Accessing Amazon Bedrock with CloudBank Credentials

CloudBank users with PowerUser access can interact with Amazon Bedrock without requiring elevated IAM privileges or administrator access. While the long-term Bedrock API key option requires IAM permissions not available at the PowerUser level, there are two fully supported alternatives: a short-term Bedrock API key valid for up to 12 hours, and standard AWS credentials via the boto3 SDK or AWS CLI. Both approaches work seamlessly with your existing CloudBank federated login and are suitable for research, scripting, and automated workflows.

Note: The ability to create a static AWS access key and secret is not enabled by default for CloudBank accounts. See the end of this article for details on how to request this access.


Accessing Amazon Bedrock

Option 1: Short-Term Bedrock API Key (up to 12 hours)

You can generate a short-term Bedrock API key directly from the console using your PowerUser permissions:

  1. Log into the AWS Console and navigate to the Amazon Bedrock service
  2. In the left sidebar, click API keys
  3. Click Create API key and select Short-term
  4. Copy the generated key and use it as a Bearer token in your requests

Option 2: Standard AWS Credentials (boto3 / CLI)

Your existing role credentials can also be used directly with the AWS SDK or CLI to call Bedrock — no new key creation required. Your session credentials (access key ID, secret, and session token) are picked up automatically when you are logged in via your normal CloudBank federated login. Here are some examples:

Using boto3 (Python) with your session credentials

import boto3
import json

def main():
    client = boto3.client(
        "bedrock-runtime", 
        region_name="us-east-1"
    )

    # 1. Create the prompt
    prompt = {
        "messages": [
            {"role": "user", "content": "Hello World"}
        ], 
        "max_tokens": 512, 
        "temperature": 0.5, 
        "top_p": 0.9
    }

    # 2. Send the prompt to Bedrock for inference
    response = client.invoke_model(
        modelId="mistral.ministral-3-3b-instruct",
        body=json.dumps(prompt), 
        contentType="application/json",
        accept="application/json"
    )

    # 3. Read and parse the response body stream
    response_body = json.loads(response['body'].read().decode('utf-8'))
    
    # 4. Extract the text response from the schema (choices[0].message.content)
    response_text = response_body['choices'][0]['message']['content']
    
    print(response_text)

if __name__ == "__main__":
    main()

Alternatively, if you have a static AWS access key and secret, you can pass them explicitly:

client = boto3.client(
    "bedrock-runtime", 
    region_name="us-east-1", 
    aws_access_key_id="XXX", 
    aws_secret_access_key="XXX"
)

Using the AWS CLI

Create a JSON file (prompt.json) with your prompt:

{
  "messages": [
    {
      "role": "user",
      "content": [
        {
          "type": "text",
          "text": "Hello World"
        }
      ]
    }
  ],
  "max_tokens": 512,
  "temperature": 0.5,
  "top_p": 0.9
}

Then invoke the model:

aws bedrock-runtime invoke-model \
  --model-id mistral.ministral-3-3b-instruct \
  --body fileb://prompt.json \
  --region us-east-1 \
  output.json

Model Specific Instructions

If working with Anthropic models see please read Request and Response - Amazon Bedrock for important model specific instructions.


Need Additional Help?

Static AWS Access Key and Secret: The ability to create a static AWS access key and secret is not enabled by default for CloudBank accounts. If your workflow requires a long-lived key, please contact CloudBank Support to request the appropriate permissions.

Third-Party Applications (Bearer Token Only): If you are using a third-party application that only accepts a Bearer token and does not support AWS credential-based authentication, please contact CloudBank Support for assistance.

@kcoakley thanks for these notes. I’m successfully able to use AWS Bedrock via the console and testing model access via their “playground/workbench” However it seems some of the more recent anthropic models are not available on the account? Ones that do work include claude-haiku-4-5, claude-sonnet-4-6 and claude-opus-4-6

ones that don’t work: opus-4-7, sonnet-5

Error 403 {“type”:“error”,“request_id”:“req_hobpfbrq7tqszbuvmqal5fo7tdb4jmriyobpkvauz6qz7gy4aojq”,“error”:{“type”:“permission_error”,“message”:"anthropic.claude-opus-4-8 is not available for this account. You can explore other available models on Amazon Bedrock. For additional access options, contact AWS Sales at https://aws.amazon.com/contact-us/sales-support/}}

Can you confirm if this is due to account level access policy settings?

@scottyh We are working with StrategicBlue to resolve the issue with Opus 4.7 and Opus 4.8. We haven’t test Opus 5 or Fable, but I assume these will have the same issue.

1 Like