Provision AWS Bedrock models

This guide covers configuring AWS Bedrock as an AI model provider in Tetrate Agent Router.

The procedure covers:

Configuring the AWS Bedrock API endpoint
Setting authentication credentials
Defining the AWS region
Enabling or disabling the provider
Marking the provider as a first-party provider

Plan for 5--10 minutes, plus any AWS IAM setup if credentials do not already exist.

Prerequisites

Administrator access to the Admin Dashboard, typically the super_admin or billing_admin role.
Valid credentials for AWS Bedrock: an API key, an account ID, and an AWS client ID and secret.

Configuration guide

Step 1: Add provider

Log in to the Admin Dashboard.
In the left-hand navigation panel, select Catalog → Providers.
Click + Add provider.

Step 2: Configure provider details

Provider identifier (required): must be all lower-case and start with a letter. Example: my-aws-bedrock.
Display name (optional): a recognizable label. Example: AWS Bedrock BYOK.

Step 3: Configure authentication method

API base URL (required): set to https://bedrock-runtime.<region>.amazonaws.com/openai/v1. Replace the <region> placeholder with the selected AWS region.
Auth method (required): select AWS from the drop-down.

Step 4: Set the AWS region

Region (required): set to the AWS region used in the base URL. The region must match both the Bedrock deployment region and the region in the base URL.

Step 5: Provide authentication credentials

Secret type is fixed to Password and cannot be changed.
Provider secret (required): provide AWS_ACCESS_KEY_ID and AWS_ACCESS_KEY_SECRET in the corresponding fields. Both values are required.
The credentials must have permission to access AWS Bedrock.
Use the Rotate button to update credentials later.

Step 6: Enable the provider

First-party provider (optional): toggle on to give the provider first-party visibility in dashboard listings and search results.
Enable provider (required to use the configuration): toggle on. This controls whether the provider is available for use.

Step 7: Save the configuration

Click Add provider.

Example configuration

Display Name: AWS Bedrock

API Base URL:
https://bedrock-runtime.us-east-1.amazonaws.com/openai/v1

Auth Method:
AWS

Region:
us-east-1

AWS_ACCESS_KEY_ID:
<your-access-key>

AWS_SECRET_ACCESS_KEY:
<your-secret-key>

First-Party Provider:
Enabled

Enable Provider:
Enabled

AWS account requirements

Before the configuration is saved, confirm the following:

AWS Bedrock is enabled in the AWS account.
The selected region supports the required Bedrock models.
The IAM credentials carry permissions such as:

{
 "Effect": "Allow",
 "Action": [
   "bedrock:InvokeModel",
   "bedrock:InvokeModelWithResponseStream"
 ],
 "Resource": "*"
}

The API base URL and region match.

Conclusion

Once configured and saved, the platform can authenticate with AWS Bedrock and route model requests through the specified endpoint.

Where to go next

Provision models and providers

Enable Bedrock models and the general model-and-provider mechanics.

Connect provider subscriptions across clouds

Represent Bedrock subscriptions in several regions as independent provider entries.

Prerequisites​

Configuration guide​

Step 1: Add provider​

Step 2: Configure provider details​

Step 3: Configure authentication method​

Step 4: Set the AWS region​

Step 5: Provide authentication credentials​

Step 6: Enable the provider​

Step 7: Save the configuration​

Example configuration​

AWS account requirements​

Conclusion​