AWS Bedrock

Keeptrusts gateways Amazon Bedrock with full policy enforcement, audit logging, and native AWS SigV4 request signing. Bedrock provides access to foundation models from Anthropic, Meta, Mistral, Cohere, Amazon (Titan/Nova), and others through a unified AWS API. Keeptrusts handles SigV4 signing, region-specific endpoints, and model ID routing automatically — clients send standard OpenAI-format requests and Keeptrusts translates to Bedrock's Converse API.

Use this page when

• You need the exact command, config, API, or integration details for AWS Bedrock.
• You are wiring automation or AI retrieval and need canonical names, examples, and constraints.
• If you want a guided rollout instead of a reference page, use the linked workflow pages in Next steps.

Primary audience

• Primary: AI Agents, Technical Engineers
• Secondary: Technical Leaders

Prerequisites

1. AWS account with Bedrock access — enable model access in the Amazon Bedrock console.
2. IAM credentials — an access key / secret key pair with bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream permissions.
3. Keeptrusts CLI — install kt (quickstart guide).
4. Export your AWS credentials:

export AWS_ACCESS_KEY_ID="AKIA..."
export AWS_SECRET_ACCESS_KEY="wJalr..."
export AWS_DEFAULT_REGION="us-east-1"
# Optional: for temporary credentials (STS)
# export AWS_SESSION_TOKEN="FwoG..."

Keeptrusts auto-detects standard AWS environment variables when provider is "aws-bedrock".

Configuration

Create a policy-config.yaml with your Bedrock target:

pack:
  name: bedrock-gateway
  version: 1.0.0
  enabled: true
policies:
  chain:
  - prompt-injection
  - pii-detector
  - safety-filter
  - audit-logger
policy:
  prompt-injection:
    threshold: 0.8
    action: block
  pii-detector:
    action: redact
  safety-filter:
    mode: strict
    action: block
  audit-logger:
    retention_days: 365
providers:
  strategy: single
  targets:
  - id: bedrock-claude-sonnet
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0

Start the gateway:

kt gateway run \
  --listen 0.0.0.0:41002 \
  --policy-config policy-config.yaml

Provider Fields

All fields available on a providers.targets[] entry for AWS Bedrock:

Field	Type	Default	Description
id	string	required	Unique identifier for this target
provider	string	required	"aws-bedrock"
model	string	required	Bedrock model ID, e.g. "anthropic.claude-sonnet-4-20250514-v1:0"
base_url	string	auto-detected	Bedrock endpoint URL; auto-constructed from aws_region
aws_region	string	us-east-1	AWS region for the Bedrock endpoint
aws_access_key_env	string	AWS_ACCESS_KEY_ID	Environment variable for AWS access key
aws_secret_key_env	string	AWS_SECRET_ACCESS_KEY	Environment variable for AWS secret key
aws_session_token_env	string	AWS_SESSION_TOKEN	Environment variable for STS session token (optional)
aws_profile	string	none	AWS CLI profile name (alternative to explicit key env vars)
timeout_seconds	integer	60	Maximum time for non-streaming requests
stream_timeout_seconds	integer	none	Maximum time for streaming requests
max_context_tokens	integer	none	Maximum tokens in the context window
headers	map	{}	Additional HTTP headers sent with each request
format	string	"openai"	Wire format; clients send OpenAI format, Keeptrusts translates to Bedrock Converse
provider_type	string	"aws-bedrock"	Explicit provider type
description	string	none	Human-readable description
weight	float	1.0	Routing weight for weighted_round_robin strategy
data_policy	object	none	Data handling policy
pricing	object	none	Token pricing in USD per 1M tokens
health_probe	object	none	Active health probe configuration

Authentication

AWS Bedrock uses SigV4 request signing. Keeptrusts handles signing automatically using the configured AWS credentials.

