@ai-sdk/amazon-bedrock 3.0.0-beta.5 → 3.0.0-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/README.md +75 -0
  3. package/dist/index.d.mts +24 -0
  4. package/dist/index.d.ts +24 -0
  5. package/dist/index.js +71 -25
  6. package/dist/index.js.map +1 -1
  7. package/dist/index.mjs +71 -25
  8. package/dist/index.mjs.map +1 -1
  9. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,18 @@
1
1
  # @ai-sdk/amazon-bedrock
2
2
 
3
+ ## 3.0.0-beta.7
4
+
5
+ ### Patch Changes
6
+
7
+ - 314edb2: Add API key authentication support for Amazon Bedrock with Bearer token and automatic SigV4 fallback
8
+
9
+ ## 3.0.0-beta.6
10
+
11
+ ### Patch Changes
12
+
13
+ - Updated dependencies [05d2819]
14
+ - @ai-sdk/provider-utils@3.0.0-beta.3
15
+
3
16
  ## 3.0.0-beta.5
4
17
 
5
18
  ### Patch Changes
package/README.md CHANGED
@@ -19,6 +19,81 @@ You can import the default provider instance `bedrock` from `@ai-sdk/amazon-bedr
19
19
  import { bedrock } from '@ai-sdk/amazon-bedrock';
20
20
  ```
21
21
 
22
+ ## Authentication
23
+
24
+ The Amazon Bedrock provider supports two authentication methods with automatic fallback:
25
+
26
+ ### API Key Authentication (Recommended)
27
+
28
+ API key authentication provides a simpler setup process compared to traditional AWS SigV4 authentication. You can authenticate using either environment variables or direct configuration.
29
+
30
+ #### Using Environment Variable
31
+
32
+ Set the `AWS_BEARER_TOKEN_BEDROCK` environment variable with your API key:
33
+
34
+ ```bash
35
+ export AWS_BEARER_TOKEN_BEDROCK=your-api-key-here
36
+ ```
37
+
38
+ ```ts
39
+ import { bedrock } from '@ai-sdk/amazon-bedrock';
40
+ import { generateText } from 'ai';
41
+
42
+ const { text } = await generateText({
43
+ model: bedrock('anthropic.claude-3-haiku-20240307-v1:0'),
44
+ prompt: 'Write a vegetarian lasagna recipe for 4 people.',
45
+ // API key is automatically loaded from AWS_BEARER_TOKEN_BEDROCK
46
+ });
47
+ ```
48
+
49
+ #### Using Direct Configuration
50
+
51
+ You can also pass the API key directly in the provider configuration:
52
+
53
+ ```ts
54
+ import { bedrock } from '@ai-sdk/amazon-bedrock';
55
+ import { generateText } from 'ai';
56
+
57
+ const bedrockWithApiKey = bedrock.withSettings({
58
+ apiKey: process.env.AWS_BEARER_TOKEN_BEDROCK, // or your API key directly
59
+ region: 'us-east-1', // Optional: specify region
60
+ });
61
+
62
+ const { text } = await generateText({
63
+ model: bedrockWithApiKey('anthropic.claude-3-haiku-20240307-v1:0'),
64
+ prompt: 'Write a vegetarian lasagna recipe for 4 people.',
65
+ });
66
+ ```
67
+
68
+ ### SigV4 Authentication (Fallback)
69
+
70
+ If no API key is provided, the provider automatically falls back to AWS SigV4 authentication using standard AWS credentials:
71
+
72
+ ```ts
73
+ import { bedrock } from '@ai-sdk/amazon-bedrock';
74
+ import { generateText } from 'ai';
75
+
76
+ // Uses AWS credentials from environment variables or AWS credential chain
77
+ const { text } = await generateText({
78
+ model: bedrock('anthropic.claude-3-haiku-20240307-v1:0'),
79
+ prompt: 'Write a vegetarian lasagna recipe for 4 people.',
80
+ });
81
+ ```
82
+
83
+ This method requires standard AWS environment variables:
84
+
85
+ - `AWS_ACCESS_KEY_ID`
86
+ - `AWS_SECRET_ACCESS_KEY`
87
+ - `AWS_SESSION_TOKEN` (optional, for temporary credentials)
88
+
89
+ ### Authentication Precedence
90
+
91
+ The provider uses the following authentication precedence:
92
+
93
+ 1. **API key from direct configuration** (`apiKey` in `withSettings()`)
94
+ 2. **API key from environment variable** (`AWS_BEARER_TOKEN_BEDROCK`)
95
+ 3. **SigV4 authentication** (AWS credential chain fallback)
96
+
22
97
  ## Example
23
98
 
24
99
  ```ts
package/dist/index.d.mts CHANGED
@@ -30,6 +30,30 @@ interface AmazonBedrockProviderSettings {
30
30
  */
31
31
  region?: string;
32
32
  /**
33
+ API key for authenticating requests using Bearer token authentication.
