Skip to main content
To use Amazon Bedrock as the inference provider, set inferenceProvider to bedrock and supply the region and credentials described below.

Prerequisites

  • An AWS account with access to Claude models in Amazon Bedrock
  • Model access granted for the Claude models you intend to use in the Bedrock console

Configuration keys

SettingRequiredDescription
AWS region
inferenceBedrockRegion		YesAWS region for the Bedrock runtime endpoint, for example us-west-2 or us-gov-west-1.
AWS bearer token
inferenceBedrockBearerToken		One of token, profile, or helperBedrock API key generated from the Amazon Bedrock console. When set, inferenceBedrockProfile is ignored.
AWS profile name
inferenceBedrockProfile		One of token, profile, or helperAWS named profile from the AWS config and credentials files. Use this when credentials are managed by the AWS CLI, IAM Identity Center (SSO), or an enterprise credential process.
AWS config directory
inferenceBedrockAwsDir		NoAbsolute path to the directory containing the AWS config and credentials files, if not the default ~/.aws. The directory is copied into the sandbox so the named profile resolves there.
Bedrock base URL
inferenceBedrockBaseUrl		NoOverride the public regional endpoint, for example with a PrivateLink VPC interface endpoint. Must be https://.
You must also set inferenceModels to a list of Bedrock inference-profile IDs, for example us.anthropic.claude-sonnet-4-20250514-v1:0. See the Configuration reference.

Authentication

Choose one of the following. As a third option for environments where static credentials are not permitted, configure an inferenceCredentialHelper executable that prints a Bedrock bearer token to stdout; the helper’s output is used in place of inferenceBedrockBearerToken.

Bearer token

Set inferenceBedrockBearerToken to a Bedrock API key. The key’s underlying IAM principal must be allowed the bedrock:CallWithBearerToken action. Without that permission, the key is created successfully but every inference request returns an authorization error.

Named profile

Set inferenceBedrockProfile to an AWS named profile. The profile’s principal needs bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream on the inference profiles and underlying foundation models you use. Set inferenceBedrockAwsDir if your AWS configuration files live somewhere other than ~/.aws.

Example

<key>inferenceProvider</key>
<string>bedrock</string>
<key>inferenceBedrockRegion</key>
<string>us-west-2</string>
<key>inferenceBedrockProfile</key>
<string>claude-cowork</string>
<key>inferenceModels</key>
<string>["us.anthropic.claude-sonnet-4-20250514-v1:0"]</string>