AWS Bedrock Setup
AWS Bedrock provides access to foundation models (Claude, Llama, Titan) with production security, HIPAA compliance, and data residency controls.
Prerequisites
- AWS account with Bedrock access enabled
- IAM permissions for Bedrock
- (Optional) VPC endpoints for HIPAA compliance
Quick Start
1. Enable Model Access
In the AWS Console:
- Navigate to Amazon Bedrock > Model access
- Click Manage model access
- Enable the models you need:
anthropic.claude-3-5-sonnet-20241022-v2:0meta.llama3-1-70b-instruct-v1:0amazon.titan-text-express-v1
- Click Save changes
2. Configure IAM Permissions
Create an IAM policy for Bedrock access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:*::foundation-model/*"
]
}
]
}
3. Configure AxonFlow
Set AWS credentials via environment variables:
export AWS_REGION=us-east-1
export AWS_ACCESS_KEY_ID=your-access-key
export AWS_SECRET_ACCESS_KEY=your-secret-key
Or use YAML configuration:
# axonflow.yaml
llm_providers:
bedrock:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: us-east-1
max_tokens: 4096
priority: 10
HIPAA-Compliant Setup
For healthcare applications handling PHI, configure VPC endpoints:
1. Create VPC Endpoint
aws ec2 create-vpc-endpoint \
--vpc-id vpc-xxx \
--service-name com.amazonaws.us-east-1.bedrock-runtime \
--vpc-endpoint-type Interface \
--subnet-ids subnet-xxx \
--security-group-ids sg-xxx \
--private-dns-enabled
2. Configure Security Group
Allow inbound HTTPS from your application:
aws ec2 authorize-security-group-ingress \
--group-id sg-xxx \
--protocol tcp \
--port 443 \
--source-group sg-your-app
3. Enable VPC Endpoint in AxonFlow
llm_providers:
bedrock:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: us-east-1
use_vpc_endpoint: true
# Custom endpoint URL (optional)
endpoint: vpce-xxx.bedrock-runtime.us-east-1.vpce.amazonaws.com
Multi-Region Setup
For disaster recovery or data residency:
llm_providers:
bedrock_us:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: us-east-1
priority: 10
weight: 0.5
bedrock_eu:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: eu-west-1
priority: 10
weight: 0.5
Supported Models
| Model Family | Model ID | Use Case |
|---|---|---|
| Claude 3.5 | anthropic.claude-3-5-sonnet-20241022-v2:0 | General purpose, best quality |
| Claude 3 | anthropic.claude-3-opus-20240229-v1:0 | Complex reasoning |
| Llama 3.1 | meta.llama3-1-70b-instruct-v1:0 | Open-source, cost-effective |
| Titan | amazon.titan-text-express-v1 | AWS-native, fastest |
Cost Comparison
| Model | Input (per 1K tokens) | Output (per 1K tokens) |
|---|---|---|
| Claude 3.5 Sonnet | $0.003 | $0.015 |
| Claude 3 Opus | $0.015 | $0.075 |
| Llama 3.1 70B | $0.00099 | $0.00099 |
| Titan Express | $0.0002 | $0.0006 |
Troubleshooting
Access Denied Errors
- Verify model access is enabled in Bedrock console
- Check IAM policy includes the specific model ARN
- Verify AWS credentials are configured correctly
VPC Endpoint Issues
- Verify private DNS is enabled
- Check security group allows HTTPS (443)
- Verify subnet has route to VPC endpoint
Timeouts
- Increase timeout in AxonFlow configuration:
config:
timeout: 60s - Check network connectivity to Bedrock endpoint
Next Steps
- LLM Providers Overview - All supported providers
- Ollama Setup - Self-hosted alternative
- Custom Provider SDK - Build custom providers