AWS Bedrock Setup
Enterprise Feature
AWS Bedrock is available in AxonFlow Enterprise Edition. For Community users, see OpenAI, Anthropic, Google Gemini, or Ollama for available LLM providers.
Contact Sales to enable Bedrock integration.
Enterprise customers have access to the complete AWS Bedrock Setup Guide with HIPAA-compliant VPC endpoint configuration.
AWS Bedrock provides access to foundation models (Claude, Llama, Titan) with production security, HIPAA compliance, and data residency controls.
Prerequisites
- AWS account with Bedrock access enabled
- IAM permissions for Bedrock
- (Optional) VPC endpoints for HIPAA compliance
Quick Start
1. Enable Model Access
In the AWS Console:
- Navigate to Amazon Bedrock > Model access
- Click Manage model access
- Enable the models you need:
anthropic.claude-3-5-sonnet-20241022-v2:0meta.llama3-1-70b-instruct-v1:0amazon.titan-text-express-v1
- Click Save changes
2. Configure IAM Permissions
Create an IAM policy for Bedrock access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": [
"arn:aws:bedrock:*::foundation-model/*"
]
}
]
}
3. Configure AxonFlow
Set AWS credentials via environment variables:
export AWS_REGION=us-east-1
export AWS_ACCESS_KEY_ID=your-access-key
export AWS_SECRET_ACCESS_KEY=your-secret-key
Or use YAML configuration:
# axonflow.yaml
llm_providers:
bedrock:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: us-east-1
max_tokens: 4096
priority: 10
HIPAA-Compliant Setup
For healthcare applications handling PHI, configure VPC endpoints:
1. Create VPC Endpoint
aws ec2 create-vpc-endpoint \
--vpc-id vpc-xxx \
--service-name com.amazonaws.us-east-1.bedrock-runtime \
--vpc-endpoint-type Interface \
--subnet-ids subnet-xxx \
--security-group-ids sg-xxx \
--private-dns-enabled
2. Configure Security Group
Allow inbound HTTPS from your application:
aws ec2 authorize-security-group-ingress \
--group-id sg-xxx \
--protocol tcp \
--port 443 \
--source-group sg-your-app
3. Enable VPC Endpoint in AxonFlow
llm_providers:
bedrock:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: us-east-1
use_vpc_endpoint: true
# Custom endpoint URL (optional)
endpoint: vpce-xxx.bedrock-runtime.us-east-1.vpce.amazonaws.com
Multi-Region Setup
For disaster recovery or data residency:
llm_providers:
bedrock_us:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: us-east-1
priority: 10
weight: 0.5
bedrock_eu:
enabled: true
config:
model: anthropic.claude-3-5-sonnet-20241022-v2:0
region: eu-west-1
priority: 10
weight: 0.5
Supported Models
| Model Family | Model ID | Use Case |
|---|---|---|
| Claude 3.5 | anthropic.claude-3-5-sonnet-20241022-v2:0 | General purpose, best quality |
| Claude 3 | anthropic.claude-3-opus-20240229-v1:0 | Complex reasoning |
| Llama 3.1 | meta.llama3-1-70b-instruct-v1:0 | Open-source, cost-effective |
| Titan | amazon.titan-text-express-v1 | AWS-native, fastest |
Cost Comparison
| Model | Input (per 1K tokens) | Output (per 1K tokens) |
|---|---|---|
| Claude 3.5 Sonnet | $0.003 | $0.015 |
| Claude 3 Opus | $0.015 | $0.075 |
| Llama 3.1 70B | $0.00099 | $0.00099 |
| Titan Express | $0.0002 | $0.0006 |
Troubleshooting
Access Denied Errors
- Verify model access is enabled in Bedrock console
- Check IAM policy includes the specific model ARN
- Verify AWS credentials are configured correctly
VPC Endpoint Issues
- Verify private DNS is enabled
- Check security group allows HTTPS (443)
- Verify subnet has route to VPC endpoint
Timeouts
- Increase timeout in AxonFlow configuration:
config:
timeout: 60s - Check network connectivity to Bedrock endpoint
Next Steps
- LLM Providers Overview - All supported providers
- Ollama Setup - Self-hosted alternative
- Custom Provider SDK - Build custom providers