Access Amazon Bedrock with Hardware-Verified Credentials
Hardware-verified access to Amazon Bedrock
Amazon Bedrock uses standard AWS SigV4 authentication. Vouch’s credential_process provides STS credentials backed by FIDO2 verification, so every Bedrock API call is tied to a hardware-verified human identity, with no shared API keys.
YubiKey tap → FIDO2 → Vouch JWT → STS → Amazon Bedrock InvokeModel → CloudTrail
TL;DR
- Prerequisites: Getting Started → AWS integration → this page.
- Admin, once: grant
bedrock:InvokeModel(scoped to approved model ARNs) on the Vouch IAM role. - Each developer: nothing new –
aws bedrock-runtime invoke-model ... --profile vouchworks with the existing profile.
Step 1 – Use Amazon Bedrock with Vouch
Developer taskAny tool that uses the AWS SDK for Amazon Bedrock will pick up Vouch credentials automatically:
# AWS CLI
aws bedrock-runtime invoke-model \
--model-id anthropic.claude-sonnet-4-20250514 \
--body '{"prompt": "Hello"}' \
--profile vouch \
output.json
# Python (boto3)
import boto3
session = boto3.Session(profile_name='vouch')
bedrock = session.client('bedrock-runtime')
response = bedrock.invoke_model(
modelId='anthropic.claude-sonnet-4-20250514',
body='{"prompt": "Hello"}'
)
Step 2 – Restrict model access by IAM policy
Admin taskUse IAM policies to control which foundation models each role can invoke:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-20250514",
"arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-5-haiku-20241022"
]
}
]
}
Restricting to specific model ARNs prevents access to more expensive or higher-capability models without authorization.
The audit chain
CloudTrail records every Amazon Bedrock API call with the full identity chain. The webIdFederationData field includes the Vouch OIDC issuer and the user’s email (from the sub claim).
With Amazon Bedrock model invocation logging enabled, you get token counts and costs attributed to hardware-verified identities.
Agent delegation
For automated agents that call Amazon Bedrock on behalf of users, use scoped JWTs with agent-specific sub claims and session policies that limit model access – the human identity chain is preserved while the agent is restricted to only the models it needs.
Related guides
- Claude & OpenAI APIs – Access the Claude and OpenAI APIs directly (not through AWS) with short-lived tokens via Workload Identity Federation.
- AWS – The OIDC federation pattern Vouch uses for AWS STS credentials.