@@ -100,7 +100,18 @@ Parameters:
100100 # GenAI IDP parameters
101101 IDPS3LoggingBucketName :
102102 Type : String
103- Description : " IDP LoggingBucket Name"
103+ Description :
104+ IDP LoggingBucket Name, to store access logs for the dataset bucket
105+
106+ IDPS3OutputBucketName :
107+ Type : String
108+ Description : >-
109+ IDP S3OutputBucketName, to read the documents being processed
110+
111+ IDPCustomerManagedEncryptionKeyArn :
112+ Type : String
113+ Description : >-
114+ IDP CustomerManagedEncryptionKey ARN, to decrypt documents being read from the output bucket
104115
105116Conditions :
106117 HasPermissionsBoundary : !Not [!Equals [!Ref PermissionsBoundaryArn, ""]]
@@ -131,7 +142,7 @@ Resources:
131142 FunctionName : !Ref LambdaFunctionName
132143 PermissionsBoundary : !If [HasPermissionsBoundary, !Ref PermissionsBoundaryArn, !Ref AWS::NoValue]
133144 CodeUri : ./src
134- Handler : GENAIIDP -dynamic-few-shot.lambda_handler
145+ Handler : IDP -dynamic-few-shot.lambda_handler
135146 Runtime : python3.12
136147 Architectures :
137148 - arm64
@@ -144,8 +155,8 @@ Resources:
144155 S3VECTOR_BUCKET : !If
145156 - ShouldCreateVectorBucket
146157 # Error: Requested attribute VectorBucketName must be a readonly property in schema for AWS::S3Vectors::VectorBucket
147- # - !GetAtt DynamicFewShotVectorBucket .VectorBucketName
148- - !Select [1, !Split ["/", !Ref DynamicFewShotVectorBucket ]]
158+ # - !GetAtt VectorBucket .VectorBucketName
159+ - !Select [1, !Split ["/", !Ref VectorBucket ]]
149160 - !Ref VectorBucketName
150161 S3VECTOR_INDEX : !If
151162 - ShouldCreateVectorIndex
@@ -167,6 +178,8 @@ Resources:
167178 - ShouldCreateDatasetBucket
168179 - !Ref DatasetBucket
169180 - !Ref DatasetBucketName
181+ - S3ReadPolicy :
182+ BucketName : !Ref IDPS3OutputBucketName
170183 - Statement :
171184 - Effect : Allow
172185 Action : cloudwatch:PutMetricData
@@ -188,17 +201,14 @@ Resources:
188201 - !Ref DocumentsIndex
189202 - !If
190203 - ShouldCreateVectorBucket
191- - !Sub " ${DynamicFewShotVectorBucket }/index/${DocumentsIndex}"
204+ - !Sub " ${VectorBucket }/index/${DocumentsIndex}"
192205 - !Sub " arn:${AWS::Partition}:s3vectors:${AWS::Region}:${AWS::AccountId}:bucket/${VectorBucketName}/index/${DocumentsIndex}"
193206 - Effect : Allow
194207 Action :
195- - kms:Encrypt
196208 - kms:Decrypt
197- - kms:ReEncrypt*
198- - kms:GenerateDataKey*
199- - kms:DescribeKey
200209 Resource :
201210 - !GetAtt CustomerManagedEncryptionKey.Arn
211+ - !Ref IDPCustomerManagedEncryptionKeyArn
202212
203213 DynamicFewShotLogGroup :
204214 Type : AWS::Logs::LogGroup
@@ -207,7 +217,7 @@ Resources:
207217 RetentionInDays : !Ref LogRetentionDays
208218 KmsKeyId : !GetAtt CustomerManagedEncryptionKey.Arn
209219
210- DynamicFewShotVectorBucket :
220+ VectorBucket :
211221 Type : AWS::S3Vectors::VectorBucket
212222 Condition : ShouldCreateVectorBucket
213223 Properties :
@@ -229,12 +239,8 @@ Resources:
229239 - " imagePath"
230240 VectorBucketName : !If
231241 - ShouldCreateVectorBucket
232- - !Ref AWS::NoValue
242+ - !Select [1, !Split ["/", ! Ref VectorBucket]]
233243 - VectorBucketName
234- VectorBucketArn : !If
235- - ShouldCreateVectorBucket
236- - !Ref DynamicFewShotVectorBucket
237- - !Ref AWS::NoValue
238244
239245 DatasetBucket :
240246 Type : AWS::S3::Bucket
@@ -351,7 +357,7 @@ Outputs:
351357 Description : S3 Vectors bucket for dynamic few-shot examples
352358 Value : !If
353359 - ShouldCreateVectorBucket
354- - !Select [1, !Split ["/", !Ref DynamicFewShotVectorBucket ]]
360+ - !Select [1, !Split ["/", !Ref VectorBucket ]]
355361 - !Ref VectorBucketName
356362
357363 VectorIndexName :
0 commit comments