LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-20 21:23:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: refresh bedrock discovery docs

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-04 09:57:13 +01:00
parent 29033400eb
commit ac8d91edff
2 changed files with 38 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/help/faq.md
View File

@@ -626,7 +626,7 @@ for usage/billing and raise limits as needed.
</Accordion>
<Accordion title="Is AWS Bedrock supported?">
Yes - via pi-ai's **Amazon Bedrock (Converse)** provider with **manual config**. You must supply AWS credentials/region on the gateway host and add a Bedrock provider entry in your models config. See [Amazon Bedrock](/providers/bedrock) and [Model providers](/providers/models). If you prefer a managed key flow, an OpenAI-compatible proxy in front of Bedrock is still a valid option.
Yes. OpenClaw has a bundled **Amazon Bedrock (Converse)** provider. With AWS env markers present, OpenClaw can auto-discover the streaming/text Bedrock catalog and merge it as an implicit `amazon-bedrock` provider; otherwise you can explicitly enable `models.bedrockDiscovery.enabled` or add a manual provider entry. See [Amazon Bedrock](/providers/bedrock) and [Model providers](/providers/models). If you prefer a managed key flow, an OpenAI-compatible proxy in front of Bedrock is still a valid option.
</Accordion>
<Accordion title="How does Codex auth work?">

50
docs/providers/bedrock.md
View File

@@ -21,9 +21,21 @@ not an API key.
## Automatic model discovery
If AWS credentials are detected, OpenClaw can automatically discover Bedrock
models that support **streaming** and **text output**. Discovery uses
`bedrock:ListFoundationModels` and is cached (default: 1 hour).
OpenClaw can automatically discover Bedrock models that support **streaming**
and **text output**. Discovery uses `bedrock:ListFoundationModels` and is
cached (default: 1 hour).
How the implicit provider is enabled:
- If `models.bedrockDiscovery.enabled` is `true`, OpenClaw will try discovery
even when no AWS env marker is present.
- If `models.bedrockDiscovery.enabled` is unset, OpenClaw only auto-adds the
implicit Bedrock provider when it sees one of these AWS auth markers:
`AWS_BEARER_TOKEN_BEDROCK`, `AWS_ACCESS_KEY_ID` +
`AWS_SECRET_ACCESS_KEY`, or `AWS_PROFILE`.
- The actual Bedrock runtime auth path still uses the AWS SDK default chain, so
shared config, SSO, and IMDS instance-role auth can work even when discovery
needed `enabled: true` to opt in.
Config options live under `models.bedrockDiscovery`:
@@ -44,7 +56,8 @@ Config options live under `models.bedrockDiscovery`:
Notes:
- `enabled` defaults to `true` when AWS credentials are present.
- `enabled` defaults to auto mode. In auto mode, OpenClaw only enables the
implicit Bedrock provider when it sees a supported AWS env marker.
- `region` defaults to `AWS_REGION` or `AWS_DEFAULT_REGION`, then `us-east-1`.
- `providerFilter` matches Bedrock provider names (for example `anthropic`).
- `refreshInterval` is seconds; set to `0` to disable caching.
@@ -101,15 +114,24 @@ export AWS_BEARER_TOKEN_BEDROCK="..."
## EC2 Instance Roles
When running OpenClaw on an EC2 instance with an IAM role attached, the AWS SDK
will automatically use the instance metadata service (IMDS) for authentication.
However, OpenClaw's credential detection currently only checks for environment
variables, not IMDS credentials.
can use the instance metadata service (IMDS) for authentication. For Bedrock
model discovery, OpenClaw only auto-enables the implicit provider from AWS env
markers unless you explicitly set `models.bedrockDiscovery.enabled: true`.
**Workaround:** Set `AWS_PROFILE=default` to signal that AWS credentials are
available. The actual authentication still uses the instance role via IMDS.
Recommended setup for IMDS-backed hosts:
- Set `models.bedrockDiscovery.enabled` to `true`.
- Set `models.bedrockDiscovery.region` (or export `AWS_REGION`).
- You do **not** need a fake API key.
- You only need `AWS_PROFILE=default` if you specifically want an env marker
for auto mode or status surfaces.
```bash
# Add to ~/.bashrc or your shell profile
# Recommended: explicit discovery enable + region
openclaw config set models.bedrockDiscovery.enabled true
openclaw config set models.bedrockDiscovery.region us-east-1
# Optional: add an env marker if you want auto mode without explicit enable
export AWS_PROFILE=default
export AWS_REGION=us-east-1
```
@@ -149,11 +171,11 @@ aws ec2 associate-iam-instance-profile \
--instance-id i-xxxxx \
--iam-instance-profile Name=EC2-Bedrock-Access
# 3. On the EC2 instance, enable discovery
# 3. On the EC2 instance, enable discovery explicitly
openclaw config set models.bedrockDiscovery.enabled true
openclaw config set models.bedrockDiscovery.region us-east-1
# 4. Set the workaround env vars
# 4. Optional: add an env marker if you want auto mode without explicit enable
echo 'export AWS_PROFILE=default' >> ~/.bashrc
echo 'export AWS_REGION=us-east-1' >> ~/.bashrc
source ~/.bashrc
@@ -166,7 +188,9 @@ openclaw models list
- Bedrock requires **model access** enabled in your AWS account/region.
- Automatic discovery needs the `bedrock:ListFoundationModels` permission.
- If you use profiles, set `AWS_PROFILE` on the gateway host.
- If you rely on auto mode, set one of the supported AWS auth env markers on the
gateway host. If you prefer IMDS/shared-config auth without env markers, set
`models.bedrockDiscovery.enabled: true`.
- OpenClaw surfaces the credential source in this order: `AWS_BEARER_TOKEN_BEDROCK`,
then `AWS_ACCESS_KEY_ID` + `AWS_SECRET_ACCESS_KEY`, then `AWS_PROFILE`, then the
default AWS SDK chain.