fix(agentcore): allow marketplace checks for Bedrock models#42
fix(agentcore): allow marketplace checks for Bedrock models#42opepin wants to merge 1 commit intoaws-samples:mainfrom
Conversation
Grant aws-marketplace ViewSubscriptions and Subscribe on the AgentCore execution role so Bedrock can complete model access checks instead of returning 502 access errors. Made-with: Cursor
zenttic-aws
left a comment
zenttic-aws
left a comment
There was a problem hiding this comment.
Code Review: PR #42 — Marketplace IAM Permissions for Bedrock Models
Summary
Adds aws-marketplace:ViewSubscriptions and aws-marketplace:Subscribe (on *) to the AgentCore execution role to fix 502 errors when Bedrock checks marketplace subscription status for models like MiniMax M2.1.
Findings
🔴 Security — aws-marketplace:Subscribe is overly permissive
aws-marketplace:Subscribe is a write action that allows the role to programmatically accept marketplace subscriptions, potentially incurring costs. Since this role is assumed by code running inside per-user AgentCore containers, a compromised or misbehaving container could subscribe the AWS account to paid marketplace products.
If the goal is to let Bedrock verify whether the account already has a marketplace subscription for a model, aws-marketplace:ViewSubscriptions alone should be sufficient. The Subscribe action is only needed to create new subscriptions, not to check existing ones.
Recommendation: Remove aws-marketplace:Subscribe and deploy with only ViewSubscriptions first. If 502s persist with ViewSubscriptions alone, then Subscribe genuinely is required by the Bedrock service — in that case, re-add it with a clear comment explaining why and update the cdk-nag suppression reason to document the risk.
self.execution_role.add_to_policy(
iam.PolicyStatement(
actions=[
"aws-marketplace:ViewSubscriptions",
# "aws-marketplace:Subscribe", # Add only if ViewSubscriptions alone doesn't fix 502s
],
resources=["*"], # Marketplace actions don't support resource-level permissions
)
)🟡 Minor — Missing cdk-nag suppression update
The Resource::* entry in the existing cdk-nag suppression covers this, but the suppression reason string doesn't mention marketplace permissions. Worth updating the reason to keep the audit trail clear.
🟢 Correctness — resources=["*"] is correct for marketplace
AWS Marketplace actions (ViewSubscriptions, Subscribe) are account-level operations that don't support resource-level ARN restrictions, so "*" is the only valid resource here. This is consistent with AWS documentation.
Verdict
Request changes — drop aws-marketplace:Subscribe unless confirmed necessary by testing. The read-only ViewSubscriptions should resolve the Bedrock subscription check without granting write access to marketplace.
Merge Risk AssessmentThis branch is 75 commits behind main, and The good news: Recommended next steps before merging:
Happy to help with the rebase if needed. |
2 participants
Issue #, if available:
#41
Description of changes:
Grant aws-marketplace ViewSubscriptions and Subscribe on the AgentCore execution role so Bedrock can complete model access checks instead of returning 502 access errors.
Note: not sure that's what fixed the issue, but message disappeared after that new PolicyStatement.
Could also a first time provisioning of Anthropic models issue see note in documentation:
any prerequisites are missing, the subscription attempt fails and subsequent API calls will return AccessDeniedException. After granting the necessary permissions, it may take up to 2 minutes for the subscription to complete. During this time, API calls may continue to return AccessDeniedException.https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html#model-access-sdk-prerequisites
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.