Accelerate AI development with Amazon Bedrock API keys

Today we are pleased to announce significant improvements to the developer experience for Amazon Bedrock: API Keys. API keys provide quick access to the Amazon Bedrock API, streamline the authentication process, allowing developers to focus on building rather than configuration.

Camelai is an open source modular framework for building intelligent multi-agent systems for data generation, global simulation, and task automation.

“As a startup with limited resources, streamlined customer onboarding is essential to success. Amazon's bedrock API key allows enterprise customers to be onboarded in minutes rather than hours. With bedrock, customers can quickly provide access to major AI models and seamlessly integrate them into cameras.”

Miguel Salinas, CTO, Camelai said.

In this post, look at how API keys work and how you can get started today.

API Key Authentication

Amazon Bedrock provides API key access to streamline integration with tools and frameworks that expect API key-based authentication. Amazon Bedrock and Amazon Bedrock Runtime SDKS support API key authentication for on-demand inference, provision throughput inference, fine-tuning models, distillation, and evaluation methods.

This diagram compares the default authentication process with Amazon Bedrock (orange) and the API key approach (blue). The default process requires you to create an ID in AWS IAM Identity Center or IAM, attach an IAM policy to provide permission to perform API operations, and generate credentials that can be used to make API calls. The gray boxes in the diagram highlight the steps Amazon Bedrock is currently streamlining when generating API keys. Developers can now authenticate and access the Amazon Bedrock API with minimal setup overhead.

You can generate an API key in the Amazon Bedrock console and choose two types:

and Long-term API KeyYou can set an expiration date ranging from 1 day to the expiration date. These keys are associated with the IAM user that Amazon Bedrock automatically creates. This system can attach an AmazonBedRockLimitedAccess managed policy to this IAM user and change permissions as needed through the IAM service. I recommend using long-term keys primarily to explore Amazon bedrock.

Short-term API Key It expires when the account's session ends or can last up to 12 hours using IAM permissions from the current IAM principal. The short-term API key uses AWS Signature Version 4 for authentication. To use a continuous application, you can implement updating the API key in a script, as shown in this example. For setups that require a higher level of security, we recommend using short-term API keys.

Make the first API call

Once you have access to the Foundation model, start with the Amazon Bedrock API key. Here's how to use Python (Boto3 SDK) and AWS SDK for API Keys to create your first API call:

Generate API key

To generate an API key, follow these steps:

Sign in to the AWS Management Console and open the Amazon Bedrock console
In the left navigation panel, select API key
Choose either Generate short-term API keys or Generate long-term API keys
For long-term keys, set the desired expiration date and optionally configure advanced permissions
choose Generate Copy the API key

Set the API key as an environment variable

You can set the API key as an environment variable so that it is automatically recognized when making an API request.

# To set the API key as an environment variable, you can open a terminal and run the following command:
export AWS_BEARER_TOKEN_BEDROCK=${api-key}

When you create an Amazon Bedrock client, the BOTO3 SDK automatically detects environment variables.

Make the first API call

Now you can make API calls to Amazon Bedrock in a variety of ways.

I use curls

curl -X POST "https://bedrock-runtime.us-east-1.amazonaws.com/model/us.anthropic.claude-3-5-haiku-20241022-v1:0/converse" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $AWS_BEARER_TOKEN_BEDROCK" \
  -d '{
    "messages": [
        {
            "role": "user",
            "content": [{"text": "Hello"}]
        }
    ]
  }'

Using the Amazon Bedrock SDK:

import boto3

# Create an Amazon Bedrock client
client = boto3.client(
    service_name="bedrock-runtime",
    region_name="us-east-1"     # If you've configured a default region, you can omit this line
) 

# Define the model and message
model_id = "us.anthropic.claude-3-5-haiku-20241022-v1:0"
messages = [{"role": "user", "content": [{"text": "Hello"}]}]
   
response = client.converse(
    modelId=model_id,
    messages=messages,
)

# Print the response
print(response['output']['message']['content'][0]['text'])

You can also use native libraries such as Python requests.

import requests
import os

url = "https://bedrock-runtime.us-east-1.amazonaws.com/model/us.anthropic.claude-3-5-haiku-20241022-v1:0/converse"

payload = {
    "messages": [
        {
            "role": "user",
            "content": [{"text": "Hello"}]
        }
    ]
}

headers = {
    "Content-Type": "application/json",
    "Authorization": f"Bearer {os.environ['AWS_BEARER_TOKEN_BEDROCK']}"
}

response = requests.request("POST", url, json=payload, headers=headers)

print(response.text)

Bridge the developer experience and enterprise security requirements

Enterprise admins can now streamline user onboarding into the Amazon Bedrock Foundation model. A setup that requires a higher level of security allows administrators to enable short-term API keys for users. The short-term API key uses AWS Signature Version 4 and existing IAM principals to maintain the established access controls implemented by administrators.

For audit and compliance purposes, all API calls are logged in AWS CloudTrail. The API key is passed as an approval header to the API request and is not logged.

Conclusion

The Amazon Bedrock API key is available in 20 AWS regions where Amazon Bedrock is available: US East (Ohio, N. Virginia), US West (Oregon), Asia Pacific (Hyderabad, Mumbai, Osaka, Seoul, Singapore, Sydney, Tokyo), Canada (Canada), Europe, Europe, etc. (São Paulo). For more information about Amazon Bedrock API keys, see the API Keys documentation in the Amazon Bedrock User Guide.

Try API keys now in the Amazon Bedrock Console and send feedback via AWS Re:Amazon Bedrock posts or regular AWS Support contacts.

About the author

Sofian Hamity A technology leader with experience building AI solutions and building key high-performance teams to build AI solutions and maximize customer outcomes. He is passionate about fostering global influence on diverse talent and empowering it to achieve career aspirations.

Ajit Mahareddy It is an experienced product with over 20 years of experience in product management, engineering and market. Prior to his current role, AJIT led AI/ML products to major technology companies such as Uber, Turing and eHealth. He is passionate about advancing generative AI technology and promoting real-world impact with generative AI.

Nakuru Vankadari Ramesh I am a software development engineer with over 7 years of experience building large-scale distributed systems. He currently works for the Amazon Bedrock team, accelerating the development of generator AI features. Previously, it contributed to Amazon managed blockchain, focusing on scalable and reliable infrastructure.

Huong nguyen I am AWS Principal Product Manager. She is a product leader at Amazon Bedrock and has 18 years of experience building customer-centric and data-driven products. She is passionate about democratizing responsible machine learning and generating AI to enable customer experience and business innovation. Outside of work, she enjoys spending time with family and friends, listening to audiobooks, traveling and gardening.

Masimiliano Angelino I am the lead architect for the EMEA prototyping team. Over the past three and a half years, he is an IoT Specialist Solutions Architect with a special focus on edge computing, contributing to the launch of AWS IoT Greengrass V2 Service and integration with Amazon Sagemaker Edge Manager. Based in Stockholm, he enjoys skating on the frozen lake.