34
+ When provided, this will be used instead of AWS SigV4 authentication.
35
+ Defaults to the value of the `AWS_BEARER_TOKEN_BEDROCK` environment variable.
36
+
37
+ @example
38
+ ```typescript
39
+ // Using API key directly
40
+ const bedrock = createAmazonBedrock({
41
+ apiKey: 'your-api-key-here',
42
+ region: 'us-east-1'
43
+ });
44
+
45
+ // Using environment variable AWS_BEARER_TOKEN_BEDROCK
46
+ const bedrock = createAmazonBedrock({
47
+ region: 'us-east-1'
48
+ });
49
+ ```
50
+
51
+ Note: When `apiKey` is provided, it takes precedence over AWS SigV4 authentication.
52
+ If neither `apiKey` nor `AWS_BEARER_TOKEN_BEDROCK` environment variable is set,
53
+ the provider will fall back to AWS SigV4 authentication using AWS credentials.
54
+ */
55
+ apiKey?: string;
56
+ /**
33
57
  The AWS access key ID to use for the Bedrock provider. Defaults to the value of the
34
58
  `AWS_ACCESS_KEY_ID` environment variable.
35
59
  */
package/dist/index.d.ts CHANGED
@@ -30,6 +30,30 @@ interface AmazonBedrockProviderSettings {
30
30
  */
31
31
  region?: string;
32
32
  /**
33
+ API key for authenticating requests using Bearer token authentication.
34
+ When provided, this will be used instead of AWS SigV4 authentication.
35
+ Defaults to the value of the `AWS_BEARER_TOKEN_BEDROCK` environment variable.
36
+
37
+ @example
38
+ ```typescript
39
+ // Using API key directly
40
+ const bedrock = createAmazonBedrock({
41
+ apiKey: 'your-api-key-here',
42
+ region: 'us-east-1'
43
+ });
44
+
45
+ // Using environment variable AWS_BEARER_TOKEN_BEDROCK
46
+ const bedrock = createAmazonBedrock({
47
+ region: 'us-east-1'
48
+ });
49
+ ```
50
+
51
+ Note: When `apiKey` is provided, it takes precedence over AWS SigV4 authentication.
52
+ If neither `apiKey` nor `AWS_BEARER_TOKEN_BEDROCK` environment variable is set,
53
+ the provider will fall back to AWS SigV4 authentication using AWS credentials.
54
+ */
55
+ apiKey?: string;
56
+ /**
33
57
  The AWS access key ID to use for the Bedrock provider. Defaults to the value of the
34
58
  `AWS_ACCESS_KEY_ID` environment variable.
35
59
  */
package/dist/index.js CHANGED
@@ -1350,10 +1350,28 @@ function prepareBodyString(body) {
1350
1350
  return JSON.stringify(body);
1351
1351
  }
1352
1352
  }
1353
+ function createApiKeyFetchFunction(apiKey, fetch = globalThis.fetch) {
1354
+ return async (input, init) => {
1355
+ const originalHeaders = extractHeaders(init == null ? void 0 : init.headers);
1356
+ return fetch(input, {
1357
+ ...init,
1358
+ headers: (0, import_provider_utils6.removeUndefinedEntries)(
1359
+ (0, import_provider_utils6.combineHeaders)(originalHeaders, {
1360
+ Authorization: `Bearer ${apiKey}`
1361
+ })
1362
+ )
1363
+ });
1364
+ };
1365
+ }
1353
1366
 
1354
1367
  // src/bedrock-provider.ts
1355
1368
  function createAmazonBedrock(options = {}) {
1356
- const sigv4Fetch = createSigV4FetchFunction(async () => {
1369
+ const rawApiKey = (0, import_provider_utils7.loadOptionalSetting)({
1370
+ settingValue: options.apiKey,
1371
+ environmentVariableName: "AWS_BEARER_TOKEN_BEDROCK"
1372
+ });
1373
+ const apiKey = rawApiKey && rawApiKey.trim().length > 0 ? rawApiKey.trim() : void 0;
1374
+ const fetchFunction = apiKey ? createApiKeyFetchFunction(apiKey, options.fetch) : createSigV4FetchFunction(async () => {
1357
1375
  const region = (0, import_provider_utils7.loadSetting)({
1358
1376
  settingValue: options.region,
1359
1377
  settingName: "region",
@@ -1361,30 +1379,58 @@ function createAmazonBedrock(options = {}) {
1361
1379
  description: "AWS region"
1362
1380
  });
1363
1381
  if (options.credentialProvider) {
1382
+ try {
1383
+ return {
1384
+ ...await options.credentialProvider(),
1385
+ region
1386
+ };
1387
+ } catch (error) {
1388
+ const errorMessage = error instanceof Error ? error.message : String(error);
1389
+ throw new Error(
1390
