AWS SDK Default Credential Provider Chain Support
Hassieb PakzadSelf-hosted deployments can now use the AWS SDK default credential provider chain for Amazon Bedrock LLM connections.
Self-hosted Langfuse deployments can now leverage the AWS SDK default credential provider chain when connecting to Amazon Bedrock for LLM operations inside the Langfuse platform (e.g. playground, evals).
What’s New
Previously, self-hosted deployments required explicit AWS credentials (access key and secret key) to connect to Amazon Bedrock. Now you can use any of the AWS SDK’s default credential sources:
- IAM roles for EC2 instances
- ECS task roles for containerized deployments
- AWS profiles from
~/.aws/credentials - Environment variables (
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY)
Benefits
- Simplified deployment: No need to manage explicit credentials in your configuration
- Enhanced security: Follow AWS security best practices with IAM roles
- Flexible authentication: Use the most appropriate credential method for your deployment environment
- Seamless integration: Works with existing AWS infrastructure and security policies
Usage
When configuring Amazon Bedrock connections in your self-hosted deployment, you can now omit the explicit AWS credentials and let the SDK automatically discover them through the default provider chain.
Availability
This feature is available from Langfuse platform image version 3.83.0
Learn More