🔑Amazon Bedrock 现已提供 API 密钥访问，以简化与需要基于 API 密钥的身份验证的工具和框架的集成。

🔑您可以生成两种类型的 API 密钥：长期 API 密钥和短期 API 密钥。长期密钥允许设置从 1 天到无到期时间的到期时间，并与 Amazon Bedrock 自动为您创建的 IAM 用户关联。短期 API 密钥使用当前 IAM 主体的 IAM 权限，并在您的账户会话结束时过期，或持续长达 12 小时。

🔑要生成 API 密钥，请在 Amazon Bedrock 控制台中选择“API 密钥”，选择生成短期或长期 API 密钥，设置到期时间，并生成您的 API 密钥。

🔑可以使用多种方式调用 Amazon Bedrock，包括使用 curl、Amazon Bedrock SDK 和原生库（如 Python Requests）。

🔑API 调用记录在 AWS CloudTrail 中，API 密钥作为授权标头传递给 API 请求，不会被记录。

Today, we’re excited to announce a significant improvement to the developer experience of Amazon Bedrock: API keys. API keys provide quick access to the Amazon Bedrock APIs, streamlining the authentication process so that developers can focus on building rather than configuration.

CamelAI is an open-source, modular framework for building intelligent multi-agent systems for data generation, world simulation, and task automation.

“As a startup with limited resources, streamlined customer onboarding is critical to our success. The Amazon Bedrock API keys enable us to onboard enterprise customers in minutes rather than hours. With Bedrock, our customers can quickly provision access to leading AI models and seamlessly integrate them into CamelAI,”

said Miguel Salinas, CTO, CamelAI.

In this post, explore how API keys work and how you can start using them today.

API key authentication

Amazon Bedrock now provides API key access to streamline integration with tools and frameworks that expect API key-based authentication. The Amazon Bedrock and Amazon Bedrock runtime SDKs support API key authentication for methods including on-demand inference, provisioned throughput inference, model fine-tuning, distillation, and evaluation.

The diagram compares the default authentication process to Amazon Bedrock (in orange) with the API keys approach (in blue). In the default process, you must create an identity in AWS IAM Identity Center or IAM, attach IAM policies to provide permissions to perform API operations, and generate credentials, which you can then use to make API calls. The grey boxes in the diagram highlight the steps that Amazon Bedrock now streamlines when generating an API key. Developers can now authenticate and access Amazon Bedrock APIs with minimal setup overhead.

You can generate API keys in the Amazon Bedrock console, choosing between two types.

With long-term API keys, you can set expiration times ranging from 1 day to no expiration. These keys are associated with an IAM user that Amazon Bedrock automatically creates for you. The system attaches the AmazonBedrockLimitedAccess managed policy to this IAM user, and you can then modify permissions as needed through the IAM service. We recommend using long-term keys primarily for exploration of Amazon Bedrock.

Short-term API keys use the IAM permissions from your current IAM principal and expire when your account’s session ends or can last up to 12 hours. Short-term API keys use AWS Signature Version 4 for authentication. For continuous application use, you can implement API key refreshing with a script as shown in this example. We recommend that you use short-term API keys for setups that require a higher level of security.

Making Your First API Call

Once you have access to foundation models, getting started with Amazon Bedrock API key is straightforward. Here’s how to make your first API call using the AWS SDK for Python (Boto3 SDK) and API keys:

Generate an API key

To generate an API key, follow these steps:

Sign in to the AWS Management Console and open the Amazon Bedrock console In the left navigation panel, select API keys Choose either Generate short-term API key or Generate long-term API key For long-term keys, set your desired expiration time and optionally configure advanced permissions Choose Generate and copy your API key

Set Your API Key as Environment Variable

You can set your API key as an environment variable so that it’s automatically recognized when you make API requests:

# To set the API key as an environment variable, you can open a terminal and run the following command:export AWS_BEARER_TOKEN_BEDROCK=${api-key}

The Boto3 SDK automatically detects your environment variable when you create an Amazon Bedrock client.

