Skip to main content

AWS Bedrock

Type: conversation.aws.bedrock

Status: alpha

Reference: https://docs.dapr.io/reference/components-reference/supported-conversation/aws-bedrock/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
  name: <name>
spec:
  type: conversation.aws.bedrock
  version: v1
  metadata:
    # AWS access key associated with an IAM account (Optional)
    #- name: accessKey
    #  value: "AKIAIOSFODNN7EXAMPLE"
    # This maintains backwards compatibility with existing fields. It will be deprecated as of Dapr 1.17. Use 'region' instead. The AWS Region where the AWS resource is deployed to. (Optional)
    #- name: awsRegion
    #  value: "us-east-1"
    # The AWS Region where the AWS resource is deployed to. This will be marked required in Dapr 1.17. (Optional)
    #- name: region
    #  value: "us-east-1"
    # The secret key associated with the access key (Optional)
    #- name: secretKey
    #  value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
    # AWS session token to use. A session token is only required if you are using temporary security credentials. (Optional)
    #- name: sessionToken
    #  value: "TOKEN"
    # AWS endpoint for the component to use, to connect to emulators. Do not use this when running against production AWS. (Optional)
    #- name: endpoint
    #  value: "http://mycompany.com:4566"
    # The model identifier or inference profile ARN to use. Defaults to Bedrock's default provider model from Amazon. You can specify either: - A model ID (e.g., "amazon.titan-text-express-v1") that supports on-demand throughput - An inference profile ARN for models that require it (found in the AWS Bedrock console under "Cross-Region Inference") (Optional)
    #- name: model
    #  value: "amazon.titan-text-express-v1"
    # A time-to-live value for a prompt/response cache to expire. Uses Go duration strings (e.g. "5m", "1h"). The component also supports the legacy key `cacheTTL` via mapstructure aliases. (Optional)
    #- name: responseCacheTTL
    #  value: "10m"

Authentication profiles

Available authentication profiles:

  • AWS: Access Key ID and Secret Access Key

  • AWS: Assume IAM Role

  • AWS: IAM Roles Anywhere

AWS: Access Key ID and Secret Access Key

Authenticate using an Access Key ID and Secret Access Key included in the metadata

accessKey

AWS access key associated with an IAM account

Example value: AKIAIOSFODNN7EXAMPLE

awsRegion (string)

This maintains backwards compatibility with existing fields. It will be deprecated as of Dapr 1.17. Use 'region' instead. The AWS Region where the AWS resource is deployed to.

Example value: us-east-1

region (string)

The AWS Region where the AWS resource is deployed to. This will be marked required in Dapr 1.17.

Example value: us-east-1

secretKey

The secret key associated with the access key

Example value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

sessionToken (string)

AWS session token to use. A session token is only required if you are using temporary security credentials.

Example value: TOKEN

AWS: Assume IAM Role

Assume a specific IAM role. Note: This is only supported for Kafka and PostgreSQL.

region (string)

Required - The AWS Region where the AWS resource is deployed to.

Example value: us-east-1

assumeRoleArn (string)

IAM role that has access to AWS resource. This is another option to authenticate with MSK and RDS Aurora aside from the AWS Credentials. This will be marked required in Dapr 1.17.

Example value: arn:aws:iam::123456789:role/mskRole

sessionName (string)

The session name for assuming a role.

Default value: DaprDefaultSession

Example value: MyAppSession

AWS: IAM Roles Anywhere

Use AWS IAM Roles Anywhere to establish trust between your AWS account and Diagrid.

assumeRoleArn

Required - ARN of the AWS IAM role to assume in the trusting AWS account.

Example value: arn:aws:iam:012345678910:role/exampleIAMRoleName

trustAnchorArn

Required - ARN of the AWS Trust Anchor in the AWS account granting trust to the Dapr Certificate Authority.

Example value: arn:aws:rolesanywhere:us-west-1:012345678910:trust-anchor/01234568-0123-0123-0123-012345678901

trustProfileArn

Required - ARN of the AWS IAM Profile in the trusting AWS account.

Example value: arn:aws:rolesanywhere:us-west-1:012345678910:profile/01234568-0123-0123-0123-012345678901

Metadata

endpoint (string)

AWS endpoint for the component to use, to connect to emulators. Do not use this when running against production AWS.

Example value: http://mycompany.com:4566

model (string)

The model identifier or inference profile ARN to use. Defaults to Bedrock's default provider model from Amazon. You can specify either: - A model ID (e.g., "amazon.titan-text-express-v1") that supports on-demand throughput - An inference profile ARN for models that require it (found in the AWS Bedrock console under "Cross-Region Inference")

Example value: amazon.titan-text-express-v1

responseCacheTTL (string)

A time-to-live value for a prompt/response cache to expire. Uses Go duration strings (e.g. "5m", "1h"). The component also supports the legacy key cacheTTL via mapstructure aliases.

Example value: 10m