DEV Community

Cover image for πŸ”‘ Amazon Bedrock API Keys: Simplified Authentication for Developers
Elizabeth Fuentes L for AWS

Posted on • Originally published at community.aws

πŸ”‘ Amazon Bedrock API Keys: Simplified Authentication for Developers

πŸ‡»πŸ‡ͺπŸ‡¨πŸ‡± Dev.to Linkedin GitHub Twitter Instagram Youtube
Linktr

Amazon Bedrock now offers two types of API Keys to simplify programmatic authentication, each designed for different use cases:

🟒 Short-term API Keys (Recommended)

  • Duration: Up to 12 hours or remaining console session time
  • Technology: Pre-signed URLs with AWS Signature Version 4
  • Permissions: Inherit the same permissions as the generating identity
  • Generation: Bedrock console, Python package aws-bedrock-token-generator
  • Security: Lower risk due to short duration

🟑 Long-term API Keys (For development)

  • Duration: From 1 day up to 365 days (or never expires)
  • Association: Linked to specific IAM users
  • Limit: Maximum 2 keys per IAM user
  • Auto-policy: AmazonBedrockLimitedAccess automatically attached to user
  • Security: Higher risk - requires regular rotation

πŸ› οΈ How to Generate Long-term API Keys

Prerequisites

  1. Existing IAM user
  2. Required IAM permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceSpecificCredential",
                "iam:ListServiceSpecificCredentials",
                "iam:UpdateServiceSpecificCredential",
                "iam:DeleteServiceSpecificCredential",
                "iam:ResetServiceSpecificCredential"
            ],
            "Resource": "arn:aws:iam::*:user/username"
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

πŸ–₯️ Method 1: AWS Console

  1. Navigate to IAM Console β†’ Users
  2. Select the IAM user
  3. Security credentials tab
  4. API keys for Amazon Bedrock section β†’ Generate API Key

  1. Configure expiration (1, 5, 30, 90, 365 days or custom) - For long-term API key

  1. IMPORTANT! Download/copy the key immediately - you cannot retrieve it later

⌨️ Method 2: AWS CLI

To generate an Amazon Bedrock long-term API key using the AWS CLI, use Generating a long-term API Key for Amazon Bedrock (AWS CLI)steps.

πŸ’» Code Implementation

🌐 Environment Variable Setup

# Set as environment variable
export AWS_BEARER_TOKEN_BEDROCK=your-api-key-here

# Or use in applications
import os
api_key = os.getenv('AWS_BEARER_TOKEN_BEDROCK')
Enter fullscreen mode Exit fullscreen mode
import requests

# Configuration
url = "https://bedrock-runtime.us-east-1.amazonaws.com/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke"

payload = {
    "messages": [
        {
            "role": "user", 
            "content": [{"type": "text", "text": "Hello, Bedrock!"}]
        }
    ],
    "max_tokens": 1000,
    "anthropic_version": "bedrock-2023-05-31"
}

headers = {
    "Content-Type": "application/json",
    "Authorization": "Bearer YOUR_BEDROCK_API_KEY"
}

response = requests.post(url, json=payload, headers=headers)
print(response.json())
Enter fullscreen mode Exit fullscreen mode

Use Amazon Bedrock API in your favorite SDK.

🎯 When to Use Each Type?

Scenario Recommendation
Production applications Short-term API keys
Development/Testing Long-term API keys
CI/CD Pipelines Short-term API keys
Personal scripts Long-term API keys
Enterprise applications Short-term + automatic rotation

πŸ“Š Key Benefits

βœ… Simplified Authentication - No complex signature calculations

βœ… Flexible Duration - Choose expiration that fits your needs

βœ… Enhanced Security - Service-specific credentials limit scope

βœ… Existing IAM Controls - Respects all current permissions


Have you tried the new API Keys yet? Share your experience in the comments! πŸš€


Top comments (6)

Collapse
 
ensamblador profile image
ensamblador

Finally!

Collapse
 
camila_hinojosa_anez profile image
Camila Hinojosa Anez

awesome news!!

Collapse
 
aditmodi profile image
Adit Modi

great news!!!

Collapse
 
dotallio profile image
Dotallio

Really appreciate how you broke down the differences - setting up short-term keys honestly looks way simpler now. Has anyone run into issues with key rotation or automating renewals yet?

Collapse
 
hectorfernandezdev profile image
Hector Fernandez CloudparaTodo

Great summary thanks!

Collapse
 
nathan_tarbert profile image
Nathan Tarbert

This is extremely impressive, the setup part with code and actual steps is exactly what I wish more AWS guides had