+ `AWS credential provider failed: ${errorMessage}. Please ensure your credential provider returns valid AWS credentials with accessKeyId and secretAccessKey properties.`
1391
+ );
1392
+ }
1393
+ }
1394
+ try {
1364
1395
  return {
1365
- ...await options.credentialProvider(),
1366
- region
1396
+ region,
1397
+ accessKeyId: (0, import_provider_utils7.loadSetting)({
1398
+ settingValue: options.accessKeyId,
1399
+ settingName: "accessKeyId",
1400
+ environmentVariableName: "AWS_ACCESS_KEY_ID",
1401
+ description: "AWS access key ID"
1402
+ }),
1403
+ secretAccessKey: (0, import_provider_utils7.loadSetting)({
1404
+ settingValue: options.secretAccessKey,
1405
+ settingName: "secretAccessKey",
1406
+ environmentVariableName: "AWS_SECRET_ACCESS_KEY",
1407
+ description: "AWS secret access key"
1408
+ }),
1409
+ sessionToken: (0, import_provider_utils7.loadOptionalSetting)({
1410
+ settingValue: options.sessionToken,
1411
+ environmentVariableName: "AWS_SESSION_TOKEN"
1412
+ })
1367
1413
  };
1414
+ } catch (error) {
1415
+ const errorMessage = error instanceof Error ? error.message : String(error);
1416
+ if (errorMessage.includes("AWS_ACCESS_KEY_ID") || errorMessage.includes("accessKeyId")) {
1417
+ throw new Error(
1418
+ `AWS SigV4 authentication requires AWS credentials. Please provide either:
1419
+ 1. Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables
1420
+ 2. Provide accessKeyId and secretAccessKey in options
1421
+ 3. Use a credentialProvider function
1422
+ 4. Use API key authentication with AWS_BEARER_TOKEN_BEDROCK or apiKey option
1423
+ Original error: ${errorMessage}`
1424
+ );
1425
+ }
1426
+ if (errorMessage.includes("AWS_SECRET_ACCESS_KEY") || errorMessage.includes("secretAccessKey")) {
1427
+ throw new Error(
1428
+ `AWS SigV4 authentication requires both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Please ensure both credentials are provided.
1429
+ Original error: ${errorMessage}`
1430
+ );
1431
+ }
1432
+ throw error;
1368
1433
  }
1369
- return {
1370
- region,
1371
- accessKeyId: (0, import_provider_utils7.loadSetting)({
1372
- settingValue: options.accessKeyId,
1373
- settingName: "accessKeyId",
1374
- environmentVariableName: "AWS_ACCESS_KEY_ID",
1375
- description: "AWS access key ID"
1376
- }),
1377
- secretAccessKey: (0, import_provider_utils7.loadSetting)({
1378
- settingValue: options.secretAccessKey,
1379
- settingName: "secretAccessKey",
1380
- environmentVariableName: "AWS_SECRET_ACCESS_KEY",
1381
- description: "AWS secret access key"
1382
- }),
1383
- sessionToken: (0, import_provider_utils7.loadOptionalSetting)({
1384
- settingValue: options.sessionToken,
1385
- environmentVariableName: "AWS_SESSION_TOKEN"
1386
- })
1387
- };
1388
1434
  }, options.fetch);
1389
1435
  const getBaseUrl = () => {
1390
1436
  var _a, _b;
@@ -1402,7 +1448,7 @@ function createAmazonBedrock(options = {}) {
1402
1448
  return new BedrockChatLanguageModel(modelId, {
1403
1449
  baseUrl: getBaseUrl,
1404
1450
  headers: (_a = options.headers) != null ? _a : {},
1405
- fetch: sigv4Fetch,
1451
+ fetch: fetchFunction,
1406
1452
  generateId: import_provider_utils7.generateId
1407
1453
  });
1408
1454
  };
@@ -1419,7 +1465,7 @@ function createAmazonBedrock(options = {}) {
1419
1465
  return new BedrockEmbeddingModel(modelId, {
1420
1466
  baseUrl: getBaseUrl,
1421
1467
  headers: (_a = options.headers) != null ? _a : {},
1422
- fetch: sigv4Fetch
1468
+ fetch: fetchFunction
1423
1469
  });
1424
1470
  };
1425
1471
  const createImageModel = (modelId) => {
@@ -1427,7 +1473,7 @@ function createAmazonBedrock(options = {}) {
1427
1473
  return new BedrockImageModel(modelId, {
1428
1474
  baseUrl: getBaseUrl,
1429
1475
  headers: (_a = options.headers) != null ? _a : {},
1430
- fetch: sigv4Fetch
1476
+ fetch: fetchFunction
1431
1477
  });
1432
1478
  };
1433
1479
  provider.languageModel = createChatModel;