This content originally appeared on DEV Community and was authored by Elizabeth Fuentes L
Amazon Bedrock now offers two types of API Keys to simplify programmatic authentication, each designed for different use cases:
๐ข Short-term API Keys (Recommended)
- Duration: Up to 12 hours or remaining console session time
- Technology: Pre-signed URLs with AWS Signature Version 4
- Permissions: Inherit the same permissions as the generating identity
-
Generation: Bedrock console, Python package
aws-bedrock-token-generator - Security: Lower risk due to short duration
๐ก Long-term API Keys (For development)
- Duration: From 1 day up to 36,600 days (or never expires)
- Association: Linked to specific IAM users
- Limit: Maximum 2 keys per IAM user
-
Auto-policy:
AmazonBedrockLimitedAccessautomatically attached to user - Security: Higher risk - requires regular rotation
๐ ๏ธ How to Generate Long-term API Keys
Prerequisites
- Existing IAM user
- Required IAM permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:ListServiceSpecificCredentials",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Resource": "arn:aws:iam::*:user/username"
}
]
}
๐ฅ๏ธ Method 1: AWS Console
- Navigate to IAM Console โ Users
- Select the IAM user
- Security credentials tab
- API keys for Amazon Bedrock section โ Generate API Key
- Configure expiration (1, 5, 30, 90, 365 days or custom) - For long-term API key
- IMPORTANT! Download/copy the key immediately - you cannot retrieve it later
โจ๏ธ Method 2: AWS CLI
To generate an Amazon Bedrock long-term API key using the AWS CLI, use Generating a long-term API Key for Amazon Bedrock (AWS CLI)steps.
๐ป Code Implementation
import requests
# Configuration
url = "https://bedrock-runtime.us-east-1.amazonaws.com/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke"
payload = {
"messages": [
{
"role": "user",
"content": [{"type": "text", "text": "Hello, Bedrock!"}]
}
],
"max_tokens": 1000,
"anthropic_version": "bedrock-2023-05-31"
}
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_BEDROCK_API_KEY"
}
response = requests.post(url, json=payload, headers=headers)
print(response.json())
๐ Environment Variable Setup
# Set as environment variable
export AWS_BEARER_TOKEN_BEDROCK=your-api-key-here
# Or use in applications
import os
api_key = os.getenv('AWS_BEARER_TOKEN_BEDROCK')
Use Amazon Bedrock API in your favorite SDK.
๐ฏ When to Use Each Type?
| Scenario | Recommendation |
|---|---|
| Production applications | Short-term API keys |
| Development/Testing | Long-term API keys |
| CI/CD Pipelines | Short-term API keys |
| Personal scripts | Long-term API keys |
| Enterprise applications | Short-term + automatic rotation |
๐ Key Benefits
โ
Simplified Authentication - No complex signature calculations
โ
Flexible Duration - Choose expiration that fits your needs
โ
Enhanced Security - Service-specific credentials limit scope
โ
Existing IAM Controls - Respects all current permissions
Have you tried the new API Keys yet? Share your experience in the comments! ๐
This content originally appeared on DEV Community and was authored by Elizabeth Fuentes L
Elizabeth Fuentes L | Sciencx (2025-07-08T01:50:25+00:00) ๐ Amazon Bedrock API Keys: Simplified Authentication for Developers. Retrieved from https://www.scien.cx/2025/07/08/%f0%9f%94%91-amazon-bedrock-api-keys-simplified-authentication-for-developers/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.