From ba3261bf9664ec5c73b424f2e2f8176d8838723a Mon Sep 17 00:00:00 2001 From: Vapi Tasker Date: Wed, 28 Jan 2026 10:43:17 +0000 Subject: [PATCH 1/2] docs: add Anthropic Bedrock integration page Add documentation for using Anthropic Claude models via AWS Bedrock with Vapi. The guide covers: - IAM role creation and configuration - Trust policy setup with Vapi AWS Account ID (533267069243) - Permissions policies (broad and restrictive options) - Vapi credential creation via API - External ID handling (user-provided or Vapi-generated) - Troubleshooting common errors Co-Authored-By: Claude --- fern/docs.yml | 2 + fern/providers/model/anthropic-bedrock.mdx | 249 +++++++++++++++++++++ 2 files changed, 251 insertions(+) create mode 100644 fern/providers/model/anthropic-bedrock.mdx diff --git a/fern/docs.yml b/fern/docs.yml index 61ad0be4d..72ae07908 100644 --- a/fern/docs.yml +++ b/fern/docs.yml @@ -586,6 +586,8 @@ navigation: path: providers/model/openai.mdx - page: Azure OpenAI path: providers/model/azure-openai.mdx + - page: Anthropic Bedrock + path: providers/model/anthropic-bedrock.mdx - page: Gemini path: providers/model/gemini.mdx - page: Groq diff --git a/fern/providers/model/anthropic-bedrock.mdx b/fern/providers/model/anthropic-bedrock.mdx new file mode 100644 index 000000000..5b679e492 --- /dev/null +++ b/fern/providers/model/anthropic-bedrock.mdx @@ -0,0 +1,249 @@ +--- +title: Anthropic Bedrock +subtitle: Use Anthropic Claude models via AWS Bedrock with your own AWS resources +slug: providers/model/anthropic-bedrock +--- + +**What is Anthropic Bedrock?** + +Amazon Bedrock is a fully managed service that provides access to foundation models from leading AI companies, including Anthropic's Claude models. With Bedrock, you can use Claude models through AWS infrastructure, benefiting from enterprise-grade security, regional data residency, and seamless integration with your existing AWS environment. + +**Custom Anthropic Bedrock Integration with Vapi:** + +Vapi's Anthropic Bedrock integration allows you to connect your own AWS Bedrock resources to power voice assistants with Claude models. This enables you to maintain full control over your AWS billing, use your own rate limits, and ensure data stays within your AWS environment. + +## Prerequisites + +Before configuring Anthropic Bedrock with Vapi, ensure you have: + +- An active AWS account with Bedrock access enabled +- Model access granted for Anthropic Claude models in your Bedrock console +- IAM permissions to create roles and policies + +## Configuration steps + + + + Create a new IAM role that Vapi will assume to access your Bedrock resources. + + 1. Go to the **IAM Console** in AWS + 2. Navigate to **Roles** and click **Create role** + 3. Select **Custom trust policy** as the trusted entity type + 4. Add the trust policy from the next step + + + Choose a descriptive name for your role, such as `VapiBedrockRole`, so you can easily identify its purpose. + + + + + Configure the trust policy to allow Vapi's AWS account to assume this role. Use the following trust policy: + + ```json title="Trust Policy" + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::533267069243:root" + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "sts:ExternalId": "YOUR_EXTERNAL_ID" + } + } + } + ] + } + ``` + + + **About External ID**: The External ID provides an additional layer of security for cross-account access. You can either: + - Provide your own External ID when creating the Vapi credential + - Let Vapi generate one for you (returned in `authenticationArtifact.externalId`) + + If Vapi generates the External ID, you must update this trust policy with the generated value after creating the credential. + + + + + Create and attach a permissions policy that grants access to Bedrock model invocation. + + + + Use this policy to grant access to all Anthropic models across all regions: + + ```json title="Permissions Policy (All Models)" + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "bedrock:InvokeModel", + "bedrock:InvokeModelWithResponseStream" + ], + "Resource": [ + "arn:aws:bedrock:*::foundation-model/anthropic.*", + "arn:aws:bedrock:*:*:inference-profile/us.anthropic.