Claude Code with Amazon Bedrock
In ProgressEnterprise authentication guidance enabling organizations to deploy Claude Code with Amazon Bedrock using federated identity, temporary credentials, and built-in observability.
Tech Stack
Amazon BedrockAWS IAMOIDC FederationClaude CodeCloudFormationOpenTelemetryCloudWatchPython
This AWS Solutions Library guidance enables organizations to deploy Claude Code with Amazon Bedrock while maintaining enterprise-grade security and compliance. Instead of distributing API keys, teams authenticate through existing identity providers (Okta, Microsoft Entra ID, Auth0, Cognito) and receive temporary, session-based credentials.
The Problem It Solves
Organizations want to give developers access to Claude Code but face challenges:
- Distributing and rotating API keys at scale
- Maintaining audit trails for compliance
- Integrating with existing identity infrastructure
- Tracking usage and costs across teams
Architecture
The solution uses Direct IAM OIDC Federation:
- Users authenticate with their corporate identity provider
- IdP issues ID tokens
- Tokens are exchanged for temporary AWS credentials via IAM
- Credentials grant scoped access to Amazon Bedrock
- Complete user attribution maintained for audit trails
Key Features
For Organizations:
- Enterprise IdP integration (Okta, Azure AD, Auth0, Cognito)
- Centralized access control through existing identity systems
- CloudWatch dashboards for usage monitoring and cost attribution
- Multi-region and GovCloud support from a single codebase
For Developers:
- Seamless SSO using corporate credentials
- Automatic credential refresh
- Cross-platform support (Windows, macOS ARM/Intel, Linux)
- No local setup required—pre-configured packages
Observability Stack
Optional OpenTelemetry integration provides:
- Token economics tracking
- Code activity metrics
- Operational health dashboards
- Athena SQL analytics for deep usage analysis
Completed: December 5, 2025