Amazon Bedrock error "prelude checksum was incorrect"
in progress
Daniel Nguyen
This has been released in the beta channel. Please help me test the beta release :D
To opt for beta updates, go to Settings > Advanced > Software Updates.
Sam
Daniel Nguyen Thanks! Just tried updating to the beta and it crashes as soon as it opens.
The last of the console logs before it dies:
<CA2267F2-590F-4FA8-9247-00EA1CE985E6>.<2> finished with error [-1005] Error Domain=NSURLErrorDomain Code=-1005 UserInfo={_kCFStreamErrorCodeKey=57, NSUnderlyingError=0x600001f523d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en8, ipv4, ipv6, dns, _kCFStreamErrorCodeKey=57, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, NSLocalizedDescription=<private>, NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _kCFStreamErrorDomainKey=1}
default 15:37:51.264389+1100 BoltAI [0x600002ee30c0] invalidated after the last release of the connection object
default 15:37:51.295742+1100 BoltAI [0x121146000] activating connection: mach=true listener=false peer=false name=co.podzim.BoltGPT-spks
default 15:37:51.295891+1100 BoltAI [0x121146000] failed to do a bootstrap look-up: xpc_error=[3: No such process]
default 15:37:51.295906+1100 BoltAI [0x121146000] invalidated after a failed init
default 15:37:51.324856+1100 BoltAI [0x600002ee7b10] activating connection: mach=false listener=false peer=false name=com.apple.ViewBridgeAuxiliary
default 15:37:51.329931+1100 BoltAI [0x12168be60] activating connection: mach=false listener=false peer=false name=(anonymous)
Daniel Nguyen
Sam Can you share the crash log. This is not the root cause unfortunately.
Sam
Daniel Nguyen I've got crash and usage reporting enabled, I've also emailed it to you (as it's too big for here).
Daniel Nguyen
in progress
John Tyra
Hi! 👋 🤓 I have this error as well Daniel Nguyen, same steps and same result. Image attached for reference. There is nothing listed in the dropdown for models.
As a test, I tried using a different key that has full administrative permissions and this error still occurred. So it's not permission/access related if that helps?
Daniel Nguyen
under review
Daniel Nguyen
Sam You need to select a model in the dropdown. Can you try that?
Sam
Daniel Nguyen The drop down is empty - won't you need the AWS_SESSION_TOKEN as well before it'll auth to be able to select from the available models?
Daniel Nguyen
Sam Hey Sam. How did you generate your AWS credentials? Hmmm when I generated it, I only received secret key and access key. I wasn't aware that I need AWS_SESSION_TOKEN also.
Sam
Daniel Nguyen here's my ~/.aws/config:
[profile aisandpit]
sso_session = aisandpit
sso_account_id = 123456789012
sso_role_name = Administrator (put whatever your real role name is here)
region = ap-southeast-2
output = json
[sso-session aisandpit]
sso_start_url = https://d-1234567890.awsapps.com/start/#
sso_region = ap-southeast-2
and after authenticating with sso I can run:
aws configure export-credentials --format env --profile <profile name here>
To get the env vars
Daniel Nguyen
Sam Ah I see. So looks like this is needed when using SSO. Are you auth using SSO also John Tyra?
Sam
Daniel Nguyen Ah right, sorry yes perhaps that's correct, I don't think I've used AWS without SSO before so didn't think of this!
John Tyra
Daniel Nguyen hey 👋🤓 No I'm not using SSO for the IAM user. It's a regular login.
Daniel Nguyen
John Tyra I see. But do you have the AWS_SESSION_TOKEN? I think I’ll need that to cover all cases.
John Tyra
Daniel Nguyen No :) Is isn't necessary when accessing AWS API endpoints with regular IAM user access key/secret key credentials, unless using a federated login or SSO. AWS STS can generate temporary credentials if a AWS_SESSION_TOKEN is required but that's not necessary for making API calls to Amazon Bedrock. I'm not sure what you're using on the backend but here is the dev guide for leveraging boto3 to make calls to Bedrock programmatically:
Daniel Nguyen
John Tyra Yeah I’m aware that it’s not strictly required. As I’m using a long-lived credentials from an IAM user as well.
But I don’t have the signing issue that you run into.
Did you generate the credentials in the AWS console or is there any specific steps I can try to reproduce the issue on my end?
I have full root access on my AWS account FYI.
John Tyra
Daniel Nguyen all good :)
Oh interesting!! Ok now you have me curious haha. 😅
I'm using these creds with flowiseAI and no issues, but tomorrow I can generate a new key pair for testing.
I'll document the steps I'm taking and gather additional data that might be helpful. I can try a few variations in process to see if anything changes.
Yes these are generated in the console/gui. :) I do hope you aren't using IAM keys tied to your root account my friend!! 😉
Daniel Nguyen
John Tyra: Thanks. No, I disabled root account for a long time :D
Daniel Nguyen
John Tyra: Hey John. Any chance you can double check the region was correct?
I asked o1 and these might be the reasons.
John Tyra
Daniel Nguyen good morning! :)
We haven't reached AGI yet, so o1 wasn't even close to the actual root cause. 😉
I found the issue, it's the
Stream Responses?
checkbox!! Here's how to reproduce:1) Settings -> Models -> "+" button to add
2) Input working IAM access key / secret key
3) Select region
4) Leave "Stream Responses?" checked (it's enabled by default)
5) Click "Save Changes" and the error will be shown
To work around the issue:
1) Settings -> Models -> "+" button to add
2) Input working IAM access key / secret key
3) Select region
4) Uncheck "Stream Responses?"
5) Click "Save Changes", no error is shown (but model list is retrieved)
6) Select a model from the drop-down list (i.e. Claude 3.5 Sonnet)
7) Check "Stream Responses?"
8) Click "Save Changes" again, no error this time
What I suggest:
A) Initially, change the default status of the "Stream Responses?" checkbox to be unchecked.
B) Modify the GUI logic to automatically pull the list of available models once the "Access Key ID" and "Secret Access Key" fields are first populated and focus is removed. This would allow the model list to become available and you could even select one as a default, maybe the first result from that API call. This would be the equivalent of the user pressing the 'Refresh' button once.
C) Modify the code to check the "responseStreamingSupported" field for each model when making the API call for "GetFoundationModel". Save this in an array and when the user selects a model that does NOT support streaming, disable (grey out) the "Stream Responses?" checkbox entirely.
Daniel Nguyen
John Tyra: Wow this is probably why I never ran into the issue. Thanks for the detailed analysis. I will release the fix soon. Bonus, a huge update incoming ;)
Sam
I noticed there's no field for the AWS_SESSION_TOKEN, not sure if that could be related or not? Daniel Nguyen