Static Credentials (Access Key)

The simplest method — provide IAM access key and secret key via environment variables:

pack:
  name: aws-bedrock-providers-2
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Temporary Credentials (STS)

For IAM roles, instance profiles, or cross-account access:

pack:
  name: aws-bedrock-providers-3
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude-sts
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

AWS Profile

Use a named AWS CLI profile:

pack:
  name: aws-bedrock-providers-4
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude-profile
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

For EC2, ECS, or Lambda deployments, instance profiles and task roles are automatically available — you may not need to set any credential environment variables at all.

IAM Policy Requirements

The IAM principal needs at minimum:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-20250514-v1:0"
    }
  ]
}

Use "Resource": "*" to allow all models, or scope to specific model ARNs for least-privilege.

Supported Models

Bedrock provides access to models from multiple providers. All are proxied through Keeptrusts:

Model ID	Provider	Context Window	Notes
anthropic.claude-sonnet-4-20250514-v1:0	Anthropic	200K	Most capable Claude on Bedrock
anthropic.claude-3-5-sonnet-20241022-v2:0	Anthropic	200K	Previous gen Claude
anthropic.claude-3-5-haiku-20241022-v1:0	Anthropic	200K	Fast, cost-effective
anthropic.claude-3-opus-20240229-v1:0	Anthropic	200K	Legacy, very capable
anthropic.claude-3-haiku-20240307-v1:0	Anthropic	200K	Legacy, fastest Claude
meta.llama3-1-405b-instruct-v1:0	Meta	128K	Largest open model
meta.llama3-1-70b-instruct-v1:0	Meta	128K	Strong open model
meta.llama3-1-8b-instruct-v1:0	Meta	128K	Small, fast
mistral.mistral-large-2407-v1:0	Mistral	128K	Mistral's flagship
mistral.mixtral-8x7b-instruct-v0:1	Mistral	32K	MoE architecture
cohere.command-r-plus-v1:0	Cohere	128K	RAG-optimized
cohere.command-r-v1:0	Cohere	128K	Cost-effective RAG
amazon.titan-text-premier-v1:0	Amazon	32K	Amazon's text model
amazon.nova-pro-v1:0	Amazon	300K	Amazon Nova, multimodal
amazon.nova-lite-v1:0	Amazon	300K	Nova, cost-effective

Any model enabled in your Bedrock console can be used — set model to the full Bedrock model ID. Keeptrusts passes the model ID through to the Bedrock Converse API.

Client Examples

Clients send standard OpenAI-format requests to the gateway — Keeptrusts translates to Bedrock's Converse API automatically.

Python

from openai import OpenAI

# Standard OpenAI SDK — Keeptrusts translates to Bedrock Converse API
client = OpenAI(
    base_url="http://localhost:8080/v1",
    api_key="unused",  # auth handled by Keeptrusts via AWS credentials
)

response = client.chat.completions.create(
    model="anthropic.claude-sonnet-4-20250514-v1:0",
    messages=[
        {"role": "system", "content": "You are a helpful assistant."},
        {"role": "user", "content": "Explain the shared responsibility model in AWS."},
    ],
    temperature=0.7,
    max_tokens=512,
)

print(response.choices[0].message.content)

Node.js

import OpenAI from "openai";

const client = new OpenAI({
  baseURL: "http://localhost:8080/v1",
  apiKey: "unused", // auth handled by Keeptrusts via AWS credentials
});

const response = await client.chat.completions.create({
  model: "anthropic.claude-sonnet-4-20250514-v1:0",
  messages: [
    { role: "system", content: "You are a helpful assistant." },
    { role: "user", content: "Explain the shared responsibility model in AWS." },
  ],
  temperature: 0.7,
  max_tokens: 512,
});

console.log(response.choices[0].message.content);

cURL

curl http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "anthropic.claude-sonnet-4-20250514-v1:0",
    "messages": [
      {"role": "system", "content": "You are a helpful assistant."},
      {"role": "user", "content": "Explain the shared responsibility model in AWS."}
    ],
    "temperature": 0.7,
    "max_tokens": 512
  }'

Boto3 (Direct)

