Skip to content

feat: add AWS Bedrock authentication support#167

Open
Samuel7192 wants to merge 1 commit into21st-dev:mainfrom
Samuel7192:feat/aws-bedrock-support
Open

feat: add AWS Bedrock authentication support#167
Samuel7192 wants to merge 1 commit into21st-dev:mainfrom
Samuel7192:feat/aws-bedrock-support

Conversation

@Samuel7192
Copy link

@Samuel7192 Samuel7192 commented Feb 17, 2026
edited
Loading

Summary

  • Adds AWS Bedrock as an alternative authentication method alongside Anthropic OAuth
  • Users can access Claude models through their existing AWS credentials (~/.aws/credentials or environment variables)
  • Includes full onboarding flow, settings UI, and visual indicators when Bedrock is active

Changes

Backend (main process):

  • Remove CLAUDE_CODE_USE_BEDROCK from stripped env vars so the SDK can use it
  • Conditionally preserve/strip AWS credentials based on auth mode (Bedrock preserves, OAuth strips for security)
  • New anthropic_auth_settings DB table + Drizzle migration for persisting auth mode preference
  • New anthropicAuth tRPC router with getSettings, updateSettings, and validateAwsCredentials procedures
  • Bedrock credential validation before executing SDK queries

Onboarding:

  • "AWS Bedrock" option added to billing method page (Claude Code tab)
  • Dedicated Bedrock onboarding page with AWS region/profile configuration
  • Real-time credential detection (checks env vars, ~/.aws/credentials, named profiles)

Settings:

  • New "Authentication" tab to switch between OAuth and Bedrock modes
  • Shows credential status, configurable region and profile

UI indicators:

  • Provider status badge in chat toolbar showing "Bedrock" (amber), "API Key", or "Custom"
  • "Bedrock" tag in model selector dropdown next to "Claude Code" header
  • Updated isConnected checks so Claude models appear when Bedrock auth is configured

Security

  • AWS credentials are never stored in the database — only auth mode, region, and profile name
  • MCP subprocess isolation unchanged (AWS credentials still blocked for MCP servers via mcp-auth.ts)
  • OAuth mode continues to strip AWS credentials for security
  • No secrets exposed in any source files

Test plan

  • Fresh install: select "AWS Bedrock" in onboarding, configure region, verify credential detection works
  • Existing OAuth user: switch to Bedrock in Settings > Authentication, verify chat works
  • Switch back to OAuth: verify badges disappear and OAuth flow resumes normally
  • Model selector: verify "Bedrock" tag appears next to "Claude Code" when Bedrock is active
  • Provider badge: verify "Bedrock" with region tooltip shows in chat toolbar
  • No credentials in build: verify bun run build succeeds with no exposed secrets

@Samuel7192
feat: add AWS Bedrock authentication support
597b758 
Add AWS Bedrock as an alternative authentication method alongside
Anthropic OAuth, allowing users to access Claude models through
their AWS credentials.

Backend:
- Stop stripping CLAUDE_CODE_USE_BEDROCK env var
- Conditionally preserve AWS credentials in Bedrock mode
- Add anthropic_auth_settings DB table for auth mode persistence
- Add tRPC router for auth settings (get/update/validate)
- Add Bedrock credential validation before SDK execution

Onboarding:
- Add "AWS Bedrock" as billing method option with Cloud icon
- Add dedicated Bedrock onboarding page with region/profile config
- Real-time AWS credential detection during setup

Settings:
- Add Authentication tab to switch between OAuth and Bedrock
- Show credential status, region, and profile configuration

UI indicators:
- Provider status badge in chat toolbar (Bedrock/API Key/Custom)
- "Bedrock" tag in model selector dropdown header
- Bedrock-aware connection status in model selector
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Samuel7192

Comments