AWS Bedrock Config - Support for ENV credentials

[bioshazard]

AWS_BEDROCK_CONFIG currently expects hard coded access token, secret token, and session token. These should all be optional, and we should rely on the ai-sdk to handle whatever credentials we attempt. This would allow my use case which relies on ENV vars like EKS IRSA to let the pod assume the role without hard coded access and secret needed at workload initialization. Will work on this if I have time.

EDIT: I see btw that ai-sdk itself set those keys as optional. IMO you shouldn't even verify any of that, just hand it off to the upstream provider which will handle all the errors anyway and eliminate the chore of accounting for what it provides in the first place as it updates.

interface AmazonBedrockProviderSettings {
    region?: string;
    accessKeyId?: string;
    secretAccessKey?: string;
    sessionToken?: string;
    /**
     * Complete Bedrock configuration for setting advanced authentication and
     * other options. When this is provided, the region, accessKeyId, and
     * secretAccessKey settings are ignored.
     */
    bedrockOptions?: BedrockRuntimeClientConfig;
    generateId?: () => string;
}

[bioshazard]

oh wait, realizing now that if we just pass bedrockOptions, then you could set the other 3 keys to "n/a"

[pdnellius]

It looks like ai-sdk's newest updates have an update for Bedrock credentials: vercel/ai#5220

Is it possible to update the ai-sdk implementation in https://github.com/stackblitz-labs/bolt.diy/blob/main/app/lib/modules/llm/providers/amazon-bedrock.ts to reflect this update? I'd make a PR but this seems like a big change.

I have done this locally and seems to work fine for Bedrock, but am not able to test all the other providers.

[ovoronin]

@pdnellius Could you share your code please? I have the same issue, and after using fromNodeProviderChain I have an error described here vitejs/vite#18949.
This means that you can use fromNodeProviderChain only from server code, and I assume you had this error too.
How did you fix that?

[bioshazard]

#1564 btw

[ovoronin]

@pdnellius
Long story short:
fromNodeProviderChain() works in nodejs only, but bolt uses Wrangler in production mode, it is nodejs emulation environment, which does not have filesystem access needed for fromNodeProviderChain() to work.
Solution - use express instead of Wrangler, this way fromNodeProviderChain() works perfectly.

[bioshazard]

@ovoronin , did you implement Express to get around this? I need fromNodeProviderChain to make use of env based AWS auth. I got it working in dev, but now k8s w/ IRSA is trollin me

[ovoronin]

@bioshazard Yes, there was a PR is this repo to serve with express
#1450