There is a pattern where ARN validation error occurs in aws bedrock-agent-runtime retrieve-and-generate"

[ichino-kazuaki]

Describe the bug

The model ARN that can be retrieved with aws bedrock list-foundation-models, for example, for claude-3-sonnet, arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-3 -sonnet-20240229-v1:0 and arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0:28k.
At this time, when specifying arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0:28k, "1 validation error detected" occurred."

Expected Behavior

It is desirable to extend the validation judgment to allow ARNs with patterns such as ":28k" where the colon + character increases by one more step at the end.

Current Behavior

An error occurred (ValidationException) when calling the RetrieveAndGenerate operation: 1 validation error detected: Value 'arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0:28k' at 'retrieveAndGenerateConfiguration.knowledgeBaseConfiguration.modelArn' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)

Reproduction Steps

KNOWLEDGE_BASE_ID=XXXXXXXX
ARN="arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0:28k"
TEXT="string you want to search for"
aws bedrock-agent-runtime retrieve-and-generate \
  --retrieve-and-generate-configuration type=KNOWLEDGE_BASE,knowledgeBaseConfiguration="{knowledgeBaseId=$KNOWLEDGE_BASE_ID,modelArn=$ARN}" --input text="$TEXT"

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.15.44 Python/3.11.8 Linux/6.1.87-99.174.amzn2023.x86_64 exec-env/CloudShell exe/x86_64.amzn.2023 prompt/off

Environment details (OS name and version, etc.)

Amazon Linux 2023

[ichino-kazuaki]

I think the problem is that the ARN string contains a : (colon) in the part corresponding to resource-id.
In this case, he discovered the presence of a problematic ARN format in a Bedrock model and created an issue with the aws bedrock-agent-runtime retrieve-and-generate subcommand.
If a similar ARN format exists for other AWS services, it is likely that this issue could equally occur.

[tim-finnigan]

Thanks for reporting this issue. The Bedrock team owns the underlying ListFoundationModels and RetrieveAndGenerate APIs, and it appears that they are applying different input validation for modelArn in these APIs.

I will transfer this issue to our cross-SDK repository (since APIs like these are used across SDKs in addition to the AWS CLI) and reach out to the Bedrock team for review. I'll share any updates here in this issue. (ref: P129745717)