Skip to main content

AWS Solutions Library

Overview

This Guidance demonstrates how organizations can implement Claude Code with secure enterprise authentication for Amazon Bedrock using industry-standard protocols and AWS services. It outlines a comprehensive authentication flow integrating OpenID Connect (OIDC) providers, such as Microsoft Entra ID and Okta to create a secure access management system for AI model interactions. The Guidance helps organizations deploy Claude Code, while maintaining strict control over AI resource access, seamlessly connecting to existing identity infrastructure and providing observability for developer productivity and usage patterns. By following the provided steps and best practices, organizations can establish a scalable, compliance-friendly approach to managing Claude Code deployments across large enterprises.

Benefits

Integrate Amazon Bedrock seamlessly with your existing identity provider through OIDC federation. Maintain consistent access controls while leveraging your established authentication systems.

Replace long-term access keys with temporary, session-based credentials for your AI workloads. Maintain enterprise security through standardized federation protocols.

Leverage AWS managed services to handle authentication and credential management. Focus on building AI solutions while AWS handles the security infrastructure.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram

Deploy with confidence

Ready to deploy? Review the sample code on GitHub for detailed deployment instructions to deploy as-is or customize to fit your needs. 

Go to sample code

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.