# You can also use Boto3 directly through the gateway
import boto3
import json

bedrock = boto3.client(
    "bedrock-runtime",
    endpoint_url="http://localhost:8080",
    region_name="us-east-1",
)

response = bedrock.converse(
    modelId="anthropic.claude-sonnet-4-20250514-v1:0",
    messages=[
        {
            "role": "user",
            "content": [{"text": "Explain the shared responsibility model in AWS."}],
        }
    ],
)

print(response["output"]["message"]["content"][0]["text"])

Streaming

Keeptrusts supports Bedrock streaming via the Converse Stream API. Set stream: true — policies are applied per-chunk in real time.

pack:
  name: aws-bedrock-providers-5
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude-stream
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Python

from openai import OpenAI

client = OpenAI(base_url="http://localhost:8080/v1", api_key="unused")

stream = client.chat.completions.create(
    model="anthropic.claude-sonnet-4-20250514-v1:0",
    messages=[{"role": "user", "content": "Write a haiku about cloud computing."}],
    stream=True,
)

for chunk in stream:
    if chunk.choices[0].delta.content:
        print(chunk.choices[0].delta.content, end="", flush=True)

cURL

curl http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -N \
  -d '{
    "model": "anthropic.claude-sonnet-4-20250514-v1:0",
    "messages": [{"role": "user", "content": "Write a haiku about cloud computing."}],
    "stream": true
  }'

Advanced Configuration

Multi-Region Failover

Deploy targets across AWS regions for high availability and latency optimization:

pack:
  name: aws-bedrock-providers-6
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-us-east-1
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
  - id: bedrock-eu-west-1
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Bedrock Guardrails Integration

Amazon Bedrock Guardrails provide content filtering at the Bedrock API level. When Guardrails are applied (via your Bedrock console or API config), filtered responses return with a GUARDRAIL_INTERVENED stop reason. Keeptrusts logs these alongside its own policy chain results, giving you unified audit visibility across both Keeptrusts and AWS-native guardrails.

No additional gateway configuration is needed — Keeptrusts preserves Guardrails metadata in responses and audit logs.

Cross-Provider Fallback

Use Bedrock as primary with direct Anthropic API as fallback:

pack:
  name: aws-bedrock-providers-7
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-primary
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
  - id: anthropic-fallback
    provider: anthropic
    model: claude-sonnet-4-20250514
    secret_key_ref:
      env: ANTHROPIC_API_KEY
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Multi-Model Routing

Route different workloads to different Bedrock models:

pack:
  name: aws-bedrock-providers-8
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude-sonnet
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
  - id: bedrock-claude-haiku
    provider: aws-bedrock
    model: anthropic.claude-3-5-haiku-20241022-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Circuit Breaker

Temporarily remove unhealthy Bedrock targets from rotation:

pack:
  name: aws-bedrock-providers-9
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Retry Policy

Retry transient failures (throttling, 5xx errors):

pack:
  name: aws-bedrock-providers-10
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Zero Data Retention

Bedrock does not store prompts or completions by default. Keeptrusts's ZDR enforcement confirms this at the gateway level:

pack:
  name: aws-bedrock-providers-11
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-zdr
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

When Bedrock model invocation logging is enabled in your AWS account, prompts and responses are logged to S3/CloudWatch. Set zero_data_retention: true in Keeptrusts to document the compliance expectation and enforce it at the gateway level.

Data Residency

Bedrock processes data in the AWS region you specify. Use aws_region to ensure data stays in a specific geography:

pack:
  name: aws-bedrock-providers-12
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-eu
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

A/B Testing Across Models

Split traffic across Bedrock models from different providers:

pack:
  name: aws-bedrock-providers-13
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
  - id: bedrock-llama
    provider: aws-bedrock
    model: meta.llama3-1-70b-instruct-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Rate Limiting

Enforce per-provider request rate limits:

pack:
  name: aws-bedrock-providers-14
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

Token Cost Tracking

Declare pricing for cost dashboards and budget alerts:

pack:
  name: aws-bedrock-providers-15
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: bedrock-claude
    provider: aws-bedrock
    model: anthropic.claude-sonnet-4-20250514-v1:0
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true

