DownloadsDocumentationAPI ReferenceChangelogOpen A TicketContact
Guides

AWS Bedrock

1. Overview

This guide shows how to integrate Amazon Web Services Bedrock with SearchBlox on an EC2 instance to enable AI features.

2. IAM Role Configuration
2.1 Option A — Managed Policy
For full Bedrock access, attach the AWS-managed policy to your IAM role:
Policy: AmazonBedrockFullAccess
2.2 Option B — Least-Privilege Custom Policy
For production environments, use a least-privilege inline policy or customize access based on your requirements

{
  "Version": "2012-10-17",
  "Statement": [
	{
  	"Effect": "Allow",
  	"Action": [
    	"bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream",
        "bedrock:ListFoundationModels",
        "bedrock:GetFoundationModel"
  	],
  	"Resource": "*"
	}
  ]
}

3. Attach the Role to Your EC2 Instance

Step 1 — Create or Update an IAM Role

  • Navigate to IAM → Roles → Create Role.

  • Select "AWS service" as the trusted entity type, then choose "EC2".

  • Attach the inline policy from Section 3.2 or AmazonBedrockFullAccess.

  • Name the role (e.g., SearchBlox-EC2-BedrockRole) and click Create Role.

Step 2 — Attach the Role to the EC2 Instance

  • Go to the EC2 Console and select your SearchBlox instance.

  • Click Actions → Security → Modify IAM Role.

  • Select SearchBlox-EC2-BedrockRole from the dropdown.

  • Click Update IAM Role. The role is active immediately.

Model Selection
Choose a model in AWS Bedrock that supports both text and image inputs. The recommended model for this integration is:
Example:

FieldValue/Description
Model IDqwen.qwen3-vl-235b-a22b
ProviderQwen (via AWS Bedrock)
ModalitiesText + Image
Use CaseAll SearchBlox AI task types

Note: You can verify model availability in your AWS region from the Bedrock Console under Model section.

Configuration File Location
All LLM provider and model settings are managed in the SearchBlox AI configuration file located at: /opt/searchblox/webapps/ROOT/WEB-INF/searchai-config.yml

LLM Provider Configuration
Update the llm-providers section of searchai-config.yml model assignments. All task types should point to the same multimodel model ID.

active-llm-provider: bedrock
task-providers:
  chat: bedrock
  document-enrichment: bedrock
  smart-faq: bedrock
  searchai-assist-text: bedrock
  searchai-assist-image: bedrock
  recommendations: bedrock
  knowledge-graph: bedrock
  document-query-decomposition: bedrock
  product-query-decomposition: bedrock
  product-kg-extraction: bedrock
  analytics: bedrock
  testing: bedrock
  admin: bedrock
  analysis: bedrock
  extraction: bedrock
  log-analysis: bedrock
  agent-chat: bedrock
  agent-analytics: bedrock
  agent-testing: bedrock
  agent-analysis: bedrock
  agent-admin: bedrock
  agent-extraction: bedrock


llm-providers:
  bedrock:
	platform: bedrock
	#region: us-east-1    
            # access-key-id: YOUR_AWS_ACCESS_KEY_ID
            # secret-access-key: YOUR_AWS_SECRET_ACCESS_KEy
	models:
  	chat: qwen.qwen3-vl-235b-a22b
  	document-enrichment: qwen.qwen3-vl-235b-a22b
  	smart-faq: qwen.qwen3-vl-235b-a22b
  	searchai-assist-text: qwen.qwen3-vl-235b-a22b
  	searchai-assist-image: qwen.qwen3-vl-235b-a22b
  	recommendations: qwen.qwen3-vl-235b-a22b
  	knowledge-graph: qwen.qwen3-vl-235b-a22b
  	document-query-decomposition: qwen.qwen3-vl-235b-a22b
  	product-query-decomposition: qwen.qwen3-vl-235b-a22b


  	product-kg-extraction: qwen.qwen3-vl-235b-a22b
  	analytics: qwen.qwen3-vl-235b-a22b
  	testing: qwen.qwen3-vl-235b-a22b
  	admin: qwen.qwen3-vl-235b-a22b
  	analysis: qwen.qwen3-vl-235b-a22b
  	extraction: qwen.qwen3-vl-235b-a22b
  	log-analysis: qwen.qwen3-vl-235b-a22b
  	agent-chat: qwen.qwen3-vl-235b-a22b
  	agent-analytics: qwen.qwen3-vl-235b-a22b
  	agent-testing: qwen.qwen3-vl-235b-a22b
  	agent-analysis: qwen.qwen3-vl-235b-a22b
  	agent-admin: qwen.qwen3-vl-235b-a22b
  	agent-extraction: qwen.qwen3-vl-235b-a22b

Step 3 — Verify the Role from the Instance
 SSH into your EC2 instance and run the following command to confirm the role is attached and Bedrock access is
working:

4. Check the attached IAM role:curl -s http://169.254.169.254/latest/meta-data/iam/info

Test Bedrock connectivity (requires AWS CLI): aws bedrock list-foundation-models --region us-east-1

Troubleshooting
If the aws bedrock command returns an access denied error, confirm the EC2 instance has the correct role
attached and that the policy includes bedrock:ListFoundationModels. Also ensure your Bedrock region matches
the EC2 region.

5. Restart SearchBlox
After saving all configuration changes, restart the SearchBlox service to apply them:

Stop SearchBlox: systemctl stop searchblox

Start SearchBlox systemctl start searchblox

(Optional) Check service status systemctl status searchblox

After Restart

Allow 30–60 seconds for SearchBlox to fully initialize. Check the service logs at /opt/searchblox/logs/searchblox.log
if any issues arise. The AI features will connect to Bedrock automatically using the configured IAM role and model IDs.

Updated 12 days ago