Claude Code on AWS Bedrock

How to run Claude Code via AWS Bedrock instead of Anthropic's direct API. Covers IAM setup, environment variables, model IDs, and when to use Bedrock vs the Anthropic API.

💥 50p impulse-buy: Power Prompts PDF (first 10 buyers) 30 battle-tested Claude Code prompts · 8-page PDF · paste into CLAUDE.md and never re-type a prompt again · 50p impulse-buy, no commitment

AWS Bedrock lets you run Claude Code using Claude models hosted in your AWS account — traffic stays within AWS infrastructure, billing consolidates with your existing AWS costs, and you can apply IAM and VPC controls directly.

Prerequisites

IAM policy (minimum permissions)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": [
        "arn:aws:bedrock:*::foundation-model/anthropic.claude-sonnet-4-6-v1:0",
        "arn:aws:bedrock:*::foundation-model/anthropic.claude-haiku-4-5-20251001-v1:0",
        "arn:aws:bedrock:*::foundation-model/anthropic.claude-opus-4-7-v1:0"
      ]
    }
  ]
}

Environment variable configuration

# Required: tell Claude Code to use Bedrock
export ANTHROPIC_BEDROCK=true

# Required: your AWS region (must match where you enabled the models)
export AWS_REGION=us-east-1

# Authentication — choose one:

# Option A: IAM role (recommended for EC2/ECS/Lambda)
# No env vars needed — Claude Code uses the instance's IAM role automatically

# Option B: named profile (~/.aws/credentials)
export AWS_PROFILE=my-bedrock-profile

# Option C: explicit access key (use only for local dev, never in CI)
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=...

# Optional: override the default model
export ANTHROPIC_MODEL=anthropic.claude-haiku-4-5-20251001-v1:0

Once set, start Claude Code normally: claude. All model calls route through Bedrock.

Bedrock model IDs for Claude Code

Anthropic modelBedrock model IDNotes
claude-sonnet-4-6anthropic.claude-sonnet-4-6-v1:0Default for Claude Code — best balance
claude-haiku-4-5-20251001anthropic.claude-haiku-4-5-20251001-v1:0Fastest, lowest cost
claude-opus-4-7anthropic.claude-opus-4-7-v1:0Highest quality, most expensive

Cross-region inference ARN format: arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-6-v1:0

VPC endpoint (private traffic)

For air-gapped or fully private deployments, route Bedrock traffic through a VPC endpoint:

# Create the Bedrock VPC interface endpoint
aws ec2 create-vpc-endpoint   --vpc-id vpc-0abc123   --vpc-endpoint-type Interface   --service-name com.amazonaws.us-east-1.bedrock-runtime   --subnet-ids subnet-0def456   --security-group-ids sg-0ghi789   --private-dns-enabled

# Claude Code picks up the private DNS automatically — no env var change needed

With a VPC endpoint, Claude Code traffic never traverses the public internet. Only port 443 outbound to the endpoint ENI is required.

Cost comparison: Bedrock vs direct API

ScenarioDirect APIBedrockBedrock advantage
Sonnet input (per 1M tokens)$3.00$3.00None on list price
Enterprise volume discountNegotiated with AnthropicIncluded in AWS EDPLeverage existing AWS spend
Billing consolidationSeparate Anthropic invoiceAWS invoiceSingle vendor, cost tags
Compliance (HIPAA BAA)Separate Anthropic BAACovered by AWS BAANo additional contract

Troubleshooting

# Error: "AccessDeniedException: is not authorized to perform: bedrock:InvokeModel"
# → The IAM role/user lacks bedrock:InvokeModel permission on the model ARN.
# Fix: attach the policy shown in the IAM section above.

# Error: "ValidationException: The requested model is not available"
# → Model not enabled in Bedrock console for this region.
# Fix: Bedrock console → Model access → Request access → Anthropic models.

# Error: "Could not find region"
# → AWS_REGION env var not set.
# Fix: export AWS_REGION=us-east-1

# Verify Bedrock is active:
claude --version  # shows "Bedrock: us-east-1" in the header if configured correctly

For Enterprise team deployments routing through Bedrock, see Claude Code Enterprise. For running Claude Code in containerized environments on AWS ECS or Fargate, see Claude Code with Docker.

Frequently asked questions

Can Claude Code use AWS Bedrock instead of the Anthropic API?
Yes — Claude Code supports AWS Bedrock as a backend. Set ANTHROPIC_BEDROCK=true and configure your AWS credentials. Claude Code will route all model calls through Bedrock instead of api.anthropic.com.
Why use Bedrock instead of the Anthropic API for Claude Code?
Main reasons: data stays in your AWS VPC (no traffic to api.anthropic.com), consolidated AWS billing and cost allocation tags, existing IAM/VPC security posture, SOC 2 / HIPAA compliance through AWS BAA, and existing AWS enterprise agreements with volume discounts.
Which Claude models are available on Bedrock for Claude Code?
Claude Code works with claude-sonnet-4-6 (recommended), claude-haiku-4-5-20251001, and claude-opus-4-7 on Bedrock. Model IDs use the format `anthropic.claude-sonnet-4-6-v1:0`. Check the AWS Bedrock console for the latest available model ARNs in your region.
Is Claude Code on Bedrock slower than the direct API?
Latency through Bedrock is typically 20-50ms higher than the direct Anthropic API due to the additional AWS routing layer. For interactive coding sessions this is imperceptible. For high-throughput batch workloads the difference matters more.
Does prompt caching work on Bedrock?
Yes — prompt caching is supported on Bedrock for claude-sonnet-4-6 and claude-haiku-4-5-20251001. The cache_control parameter works identically. Cached tokens are billed at the same Bedrock discounted rate.

Free tools

Cost Calculator → API Cookbook → Diff Summarizer → Skills Browser →

More examples

Claude API Python QuickstartClaude API Node.js / TypeScript QuickstartClaude API Streaming in PythonClaude API Streaming in Node.js / TypeScriptClaude API Tool Use in PythonClaude API Tool Use in Node.js / TypeScript