Skip to content

feat: support IAM role-based authentication for AWS Bedrock#265

Open
ssncferreira wants to merge 1 commit intomainfrom
ssncf/bedrock-iam-role-auth
Open

feat: support IAM role-based authentication for AWS Bedrock#265
ssncferreira wants to merge 1 commit intomainfrom
ssncf/bedrock-iam-role-auth

Conversation

@ssncferreira
Copy link
Copy Markdown
Contributor

@ssncferreira ssncferreira commented Apr 13, 2026
edited
Loading

Description

Make AWS Bedrock static credentials optional. When AccessKey and AccessKeySecret are not set, AI Bridge falls back to the AWS SDK default credential chain, which supports IAM Roles (instance profiles, IRSA, ECS task roles), SSO, shared credentials/config files, and environment variables.

This unblocks organizations that don't use IAM Users and rely on IAM Roles for AWS resource access.

Changes

  • Remove the hard requirement for AccessKey and AccessKeySecret
  • Fall back to the SDK default credential chain when static credentials are not provided
  • Add SessionToken to the config for temporary credential support via static config
  • Validate that only one of AccessKey/AccessKeySecret isn't set (partial config is a misconfiguration)
  • Fail fast on startup if no credential source can be resolved

Closes: #144
Closes: https://linear.app/codercom/issue/AIGOV-67

@ssncferreira Graphite App
Copy link
Copy Markdown
Contributor Author

ssncferreira commented Apr 13, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ssncferreira ssncferreira force-pushed the ssncf/bedrock-iam-role-auth branch 2 times, most recently from 5dac38f to 917d8e4 Compare April 14, 2026 18:04
@ssncferreira ssncferreira force-pushed the ssncf/bedrock-iam-role-auth branch from 917d8e4 to 7f3b909 Compare April 14, 2026 18:13
@ssncferreira ssncferreira marked this pull request as ready for review April 14, 2026 18:14
@ssncferreira ssncferreira mentioned this pull request Apr 14, 2026
Open
dannykopping
dannykopping approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dannykopping dannykopping left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dannykopping dannykopping dannykopping approved these changes

@pawbana pawbana pawbana approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AWS Bedrock - Add support for AWS IAM role use

3 participants

@ssncferreira @dannykopping @pawbana