Modify permissions for long-term and short-term Amazon Bedrock API keys

When you generate a long-term Amazon Bedrock API key, the AmazonBedrockLimitedAccess AWS-managed policy, which grants access to core Amazon Bedrock API operations, and any other policies that you selected, are attached to the IAM user associated with the key. To allow the user of the Amazon Bedrock API key to perform more Amazon Bedrock API operations or to remove permissions from API operations, modify permissions for the IAM user through the IAM service. For more information, see Adding and removing IAM identity permissions in the IAM User Guide.

For example, you could replace the policies attached to the IAM user associated with the key with the following policy to only allow the user to run inference with the US Anthropic Claude 3 Haiku inference profile in US West (Oregon), using the Amazon Bedrock API key that you generated:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Use an API key

Handle compromised API keys