Generate Amazon Bedrock API keys to easily authenticate to the Amazon Bedrock API

You can easily make calls to the Amazon Bedrock API by generating an Amazon Bedrock API key and using it to authenticate your identity when making requests to the Amazon Bedrock API.

Note

For audit and compliance purposes, all API calls are logged in AWS CloudTrail. Amazon Bedrock API keys are passed as authorization headers to API requests and aren’t logged.

Amazon Bedrock API keys are limited to Amazon Bedrock and Amazon Bedrock Runtime actions. You can't use them with the following API operations:

InvokeModelWithBidirectionalStream.
Agents for Amazon Bedrock or Agents for Amazon Bedrock Runtime API operations.
Data Automation for Amazon Bedrock or Runtime for Amazon Bedrock Data Automation API operations.

Amazon Bedrock allows you to generate the following kinds of Amazon Bedrock API keys:

Short-term – Create an Amazon Bedrock API key that lasts as long as your session (and no longer than 12 hours). You should already have an IAM principal set up with the proper permissions to use Amazon Bedrock. This option is preferred over long-term keys for production environments that require regular changing of credentials for greater security.

Short term keys have the following properties:
- Valid for the shorter of the following values:
  - 12 hours
  - The duration of the session generated by the IAM principal used to generate the key.
- Inherit the permissions attached to the principal used to generate the key.
- Can be used only in the AWS Region from which you generated it.
Long-term – Create an Amazon Bedrock API key with permissions to make basic API requests in Amazon Bedrock. This easy one-click option lets you quickly begin exploring the Amazon Bedrock API without needing to understand the underlying security infrastructure or manually configuring AWS Identity and Access Management permissions. If you're trying out Amazon Bedrock for the first time, you can try out the example at Get started with Amazon Bedrock API keys: Generate a 30-day key and make your first API call for an easy tutorial to create a long-term key and get started using Amazon Bedrock.

Warning
We strongly recommend restricting the use of Amazon Bedrock API keys for exploration of Amazon Bedrock. When you're ready to incorporate Amazon Bedrock into applications with greater security requirements, you should switch to short-term credentials. For more information, see Alternatives to long-term access keys in the IAM User Guide.

Select a topic to learn more about Amazon Bedrock API keys. There are various options for different types of Amazon Bedrock keys and ways to customize them. For a quickstart tutorial for how to generate a long-term Amazon Bedrock API key and use it for exploratory purposes, see Get started with Amazon Bedrock API keys: Generate a 30-day key and make your first API call.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Working with AWS SDKs

How it works