Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] AWS AssumeRoleWithWebIdentity Support for Bedrock #737

Open
Rapcohen opened this issue Nov 7, 2024 · 3 comments
Open

[Feature] AWS AssumeRoleWithWebIdentity Support for Bedrock #737

Rapcohen opened this issue Nov 7, 2024 · 3 comments
Labels
enhancement New feature or request triage

Comments

@Rapcohen
Copy link

Rapcohen commented Nov 7, 2024

What Would You Like to See with the Gateway?

The Portkey AI Gateway should allow users to set the AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_ARN environment variables, which can then be used to call the AssumeRoleWithWebIdentity API. This would enable the gateway to retrieve a set of temporary security credentials that can be used to access Bedrock.

Specifically, the gateway should:

  1. Accept the AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_ARN environment variables as part of the configuration.
  2. Use the provided credentials to call the AssumeRoleWithWebIdentity API and obtain security credentials.
  3. Use these credentials to authenticate and authorize requests to Bedrock.

Context for your Request

My organization is using the open-source version of the Portkey AI Gateway, which is deployed on our Kubernetes cluster. We want to define a role-based policy that allows the gateway to access Bedrock. The goal is to enable other services running on the same Kubernetes cluster to access Bedrock through the gateway, without having to manage their own AWS credentials.

Your Twitter/LinkedIn

No response

@Rapcohen Rapcohen added the enhancement New feature or request label Nov 7, 2024
@github-actions github-actions bot added the triage label Nov 7, 2024
@narengogi
Copy link
Collaborator

narengogi commented Nov 11, 2024

Hey @Rapcohen we already support using AssumeRoleWithWebIdentity API in the enterprise version of Portkey and we have plans to open source it, but have not planned any timelines around it.

cc'ing @sk-portkey who implemented this if you need more implementation details

@Rapcohen
Copy link
Author

Thanks for the reply @narengogi !

@sk-portkey
Copy link
Collaborator

@Rapcohen created a PR for this #744

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request triage
Projects
None yet
Development

No branches or pull requests

3 participants