Make Your First API Call

You can now make API calls to Amazon Bedrock in multiple ways:

Using curl

curl -X POST "https://bedrock-runtime.us-east-1.amazonaws.com/model/us.anthropic.claude-3-5-haiku-20241022-v1:0/converse" \  -H "Content-Type: application/json" \  -H "Authorization: Bearer $AWS_BEARER_TOKEN_BEDROCK" \  -d '{    "messages": [        {            "role": "user",            "content": [{"text": "Hello"}]        }    ]  }'

Using the Amazon Bedrock SDK:

import boto3# Create an Amazon Bedrock clientclient = boto3.client(    service_name="bedrock-runtime",    region_name="us-east-1"     # If you've configured a default region, you can omit this line) # Define the model and messagemodel_id = "us.anthropic.claude-3-5-haiku-20241022-v1:0"messages = [{"role": "user", "content": [{"text": "Hello"}]}]   response = client.converse(    modelId=model_id,    messages=messages,)# Print the responseprint(response['output']['message']['content'][0]['text'])

You can also use native libraries like Python Requests:

import requestsimport osurl = "https://bedrock-runtime.us-east-1.amazonaws.com/model/us.anthropic.claude-3-5-haiku-20241022-v1:0/converse"payload = {    "messages": [        {            "role": "user",            "content": [{"text": "Hello"}]        }    ]}headers = {    "Content-Type": "application/json",    "Authorization": f"Bearer {os.environ['AWS_BEARER_TOKEN_BEDROCK']}"}response = requests.request("POST", url, json=payload, headers=headers)print(response.text)

Bridging developer experience and enterprise security requirements

Enterprise administrators can now streamline their user onboarding to Amazon Bedrock foundation models. With setups that require a higher level of security, administrators can enable short-term API keys for their users. Short-term API keys use AWS Signature Version 4 and existing IAM principals, maintaining established access controls implemented by administrators.

For audit and compliance purposes, all API calls are logged in AWS CloudTrail. API keys are passed as authorization headers to API requests and aren’t logged.

Conclusion

Amazon Bedrock API keys are available in 20 AWS Regions where Amazon Bedrock is available: US East (N. Virginia, Ohio), US West (Oregon), Asia Pacific (Hyderabad, Mumbai, Osaka, Seoul, Singapore, Sydney, Tokyo), Canada (Central), Europe (Frankfurt, Ireland, London, Milan, Paris, Spain, Stockholm, Zurich), and South America (São Paulo). To learn more about API keys in Amazon Bedrock, visit the API Keys documentation in the Amazon Bedrock user guide.

Give API keys a try in the Amazon Bedrock console today and send feedback to AWS re:Post for Amazon Bedrock or through your usual AWS Support contacts.

About the Authors

Sofian Hamiti is a technology leader with over 10 years of experience building AI solutions, and leading high-performing teams to maximize customer outcomes. He is passionate in empowering diverse talent to drive global impact and achieve their career aspirations.

Ajit Mahareddy is an experienced Product and Go-To-Market (GTM) leader with over 20 years of experience in product management, engineering, and go-to-market. Prior to his current role, Ajit led product management building AI/ML products at leading technology companies, including Uber, Turing, and eHealth. He is passionate about advancing generative AI technologies and driving real-world impact with generative AI.

Nakul Vankadari Ramesh is a Software Development Engineer with over 7 years of experience building large-scale distributed systems. He currently works on the Amazon Bedrock team, helping accelerate the development of generative AI capabilities. Previously, he contributed to Amazon Managed Blockchain, focusing on scalable and reliable infrastructure.

Huong Nguyen is a Principal Product Manager at AWS. She is a product leader at Amazon Bedrock, with 18 years of experience building customer-centric and data-driven products. She is passionate about democratizing responsible machine learning and generative AI to enable customer experience and business innovation. Outside of work, she enjoys spending time with family and friends, listening to audiobooks, traveling, and gardening.

Massimiliano Angelino is Lead Architect for the EMEA Prototyping team. During the last 3 and half years he has been an IoT Specialist Solution Architect with a particular focus on edge computing, and he contributed to the launch of AWS IoT Greengrass v2 service and its integration with Amazon SageMaker Edge Manager. Based in Stockholm, he enjoys skating on frozen lakes.