*" + ] + } + ] + } + ``` + + + Use this policy to limit access to specific models and regions: + + ```json title="Permissions Policy (Specific Models)" + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "bedrock:InvokeModel", + "bedrock:InvokeModelWithResponseStream" + ], + "Resource": [ + "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-5-sonnet-*", + "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-7-sonnet-*", + "arn:aws:bedrock:us-east-1:*:inference-profile/us.anthropic.claude-3-5-sonnet-*", + "arn:aws:bedrock:us-east-1:*:inference-profile/us.anthropic.claude-3-7-sonnet-*" + ] + } + ] + } + ``` + + + Replace `us-east-1` with your preferred AWS region. You can also add or remove specific model versions based on your needs. + + + + + To attach the policy: + 1. In the IAM Console, go to **Policies** and click **Create policy** + 2. Select **JSON** and paste your chosen policy + 3. Name the policy (e.g., `VapiBedrockInvokePolicy`) + 4. Attach the policy to your IAM role + + + + Use the Vapi API to create a credential with your AWS role information: + + ```bash title="Create Credential via API" + curl -X POST "https://api.vapi.ai/credential" \ + -H "Authorization: Bearer YOUR_VAPI_API_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "provider": "anthropic-bedrock", + "region": "us-east-1", + "authenticationPlan": { + "type": "aws-sts", + "roleArn": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/VapiBedrockRole", + "externalId": "your-optional-external-id" + } + }' + ``` + + | Field | Description | + |-------|-------------| + | `provider` | Must be `anthropic-bedrock` | + | `region` | AWS region where Bedrock is enabled (e.g., `us-east-1`) | + | `authenticationPlan.type` | Must be `aws-sts` for role assumption | + | `authenticationPlan.roleArn` | The ARN of the IAM role you created | + | `authenticationPlan.externalId` | Optional: Your chosen External ID. If omitted, Vapi generates one | + + + If you omit `externalId`, Vapi will generate one and return it in the response under `authenticationArtifact.externalId`. You must then update your IAM trust policy with this value. + + + + + If Vapi generated an External ID for you, update your IAM role's trust policy: + + 1. Go to the **IAM Console** and select your role + 2. Click the **Trust relationships** tab + 3. Click **Edit trust policy** + 4. Replace `YOUR_EXTERNAL_ID` with the value from `authenticationArtifact.externalId` + 5. Save the changes + + Your trust policy should now look like this: + + ```json title="Updated Trust Policy" {10} + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::533267069243:root" + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "sts:ExternalId": "vapi-generated-external-id-here" + } + } + } + ] + } + ``` + + + +## Example credential configuration + +Here is a complete example of a Vapi credential configuration for Anthropic Bedrock: + +```json title="Credential Configuration" +{ + "provider": "anthropic-bedrock", + "region": "us-east-1", + "authenticationPlan": { + "type": "aws-sts", + "roleArn": "arn:aws:iam::123456789012:role/VapiBedrockRole", + "externalId": "my-secure-external-id" + } +} +``` + +## Benefits of using Anthropic Bedrock + +**Enterprise security:** +- Data residency control with regional deployments +- Enterprise-grade security and compliance (SOC 2, HIPAA eligible, etc.) +- Private VPC connectivity options through AWS + +**Custom rate limits:** +- Use your own AWS Bedrock quotas and rate limits +- Avoid shared resource constraints +- Predictable costs and billing through AWS + +**AWS ecosystem integration:** +- Seamless integration with existing AWS infrastructure +- Use AWS CloudWatch for monitoring and logging +- Leverage AWS IAM for fine-grained access control + +## Troubleshooting + +### Common error: "Access Denied" +- **Cause**: The IAM role trust policy doesn't allow Vapi to assume the role +- **Solution**: Verify the trust policy includes Vapi's AWS account ID (`533267069243`) and the correct External ID + +### Common error: "Invalid External ID" +- **Cause**: The External ID in your trust policy doesn't match the one used by Vapi +- **Solution**: Check the `authenticationArtifact.externalId` in your credential and update your trust policy accordingly + +### Common error: "Model access denied" +- **Cause**: The IAM permissions policy doesn't grant access to the requested model, or model access isn't enabled in Bedrock +- **Solution**: + 1. Verify the permissions policy includes the correct model ARNs + 2. Ensure you've enabled access to the model in the AWS Bedrock console + +### Common error: "Region not supported" +- **Cause**: The specified region doesn't have Bedrock or the requested model available +- **Solution**: Use a supported region such as `us-east-1`, `us-west-2`, or `eu-west-1` From efc960b406219a85bb9e2f7956bc13f789520f1e Mon Sep 17 00:00:00 2001 From: Vapi Tasker Date: Wed, 28 Jan 2026 10:46:52 +0000 Subject: [PATCH 2/2] fix: correct External ID documentation - it's optional, not Vapi-generated - External ID is optional, Vapi does NOT generate it - Added tabs showing trust policy with and without External ID - Removed step about updating trust policy with Vapi-generated