // Create runtime policies with resource dependencies
     const runtimePolicies = new RuntimePolicies(this, "RuntimePolicies", {
       region,
       account,
@@ -104,7 +104,8 @@ export class EpsAssistMeStack extends Stack {
       slackBotStateTableKmsKeyArn: tables.slackBotStateTable.kmsKey.keyArn,
       knowledgeBaseArn: vectorKB.knowledgeBase.attrKnowledgeBaseArn,
       guardrailArn: vectorKB.guardrail.attrGuardrailArn,
-      dataSourceArn: vectorKB.dataSourceArn
+      dataSourceArn: vectorKB.dataSourceArn,
+      promptName: bedrockPrompts.queryReformulationPrompt.promptName
     })
 
     // Create Functions construct with actual values from VectorKB