AWS Bedrock vs Direct API

Feature	AWS Bedrock	Direct Anthropic/OpenAI
Auth	SigV4 (IAM)	API key / Bearer token
Data residency	AWS region (your account)	Provider-managed
Model access	Enable per-model in console	API key scope
Billing	AWS bill, consolidated	Separate provider bill
Data retention	None by default	Provider-dependent
Training	Never trains on your data	Provider-dependent opt-out
VPC support	VPC endpoints, PrivateLink	Public internet
Compliance	SOC, HIPAA, FedRAMP, etc.	Provider-dependent
Guardrails	AWS Bedrock Guardrails	Provider-specific

Best Practices

• Use STS temporary credentials in production — avoid long-lived access keys. Instance profiles, task roles, and IRSA (EKS) are preferred.
• Scope IAM policies to specific model ARNs for least-privilege access — don't grant bedrock:* on Resource: "*".
• Set aws_region explicitly — Bedrock model availability varies by region and data residency requirements may dictate region selection.
• Enable health probes for multi-region failover so routing strategies react to regional Bedrock outages.
• Use data_policy to document Bedrock's built-in data protections in your audit trail — especially important for regulated industries.
• Prefer fallback strategy with multi-region for production — combine us-east-1 and eu-west-1 targets for geo-redundancy.
• Declare pricing — Bedrock pricing varies by model and region; declaring it enables cost dashboards and budget enforcement.
• Layer Keeptrusts policies with Bedrock Guardrails — use Bedrock Guardrails for provider-side content filtering and Keeptrusts policies for gateway-side enforcement, giving you defense-in-depth.
• Use stream_timeout_seconds for streaming — Bedrock Claude models can produce long-running streams.
• Consider cross-provider fallback — route from Bedrock to direct Anthropic or OpenAI APIs as a backup to avoid AWS-specific outages.

For AI systems

• Canonical terms: Keeptrusts gateway, AWS Bedrock, Amazon Bedrock, SigV4, provider target, policy-config.yaml, provider: "aws-bedrock", Converse API.
• Config field names: provider, model, aws_region, aws_access_key_env, aws_secret_key_env, aws_session_token_env, format: "openai", provider_type: "aws-bedrock", data_policy.
• Auth: SigV4 request signing using standard AWS env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION, AWS_SESSION_TOKEN).
• Key behavior: Keeptrusts translates OpenAI-format requests to Bedrock's Converse API and handles region-specific endpoint construction.
• Best next pages: Azure OpenAI integration, Anthropic integration, Provider routing.

For engineers

• Prerequisites: AWS account with Bedrock model access enabled, IAM credentials with bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream permissions, kt CLI installed.
• Required env vars: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION. Optional: AWS_SESSION_TOKEN for STS temporary credentials.
• Start command: kt gateway run --listen 0.0.0.0:41002 --policy-config policy-config.yaml.
• Validate: curl http://localhost:8080/v1/chat/completions -H 'Content-Type: application/json' -d '{"model":"anthropic.claude-sonnet-4-20250514-v1:0","messages":[{"role":"user","content":"hello"}]}'.
• Model IDs use Bedrock format (e.g., anthropic.claude-sonnet-4-20250514-v1:0, meta.llama3-70b-instruct-v1:0).
• For cross-region failover, configure multiple targets with different aws_region values and use fallback strategy.

For leaders

• Bedrock provides data residency guarantees — traffic stays within the configured AWS region, addressing sovereignty requirements.
• Zero data retention is default on Bedrock — AWS does not store prompts or completions, and never trains on customer data.
• IAM-based auth integrates with existing AWS governance (CloudTrail, SCPs, permission boundaries) for centralized access control.
• Multi-region failover via Keeptrusts routing strategies provides resilience against regional AWS outages.
• Bedrock Guardrails can be layered with Keeptrusts policies for defense-in-depth content filtering.

Next steps

• Azure OpenAI integration — alternative cloud-native LLM deployment with similar data residency controls
• AWS SageMaker integration — custom model endpoints on AWS
• Anthropic integration — direct Anthropic API access for Claude models
• Provider routing strategies — multi-region failover and fallback configuration
• Quickstart — install kt and run your first gateway