Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This guide walks you through setting up and making API calls to Claude in Amazon Bedrock. Claude in Amazon Bedrock runs on AWS-managed infrastructure with zero operator access (Anthropic personnel have no access to the inference infrastructure), letting you build sensitive applications entirely inside the AWS security boundary while using the same Messages API shape you use with Anthropic's first-party API.
This page covers the new Claude in Amazon Bedrock offering, which exposes the Messages API at /anthropic/v1/messages. For the legacy Bedrock integration (the InvokeModel API with ARN-versioned model identifiers and AWS event-stream encoding), see Claude on Amazon Bedrock.
Claude in Amazon Bedrock is in research preview, available in the US East (N. Virginia) us-east-1 region at launch. Contact your Anthropic account executive to request access.
Before you begin, ensure you have:
us-east-1. The research preview requires a dedicated account for isolation. Your Anthropic account executive will submit your account ID to the Bedrock Marketplace team for allowlisting (typically processed within 24 hours).Claude in Amazon Bedrock supports three authentication paths. Choose the one that best fits your security requirements.
Use a Bedrock service role with AWS-managed keys for the most secure, long-lived access:
Admin: provision the service role
An AWS administrator provisions a Bedrock service role and grants developers iam:PassRole permission on the service role ARN.
Developer: pass the role
When calling the API, pass the service role ARN as a request parameter. Bedrock assumes the role on your behalf and signs requests with AWS-managed credentials. A code example showing where the ARN parameter goes will be added when the SDK packages publish.
For identity-federated access with a 12-hour maximum session:
Admin: configure the IAM role
Create an IAM role scoped to your Claude models. The trust policy names your identity provider (SAML, OIDC, or AWS Identity Center). The permissions policy grants bedrock-mantle:CreateInference only on the allowed model ARNs.
Developer: authenticate and assume
Authenticate through your corporate identity provider, then assume the IAM role. AWS STS issues temporary credentials that the SDK or CLI uses to sign requests.
For short-term access without IAM roles (12-hour maximum, least preferred):
Admin: restrict token types
Block long-term keys by attaching a policy that denies bedrock:CallWithBearerToken unless the bedrock:BearerTokenType condition matches a short-term token.
Developer: mint a token
Use the aws-bedrock-token-generator CLI (link pending publication) to mint a bearer token. Pass it in the x-api-key header on each request.
Anthropic's client SDKs support Claude in Amazon Bedrock through a Bedrock-specific package or module.
The endpoint follows the pattern https://bedrock-mantle.{region}.api.aws/anthropic/v1/messages. Unlike the legacy Bedrock integration, this endpoint uses standard SSE streaming and the same request body shape as Anthropic's first-party API.
The SDK resolves credentials and region using the standard AWS precedence: constructor arguments, then environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_REGION), then the AWS config file and credential chain (SSO, assumed roles, ECS task role, IMDS).
curl https://bedrock-mantle.us-east-1.api.aws/anthropic/v1/messages \
--aws-sigv4 "aws:amz:us-east-1:bedrock-mantle" \
--user "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" \
-H "x-amz-security-token: $AWS_SESSION_TOKEN" \
-H "content-type: application/json" \
-H "anthropic-version: 2023-06-01" \
-d '{
"model": "CLAUDE_MODEL_ID",
"max_tokens": 1024,
"messages": [
{"role": "user", "content": "Hello, Claude"}
]
}'If the dedicated AnthropicBedrockMantle client is not yet available in your language's SDK release, you can use the standard Anthropic client instead: set base_url to https://bedrock-mantle.{region}.api.aws/anthropic and pass your bearer token as api_key. This path supports bearer-token authentication only. SigV4 signing requires the dedicated client.
Model IDs in Claude in Amazon Bedrock carry an anthropic. provider prefix. Model capabilities and behaviors are documented on the Models overview page. See your AWS welcome email for the exact model ID enabled for your account.
Claude in Amazon Bedrock supports features that run inside the model. Features that require Anthropic-operated infrastructure are not available.
Supported:
/v1/messages)Not supported:
/v1/users endpointThe research preview is available in us-east-1 (IAD) only.
Default quota is 2 million input tokens per minute (TPM). You can request up to 4 million input TPM without additional Anthropic approval. AWS enforces requests-per-minute (RPM) limits on the Bedrock side; contact AWS support for RPM adjustments.
All inference data is retained for 30 days in your AWS storage. There is no zero-data-retention opt-out on this offering. For standard customers, Anthropic can inspect stored data for safety and abuse review. For Select-tier customers, only AWS can inspect data; Anthropic can run automated operations but not manual review. For details on Select-tier eligibility, contact your Anthropic account executive.
If your application requires zero data retention (ZDR), consider Claude Platform on AWS, where ZDR is available by contacting sales.
Claude in Amazon Bedrock emits logs to both CloudWatch and CloudTrail. Anthropic recommends retaining activity logs on at least a 30-day rolling basis to understand usage patterns and investigate potential issues.
For research preview support, contact [email protected]. Include your AWS account ID and the request-id from any failed API responses.
Was this page helpful?