AWS Bedrock

Overview
This guide shows how to integrate Amazon Web Services Bedrock with SearchBlox on an EC2 instance to enable AI features.
IAM Role Configuration
2.1 Option A — Managed Policy
For full Bedrock access, attach the AWS-managed policy to your IAM role:
Policy: AmazonBedrockFullAccess
2.2 Option B — Least-Privilege Custom Policy
**For production environments, use a least-privilege inline policy or customize access based on your requirements

{
  "Version": "2012-10-17",
  "Statement": [
	{
  	"Effect": "Allow",
  	"Action": [
    	"bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream",
        "bedrock:ListFoundationModels",
        "bedrock:GetFoundationModel"
  	],
  	"Resource": "*"
	}
  ]
}

   **3.3 Attach the Role to Your EC2 Instance
      Step 1 — Create or Update an IAM Role**

Navigate to IAM → Roles → Create Role.
Select "AWS service" as the trusted entity type, then choose "EC2".
Attach the inline policy from Section 3.2 or AmazonBedrockFullAccess.
Name the role (e.g., SearchBlox-EC2-BedrockRole) and click Create Role.

Step 2 — Attach the Role to the EC2 Instance
Go to the EC2 Console and select your SearchBlox instance.
Click Actions → Security → Modify IAM Role.
Select SearchBlox-EC2-BedrockRole from the dropdown.
Click Update IAM Role. The role is active immediately.

Model Selection
Choose a model in AWS Bedrock that supports both text and image inputs. The recommended model for this integration is:
Example:

Field Value/Description
Model ID qwen.qwen3-vl-235b-a22b
Provider Qwen (via AWS Bedrock)
Modalities Text + Image
Use Case All SearchBlox AI task types

Field	Value/Description
Model ID	qwen.qwen3-vl-235b-a22b
Provider	Qwen (via AWS Bedrock)
Modalities	Text + Image
Use Case	All SearchBlox AI task types

   Note: You can verify model availability in your AWS region from the Bedrock Console under Model section.

Configuration File Location
All LLM provider and model settings are managed in the SearchBlox AI configuration file located at:

/opt/searchblox/webapps/ROOT/WEB-INF/searchai-config.yml

LLM Provider Configuration
Update the llm-providers section of searchai-config.yml model assignments. All task types should point to the same multimodel model ID.

active-llm-provider: bedrock
task-providers:
  chat: bedrock
  document-enrichment: bedrock
  smart-faq: bedrock
  searchai-assist-text: bedrock
  searchai-assist-image: bedrock
  recommendations: bedrock
  knowledge-graph: bedrock
  document-query-decomposition: bedrock
  product-query-decomposition: bedrock
  product-kg-extraction: bedrock
  analytics: bedrock
  testing: bedrock
  admin: bedrock
  analysis: bedrock
  extraction: bedrock
  log-analysis: bedrock
  agent-chat: bedrock
  agent-analytics: bedrock
  agent-testing: bedrock
  agent-analysis: bedrock
  agent-admin: bedrock
  agent-extraction: bedrock

llm-providers:
  bedrock:
	platform: bedrock
	#region: us-east-1    
            # access-key-id: YOUR_AWS_ACCESS_KEY_ID
            # secret-access-key: YOUR_AWS_SECRET_ACCESS_KEy
	models:
  	chat: qwen.qwen3-vl-235b-a22b
  	document-enrichment: qwen.qwen3-vl-235b-a22b
  	smart-faq: qwen.qwen3-vl-235b-a22b
  	searchai-assist-text: qwen.qwen3-vl-235b-a22b
  	searchai-assist-image: qwen.qwen3-vl-235b-a22b
  	recommendations: qwen.qwen3-vl-235b-a22b
  	knowledge-graph: qwen.qwen3-vl-235b-a22b
  	document-query-decomposition: qwen.qwen3-vl-235b-a22b
  	product-query-decomposition: qwen.qwen3-vl-235b-a22b


  	product-kg-extraction: qwen.qwen3-vl-235b-a22b
  	analytics: qwen.qwen3-vl-235b-a22b
  	testing: qwen.qwen3-vl-235b-a22b
  	admin: qwen.qwen3-vl-235b-a22b
  	analysis: qwen.qwen3-vl-235b-a22b
  	extraction: qwen.qwen3-vl-235b-a22b
  	log-analysis: qwen.qwen3-vl-235b-a22b
  	agent-chat: qwen.qwen3-vl-235b-a22b
  	agent-analytics: qwen.qwen3-vl-235b-a22b
  	agent-testing: qwen.qwen3-vl-235b-a22b
  	agent-analysis: qwen.qwen3-vl-235b-a22b
  	agent-admin: qwen.qwen3-vl-235b-a22b
  	agent-extraction: qwen.qwen3-vl-235b-a22b

Step 3 — Verify the Role from the Instance
SSH into your EC2 instance and run the following command to confirm the role is attached and Bedrock access is
working:

 # Check the attached IAM role
curl -s http://169.254.169.254/latest/meta-data/iam/info

# Test Bedrock connectivity (requires AWS CLI)
aws bedrock list-foundation-models --region us-east-1

Troubleshooting
If the aws bedrock command returns an access denied error, confirm the EC2 instance has the correct role
attached and that the policy includes bedrock:ListFoundationModels. Also ensure your Bedrock region matches
the EC2 region.

Restart SearchBlox
After saving all configuration changes, restart the SearchBlox service to apply them:

   #Stop SearchBlox
   systemctl stop searchblox

   #Start SearchBlox
   systemctl start searchblox

   #(Optional) Check service status
   systemctl status searchblox

After Restart
Allow 30–60 seconds for SearchBlox to fully initialize. Check the service logs at /opt/searchblox/logs/searchblox.log
if any issues arise. The AI features will connect to Bedrock automatically using the configured IAM role and model
IDs.