ID - Updated troubleshooting section Co-Authored-By: Claude --- fern/providers/model/anthropic-bedrock.mdx | 112 ++++++++++----------- 1 file changed, 51 insertions(+), 61 deletions(-) diff --git a/fern/providers/model/anthropic-bedrock.mdx b/fern/providers/model/anthropic-bedrock.mdx index 5b679e492..34fbce557 100644 --- a/fern/providers/model/anthropic-bedrock.mdx +++ b/fern/providers/model/anthropic-bedrock.mdx @@ -37,35 +37,57 @@ Before configuring Anthropic Bedrock with Vapi, ensure you have: - Configure the trust policy to allow Vapi's AWS account to assume this role. Use the following trust policy: + Configure the trust policy to allow Vapi's AWS account to assume this role. - ```json title="Trust Policy" - { - "Version": "2012-10-17", - "Statement": [ + + + Use this simpler policy if you don't need the additional security of an External ID: + + ```json title="Trust Policy (Basic)" { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::533267069243:root" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "sts:ExternalId": "YOUR_EXTERNAL_ID" + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::533267069243:root" + }, + "Action": "sts:AssumeRole" } - } + ] } - ] - } - ``` + ``` + + + Use this policy if you want the additional security of an External ID: - - **About External ID**: The External ID provides an additional layer of security for cross-account access. You can either: - - Provide your own External ID when creating the Vapi credential - - Let Vapi generate one for you (returned in `authenticationArtifact.externalId`) + ```json title="Trust Policy (With External ID)" + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::533267069243:root" + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "sts:ExternalId": "YOUR_EXTERNAL_ID" + } + } + } + ] + } + ``` - If Vapi generates the External ID, you must update this trust policy with the generated value after creating the credential. - + Replace `YOUR_EXTERNAL_ID` with your chosen value. You'll use the same value when creating the Vapi credential. + + + + + **About External ID**: The External ID is an optional security feature that provides an additional layer of protection for cross-account access. If you choose to use one, specify the same value in both your IAM trust policy and the Vapi credential configuration. + @@ -155,43 +177,11 @@ Before configuring Anthropic Bedrock with Vapi, ensure you have: | `region` | AWS region where Bedrock is enabled (e.g., `us-east-1`) | | `authenticationPlan.type` | Must be `aws-sts` for role assumption | | `authenticationPlan.roleArn` | The ARN of the IAM role you created | - | `authenticationPlan.externalId` | Optional: Your chosen External ID. If omitted, Vapi generates one | + | `authenticationPlan.externalId` | Optional: Your chosen External ID for additional security | - - If you omit `externalId`, Vapi will generate one and return it in the response under `authenticationArtifact.externalId`. You must then update your IAM trust policy with this value. - - - - - If Vapi generated an External ID for you, update your IAM role's trust policy: - - 1. Go to the **IAM Console** and select your role - 2. Click the **Trust relationships** tab - 3. Click **Edit trust policy** - 4. Replace `YOUR_EXTERNAL_ID` with the value from `authenticationArtifact.externalId` - 5. Save the changes - - Your trust policy should now look like this: - - ```json title="Updated Trust Policy" {10} - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::533267069243:root" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "sts:ExternalId": "vapi-generated-external-id-here" - } - } - } - ] - } - ``` + + If you don't need an External ID, you can remove the `Condition` block from your trust policy entirely. + @@ -235,8 +225,8 @@ Here is a complete example of a Vapi credential configuration for Anthropic Bedr - **Solution**: Verify the trust policy includes Vapi's AWS account ID (`533267069243`) and the correct External ID ### Common error: "Invalid External ID" -- **Cause**: The External ID in your trust policy doesn't match the one used by Vapi -- **Solution**: Check the `authenticationArtifact.externalId` in your credential and update your trust policy accordingly +- **Cause**: The External ID in your trust policy doesn't match the one in your Vapi credential +- **Solution**: Ensure the `externalId` value in your Vapi credential exactly matches the `sts:ExternalId` in your IAM trust policy. If you're not using an External ID, remove the `Condition` block from your trust policy ### Common error: "Model access denied" - **Cause**: The IAM permissions policy doesn't grant access to the requested model, or model access isn't enabled in Bedrock