AWS Bedrock

AWS Bedrock API Keys

To use Amazon Bedrock with OneRouter, you can authenticate using either Bedrock API keys or traditional AWS credentials.

Option 1: Bedrock API Keys (Recommended)

Amazon Bedrock API keys provide a simpler authentication method. Simply provide your Bedrock API key as a string:

your-bedrock-api-key-here

Note: Bedrock API keys are tied to a specific AWS region and cannot be used to change regions. If you need to use models in different regions, use the AWS credentials option below.

You can generate Bedrock API keys in the AWS Management Console. Learn more in the Amazon Bedrock API keys documentation.

Option 2: AWS Credentials

Alternatively, you can use traditional AWS credentials in JSON format. This option allows you to specify the region and provides more flexibility:

{
  "accessKeyId": "your-aws-access-key-id",
  "secretAccessKey": "your-aws-secret-access-key",
  "region": "your-aws-region"
}

You can find these values in your AWS account:

  1. accessKeyId: This is your AWS Access Key ID. You can create or find your access keys in the AWS Management Console under “Security Credentials” in your AWS account.

  2. secretAccessKey: This is your AWS Secret Access Key, which is provided when you create an access key.

  3. region: The AWS region where your Amazon Bedrock models are deployed (e.g., “us-east-1”, “us-west-2”).

Make sure your AWS IAM user or role has the necessary permissions to access Amazon Bedrock services. At minimum, you’ll need permissions for:

  • bedrock:InvokeModel

  • bedrock:InvokeModelWithResponseStream (for streaming responses)

Example IAM policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": "*"
    }
  ]
}

For enhanced security, we recommend creating dedicated IAM users with limited permissions specifically for use with OneRouter.

Learn more in the AWS Bedrock Getting Started with the API documentation, IAM Permissions Setup guide, or the AWS Bedrock API Reference.

Using the OpenAI SDK

from openai import OpenAI

client = OpenAI(
  base_url="https://llm.onerouter.pro/v1",
  api_key="<API_KEY>",
)

completion = client.chat.completions.create(
  byok_conf={
    "provider": "aws-bedrock",
    "fallback": True,
    "credentials": "your-bedrock-api-key-here" 
  },
  model="claude-sonnet-4@20250514",
  messages=[
    {
      "role": "user",
      "content": "What is the meaning of life?"
    }
  ]
)

print(completion.choices[0].message.content)

  • byok_conf: When this parameter is included in the input, OneRouter will route requests according to the BYOK configuration information specified. When this parameter is null or not provided, OneRouter defaults to routing to the shared provider pool.

  • provider: Specifies the name of the provider where the request should be routed.

  • fallback: OneRouter always prioritizes using your provider keys when available. By default, if your key encounters a rate limit or failure, OneRouter will fall back to using shared OneRouter credits.

    • The default value for fallback is True.

    • If fallback is specified as False, OneRouter will only use your key for requests to that provider.

  • credentials: The keys and credentials used for authentication with the specified provider.

Using the OneRouter API directly

import requests
import json

response = requests.post(
  url="https://llm.onerouter.pro/v1/chat/completions",
  headers={
    "Authorization": "Bearer <API_KEY>",
    "Content-Type": "application/json"
  },
  data=json.dumps({
    "byok_conf": {
      "provider": "aws-bedrock",
      "fallback": True,
      "credentials": "your-bedrock-api-key-here" 
    },
    "model": "claude-sonnet-4@20250514", 
    "messages": [
      {
        "role": "user",
        "content": "What is the meaning of life?"
      }
    ]
  })
)
print(response.json()["choices"][0]["message"]["content"])
PreviousAzure AI FoundryNextOpenAI Responses API

Last updated