CloudBank users with PowerUser access can interact with Amazon Bedrock without requiring elevated IAM privileges or administrator access. While the long-term Bedrock API key option requires IAM permissions not available at the PowerUser level, there are two fully supported alternatives: a short-term Bedrock API key valid for up to 12 hours, and standard AWS credentials via the boto3 SDK or AWS CLI. Both approaches work seamlessly with your existing CloudBank federated login and are suitable for research, scripting, and automated workflows.
Note: The ability to create a static AWS access key and secret is not enabled by default for CloudBank accounts. See the end of this article for details on how to request this access.
Accessing Amazon Bedrock
Option 1: Short-Term Bedrock API Key (up to 12 hours)
You can generate a short-term Bedrock API key directly from the console using your PowerUser permissions:
- Log into the AWS Console and navigate to the Amazon Bedrock service
- In the left sidebar, click API keys
- Click Create API key and select Short-term
- Copy the generated key and use it as a Bearer token in your requests
Option 2: Standard AWS Credentials (boto3 / CLI)
Your existing role credentials can also be used directly with the AWS SDK or CLI to call Bedrock — no new key creation required. Your session credentials (access key ID, secret, and session token) are picked up automatically when you are logged in via your normal CloudBank federated login. Here are some examples:
Using boto3 (Python) with your session credentials
import boto3
import json
def main():
client = boto3.client(
"bedrock-runtime",
region_name="us-east-1"
)
# 1. Create the prompt
prompt = {
"messages": [
{"role": "user", "content": "Hello World"}
],
"max_tokens": 512,
"temperature": 0.5,
"top_p": 0.9
}
# 2. Send the prompt to Bedrock for inference
response = client.invoke_model(
modelId="mistral.ministral-3-3b-instruct",
body=json.dumps(prompt),
contentType="application/json",
accept="application/json"
)
# 3. Read and parse the response body stream
response_body = json.loads(response['body'].read().decode('utf-8'))
# 4. Extract the text response from the schema (choices[0].message.content)
response_text = response_body['choices'][0]['message']['content']
print(response_text)
if __name__ == "__main__":
main()
Alternatively, if you have a static AWS access key and secret, you can pass them explicitly:
client = boto3.client(
"bedrock-runtime",
region_name="us-east-1",
aws_access_key_id="XXX",
aws_secret_access_key="XXX"
)
Using the AWS CLI
Create a JSON file (prompt.json) with your prompt:
{
"messages": [
{
"role": "user",
"content": [
{
"type": "text",
"text": "Hello World"
}
]
}
],
"max_tokens": 512,
"temperature": 0.5,
"top_p": 0.9
}
Then invoke the model:
aws bedrock-runtime invoke-model \
--model-id mistral.ministral-3-3b-instruct \
--body fileb://prompt.json \
--region us-east-1 \
output.json
Need Additional Help?
Static AWS Access Key and Secret: The ability to create a static AWS access key and secret is not enabled by default for CloudBank accounts. If your workflow requires a long-lived key, please contact CloudBank Support to request the appropriate permissions.
Third-Party Applications (Bearer Token Only): If you are using a third-party application that only accepts a Bearer token and does not support AWS credential-based authentication, please contact CloudBank Support for assistance.