Connect Bedrock with Amazon Assumed Role
How to create a virtual key for Bedrock using Amazon Assumed Role Authentication
Available on all plans.
Select AWS Assumed Role Authentication
Create a new virtual key on Portkey, select Bedrock as the provider and AWS Assumed Role as the authentication method.
Create an AWS Role for Portkey to Assume
This role you create will be used by Porktey to execute InvokeModel commands on Bedrock models in your AWS account. The setup process will establish a minimal-permission (“least privilege”) role and set it up to allow Porktey to assume this role.
Create a permission policy in your AWS account using the following JSON
Create a new IAM role
Choose AWS account as the trusted entity type. If you set an external ID be sure to copy it, we will need it later.
Add the above policy to the role
Search for the policy you created above and add it to the role.
Configure Trust Relationship for the role
Once the role is created, open the role and navigate to the Trust relationships tab and click Edit trust policy. This is where you will add the Portkey AWS account as a trusted entity.
Paste the following JSON into the trust policy editor and click Update Trust Policy.
If you set an external ID, add it to the condition as shown below.
Configure the virtual key with the role ARN
Once the role is created, copy the role ARN and paste it into the Bedrock integrations modal in Portkey along with the external ID if you set one and the AWS region you are using.
You’re all set! You can now use the virtual key to invoke Bedrock models.
Was this page helpful?