Skip to main content
Add an AWS Bedrock integration to use Bedrock-compatible models in Arize.
Note: By adding this integration, your data may be sent to AWS or hosted model providers for certain actions within Arize (e.g., prompt playground) and your account may be billed for usage.

Select AWS Bedrock Integration

Select the AWS Bedrock integration card

Fill Out Integration Details

Complete the integration form with your configuration.
AWS Bedrock integration details slideover

Choose Authentication Path

You can authenticate with AWS Bedrock in one of three ways: assume role, bearer token (API key), or custom headers. Choose the option that fits your setup.

Assume Role

Arize will assume the role you create to run InvokeModel commands against Bedrock models in your account. The following will create a “least privilege” role in your AWS account. It will also configure that role so that Arize can assume it. Copy the permissions policy in Arize
Copy the necessary permissions policy
Create a permission policy in your AWS account
Create a new permissions policy
Add the JSON from the Bedrock Integration form to your policy
Add permissions JSON
Create a role with the Permissions policy you just created
Create a new IAM role
Choose AWS account as the trusted entity type. If you set an external ID be sure to copy it and add it to the Bedrock integrations modal in Arize.
Select AWS account as the trusted entity type
Add the permissions policy you created above
Add the permissions policy you created above
Create your role then go in to edit the trusted entities JSON
Edit the role you just created
Navigate to the trust relationships tab for your new role. From there, copy the new role’s ARN and add it to the Bedrock integration modal in Arize.
Navigate to the Trust Relationships tab and edit the policy
Copy the trusted entities policy from the Bedrock integration modal in Arize
Copy the trusted entities policy from Arize
Paste the trusted entities policy into the JSON editor
Add the trusted entities policy to your role

Bearer Token (API Key)

Alternatively, you can use a bearer token (short-term or long-term API key) to authenticate. Create an API key in the AWS Bedrock console, then paste it into the integration form.
Enter bearer token for AWS Bedrock

Custom Headers

You can enter a custom or proxy URL in the API Base URL field and add any headers that can be sent to that url.
Custom headers for AWS Bedrock proxy
Set the appropriate AWS region in the prompt playground. This is stored locally in the browser after being set.