Agentic Data Plane

Set Up AWS Bedrock as an LLM Provider

This guide walks you through the AWS-side setup AI Gateway needs to invoke Amazon Bedrock, then through the Redpanda ADP flow that registers Bedrock as an LLM provider. For background on how Bedrock foundation models, cross-region inference profiles, and IAM patterns map to the provider form, see AWS Bedrock: Inference profiles and IAM on the main provider configuration page.

After completing this guide, you will be able to:

  • Create an IAM policy that grants AI Gateway permission to invoke Bedrock foundation models and cross-region inference profiles

  • Create a dedicated IAM user, attach the policy, and generate access keys for AI Gateway

  • Register Bedrock as an LLM provider in ADP and select the models you want to expose

Prerequisites

  • An AWS account with Bedrock model access enabled in the region you plan to call. Model availability varies by region; see Bedrock models by region.

  • Access to the AWS CLI configured with credentials that can create IAM users, policies, and access keys.

  • Access to the Redpanda UI.

Create the IAM policy

Create a policy that grants the two Bedrock invoke actions on both foundation-model ARNs and cross-region inference-profile ARNs:

aws iam create-policy \
  --policy-name RedpandaBedrockInvoke \
  --policy-document '{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "BedrockInvoke",
        "Effect": "Allow",
        "Action": [
          "bedrock:InvokeModel",
          "bedrock:InvokeModelWithResponseStream"
        ],
        "Resource": [
          "arn:aws:bedrock:*::foundation-model/*",
          "arn:aws:bedrock:*:*:inference-profile/*"
        ]
      }
    ]
  }'

The second resource entry enables cross-region inference profiles such as us.anthropic.claude-sonnet-4-6, which AI Gateway uses when the model identifier carries a geography prefix. See AWS Bedrock: Inference profiles and IAM for the full prefix list and pricing implications.

Anthropic Claude 4.6 and later models cannot be invoked with the bare foundation-model ID and require an inference profile. Without the second Resource entry, those calls fail with AccessDenied.

To restrict the policy to specific models and regions for production, replace the wildcard resources with explicit ARNs. For example:

{
  "Resource": [
    "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-6",
    "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-haiku-4-5-20251001"
  ]
}

Create the IAM user

Create a dedicated IAM user for AI Gateway and attach the policy:

aws iam create-user --user-name redpanda-bedrock-invoker

aws iam attach-user-policy \
  --user-name redpanda-bedrock-invoker \
  --policy-arn arn:aws:iam::<account-id>:policy/RedpandaBedrockInvoke

Replace <account-id> with the account ID returned in the create-policy output (visible in the policy ARN).

Don’t reuse an existing IAM user. A dedicated user makes it easy to rotate credentials or revoke access without affecting other AWS workloads.

Generate access keys

Generate the access keys AI Gateway uses:

aws iam create-access-key --user-name redpanda-bedrock-invoker

Save the AccessKeyId and SecretAccessKey from the output. You need both in the next section to register them as Redpanda secrets.

AWS displays the secret access key only at creation. Store it in a password manager or pass it directly into the secret-creation flow in the next section.

Verify Bedrock access (optional)

Confirm the IAM user can invoke Bedrock before moving to the UI:

aws bedrock-runtime invoke-model \
  --model-id us.anthropic.claude-haiku-4-5-20251001-v1:0 \
  --region us-east-1 \
  --content-type application/json \
  --accept application/json \
  --body "$(echo -n '{"anthropic_version":"bedrock-2023-05-31","max_tokens":32,"messages":[{"role":"user","content":"Hello"}]}' | base64)" \
  /tmp/bedrock-test.json \
  && jq . /tmp/bedrock-test.json && rm /tmp/bedrock-test.json

A successful model response confirms the IAM policy, region, and credentials are correct. If you see AccessDenied, check the policy resource list and confirm Bedrock model access is enabled in the target region.

Register Bedrock as an LLM provider

  1. Open LLM Providers in the sidebar and click Create provider.

  2. Select AWS Bedrock as the provider type.

  3. Enter a Name such as my-bedrock. Use lowercase letters, digits, and hyphens. The name is immutable and appears in the proxy URL.

  4. Select the Region where you want to invoke Bedrock, such as us-east-1.

  5. For Credential type, select Static keys. (This guide uses the access keys you created above. For the default-chain and assume-role options, see Configure an LLM provider.)

  6. Configure the credentials:

    1. In the Access key ID ref dropdown, type a secret name such as AWS_ACCESS_KEY_ID.

    2. Paste the AccessKeyId value from the IAM user setup and click Create. The secret is stored in the ADP secret store, scoped to AI Gateway.

    3. Repeat for Secret access key ref. Use a name such as AWS_SECRET_ACCESS_KEY and paste the SecretAccessKey value.

      Secret names are normalized to UPPER_SNAKE_CASE automatically and get the AI Gateway scope, which makes them usable across the platform: LLM providers, MCP servers, and agents.

  7. Select the models you want to expose through this provider, for example:

    • anthropic.claude-sonnet-4-6

    • anthropic.claude-haiku-4-5-20251001

    • amazon.nova-pro-v1:0

      For Anthropic Claude 4.6 and later, pick the inference profile (for example, us.anthropic.claude-sonnet-4-6) rather than the bare foundation-model ID.

  8. Click Create provider.

  9. On the provider detail page, scroll to the Verify connection section, pick a model, and click Test Connection. A successful response confirms that the credentials, region, and IAM policy are correctly configured.

Cross-region inference profile billing

When you call a cross-region inference profile (any model identifier with a us., eu., apac., au., jp., or global. prefix), AI Gateway bills at the regional rate for that profile. The regional prefix is preserved end to end so usage on the Cost & Usage page under Governance reflects the correct per-region price.

For example, requests to eu.anthropic.claude-haiku-4-5 bill at the EU Haiku rate, not the headline foundation-model rate. The global. profile shares the headline rate; the geography-specific profiles (us., eu., apac., au., jp.) carry approximately a 10% cross-region inference premium.

Troubleshooting

Symptom What to check

AccessDenied from Bedrock

Confirm the IAM policy includes both bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream, and that the resource list covers the model or inference profile you’re calling. For Claude 4.6 and later, the policy must include arn:aws:bedrock:*:*:inference-profile/* or an explicit inference-profile ARN.

secret "<NAME>" not found

Confirm the secret exists in the cloud secret store and the reference in the provider configuration matches exactly. Secret names are UPPER_SNAKE_CASE.

ValidationException: model ID not supported

The model isn’t enabled in the region you chose. Open the AWS Bedrock console, switch to the target region, and enable model access for the foundation models you want to expose.

Invocation of model ID … with on-demand throughput isn’t supported

You called a Claude 4.6 or later model with a bare foundation-model ID. Switch to an inference profile, for example us.anthropic.claude-sonnet-4-6 instead of anthropic.claude-sonnet-4-6. See AWS Bedrock: Inference profiles and IAM.

Next steps