SourcePulse logo
HomeBrowse all repos

guidance-for-claude-code-with-amazon-bedrock  by aws-solutions-library-samples

Secure enterprise authentication for Claude LLMs on Amazon Bedrock

Created 10 months ago
264 stars

Top 96.4% on SourcePulse

GitHubView on GitHub
Project Summary

This guidance provides enterprise-grade authentication and deployment patterns for Claude Code CLI and Claude Cowork Desktop using Amazon Bedrock. It targets organizations needing secure, centralized access to LLM capabilities, offering benefits like unified identity management, audit trails, and simplified credential handling for end-users.

How It Works

The core mechanism employs Direct IAM OIDC federation, allowing users to authenticate via existing enterprise identity providers (Okta, Azure AD, Auth0). Upon successful authentication, temporary AWS credentials are issued, enabling secure access to Amazon Bedrock without managing long-lived API keys. An alternative path using AWS IAM Identity Center is also supported. This approach ensures robust auditability and centralized control over LLM resource access.

Quick Start & Requirements

  • Primary Install/Run Command: Utilizes the ccwb command-line tool, typically invoked via poetry run ccwb deploy or similar commands after setup.
  • Prerequisites: Requires an existing OIDC Identity Provider (Okta, Azure AD, Auth0, Cognito User Pools), an AWS account with CloudFormation and IAM permissions, Amazon Bedrock activated in target regions, Python 3.10+, Poetry, AWS CLI v2, and Git.
  • Estimated Setup Time: 2-3 hours for initial setup, including identity provider configuration.
  • Documentation: Detailed instructions available in QUICK_START.md, Architecture Guide, Deployment Guide, and CoWork 3P Guide.

Highlighted Details

  • Seamless integration with enterprise IdPs (Okta, Azure AD, Auth0) and AWS IAM Identity Center.
  • Eliminates API key management for end-users, providing automatic credential refresh.
  • Supports multi-platform deployment (Windows, macOS, Linux) with standalone executables.
  • Enables centralized access control, usage monitoring via CloudWatch, and multi-region/multi-partition (Commercial/GovCloud) configurations.
  • Extends functionality to Claude Cowork Desktop with a single command.
  • Offers an optional deployment path without SSO for analytics-only use cases.

Maintenance & Community

This AWS Solutions Library sample focuses on providing a deployable pattern. Specific details regarding active community contributions, sponsorships, or dedicated support channels like Discord/Slack are not detailed in the README.

Licensing & Compatibility

  • License: MIT License.
  • Compatibility: Permissive MIT license allows for broad integration into commercial and closed-source applications.

Limitations & Caveats

Initial setup requires significant administrative effort involving both AWS and identity provider configurations. While standalone executables simplify end-user deployment, the underlying infrastructure setup demands technical expertise. The optional SSO-less deployment path sacrifices individual user attribution for simplified setup.

Health Check
Last Commit

23 hours ago

Responsiveness

Inactive

Pull Requests (30d)
82
Issues (30d)
45
Star History
45 stars in the last 30 days

Explore Similar Projects

nix-config by oddlama

0%
251
NixOS configuration for declarative infrastructure and dotfiles management
Created 3 years ago
Updated 1 month ago

robotocore by robotocore

0.3%
310
Local AWS API replica for development and AI agents
Created 2 months ago
Updated 1 day ago

selefra by selefra

0%
544
Policy-as-code CLI tool for multi-cloud/SaaS environments
Created 3 years ago
Updated 2 years ago
Starred by Georgios Konstantopoulos Georgios Konstantopoulos(CTO, General Partner at Paradigm).

constellation by edgelesssys

0.1%
1k
Confidential Kubernetes engine for data security
Created 3 years ago
Updated 3 months ago

mcp-security by google

0.6%
472
MCP servers for Google Security Operations and Threat Intelligence
Created 1 year ago
Updated 6 days ago
Starred by Evan Hubinger Evan Hubinger(Head of Alignment Stress-Testing at Anthropic), Kent Dodds Kent Dodds(Cofounder of Remix), and
1 more.

workers-oauth-provider by cloudflare

0.2%
2k
OAuth 2.1 provider framework for Cloudflare Workers
Created 1 year ago
Updated 1 day ago
Starred by Marko Budiselic Marko Budiselic(Cofounder of MemGraph), Patrick Kidger Patrick Kidger(Core Contributor to JAX ecosystem), and
7 more.

ubicloud by ubicloud

0.1%
12k
Open-source IaaS alternative to AWS
Created 3 years ago
Updated 6 hours ago

cloudpods by yunionio

0.1%
3k
Cloud-native platform for unified multi-cloud and AI workloads
Created 7 years ago
Updated 9 hours ago
Starred by Travis Fischer Travis Fischer(Founder of Agentic).

logto by logto-io

0.2%
12k
Open-source auth infrastructure for SaaS and AI apps
Created 4 years ago
Updated 6 hours ago

harbor-helm by goharbor

0%
1k
Helm chart for deploying Harbor in a Kubernetes cluster
Created 7 years ago
Updated 2 weeks ago
Starred by Jan Oberhauser Jan Oberhauser(Founder of n8n).

erxes by erxes

0.1%
4k
Experience Operating System for businesses
Created 9 years ago
Updated 5 hours ago
Starred by Peer Richelsen Peer Richelsen(Cofounder of Cal.com), Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), and
4 more.

prowler by prowler-cloud

0.3%
14k
Cloud security and compliance automation platform
Created 9 years ago
Updated 5 hours ago
Feedback? Help us improve.