[Security solution] Update default Bedrock api url (#176090)

2025-04-23 01:13:23 -04:00 · 2024-02-02 10:43:33 -07:00 · 2024-02-02 10:43:33 -07:00 · 3a4ad7725a
commit 3a4ad7725a
parent 2c89f974a7
5 changed files with 37 additions and 8 deletions
--- a/docs/management/connectors/pre-configured-connectors.asciidoc
+++ b/docs/management/connectors/pre-configured-connectors.asciidoc
@ -147,7 +147,7 @@ xpack.actions.preconfigured:
    name: preconfigured-bedrock-connector-type
    actionTypeId: .bedrock
    config:
-      apiUrl: https://bedrock.us-east-1.amazonaws.com <1>
+      apiUrl: https://bedrock-runtime.us-east-1.amazonaws.com <1>
      defaultModel: anthropic.claude-v2 <2>
    secrets:
      accessKey: key-value <3>
--- a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts
+++ b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts
@ -25,4 +25,4 @@ export enum SUB_ACTION {
 export const DEFAULT_TOKEN_LIMIT = 8191;
 export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-v2';

-export const DEFAULT_BEDROCK_URL = `https://bedrock.us-east-1.amazonaws.com` as const;
+export const DEFAULT_BEDROCK_URL = `https://bedrock-runtime.us-east-1.amazonaws.com` as const;
--- a/x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/bedrock/constants.tsx
@ -39,7 +39,7 @@ export const bedrockConfig: ConfigFieldSchema[] = [
          bedrockAPIUrlDocs: (
            <EuiLink
              data-test-subj="bedrock-api-doc"
-              href="https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html"
+              href="https://docs.aws.amazon.com/general/latest/gr/bedrock.html"
              target="_blank"
            >
              {`${i18n.BEDROCK} ${i18n.DOCUMENTATION}`}
--- a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts
@ -72,7 +72,7 @@ describe('BedrockConnector', () => {
              Accept: '*/*',
              'Content-Type': 'application/json',
            },
-            host: 'bedrock.us-east-1.amazonaws.com',
+            host: 'bedrock-runtime.us-east-1.amazonaws.com',
            path: '/model/anthropic.claude-v2/invoke',
            service: 'bedrock',
          },
@ -136,7 +136,7 @@ describe('BedrockConnector', () => {
              'Content-Type': 'application/json',
              'x-amzn-bedrock-accept': '*/*',
            },
-            host: 'bedrock.us-east-1.amazonaws.com',
+            host: 'bedrock-runtime.us-east-1.amazonaws.com',
            path: '/model/anthropic.claude-v2/invoke-with-response-stream',
            service: 'bedrock',
          },
@ -319,7 +319,7 @@ describe('BedrockConnector', () => {
        ).toEqual(`API Error: Resource Not Found - Resource not found`);
      });

-      it('returns auhtorization error', () => {
+      it('returns authorization error', () => {
        const err = {
          response: {
            headers: {},
@ -333,7 +333,27 @@ describe('BedrockConnector', () => {

        // @ts-expect-error expects an axios error as the parameter
        expect(connector.getResponseErrorMessage(err)).toEqual(
-          `Unauthorized API Error - The api key was invalid.`
+          `Unauthorized API Error: The api key was invalid.`
+        );
+      });
+
+      it('returns endpoint error', () => {
+        const err = {
+          response: {
+            headers: {},
+            status: 400,
+            statusText: 'Bad Request',
+            data: {
+              message: 'The requested operation is not recognized by the service.',
+            },
+          },
+        } as AxiosError<{ message?: string }>;
+
+        // @ts-expect-error expects an axios error as the parameter
+        expect(connector.getResponseErrorMessage(err)).toEqual(
+          `API Error: The requested operation is not recognized by the service.
+
+The Kibana Connector in use may need to be reconfigured with an updated Amazon Bedrock endpoint, like \`bedrock-runtime\`.`
        );
      });
    });
--- a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.ts
@ -89,9 +89,18 @@ export class BedrockConnector extends SubActionConnector<Config, Secrets> {
    if (!error.response?.status) {
      return `Unexpected API Error: ${error.code ?? ''} - ${error.message ?? 'Unknown error'}`;
    }
+    if (
+      error.response.status === 400 &&
+      error.response?.data?.message === 'The requested operation is not recognized by the service.'
+    ) {
+      // Leave space in the string below, \n is not being rendered in the UI
+      return `API Error: ${error.response.data.message}
+
+The Kibana Connector in use may need to be reconfigured with an updated Amazon Bedrock endpoint, like \`bedrock-runtime\`.`;
+    }
    if (error.response.status === 401) {
      return `Unauthorized API Error${
-        error.response?.data?.message ? ` - ${error.response.data.message}` : ''
+        error.response?.data?.message ? `: ${error.response.data.message}` : ''
      }`;
    }
    return `API Error: ${error.response?.statusText}${