Closed brianprost closed 5 days ago
@brianprost the authentication information are used as configuration options for creating a BedrockRuntimeClient
( https://github.com/vercel/ai/blob/main/packages/amazon-bedrock/src/bedrock-provider.ts#L47 ). You can use any authentication mechanism that works with the Bedrock SDK.
Description
It seems like the only way that Bedrock can be used now is by generating access credentials, which is not the most secure nor standard way to handle permissions for workloads running on AWS.
In the legacy Bedrock provider, a deployed compute instance could still authenticate with the Bedrock API using the metadata service, but when transitioning to AI SDK 3.x /
@ai-sdk/amazon-bedrock
, deployed environments can no longer authenticate.Code example
Things work fine locally, where I'm authenticated with AWS SSO CLI. All of these work fine locally, but not when deployed
Additional context
My deployed environment is a NextJS
14.2.4
app in a Docker container (derived from the official example) on a ECS service inus-east-1