To use an embedding model deployed to AWS Bedrock service, specify the model endpoint name prefixed with bedrock: in the from field and include the required parameters in the params section.
| Parameter | Description |
|---|---|
aws_region | AWS region. Default: us-east-1. |
aws_profile | Optional. AWS profile to use when loading credentials. |
aws_access_key_id | Optional. AWS access key ID for authentication. If not provided, credentials will be loaded from environment variables or IAM roles |
aws_secret_access_key | Optional. AWS secret access key for authentication. If not provided, credentials will be loaded from environment variables or IAM roles |
aws_session_token | Optional. AWS session token for authentication |
max_concurrent_invocations | Optional. The maximum number of concurrent API invocations. Defaults to 40 |
requests_per_min_limit | Optional. The maximum number of requests made per minute. Defaults to 1500 |
These parameters are used for Amazon Titan Text embedding model
| Parameter | Description |
|---|---|
normalize | Whether or not to normalize the output embedding. Defaults to true. |
dimensions | The number of dimensions the output embedding should have. The following values are accepted: 1024 (default), 512, 256. |
These parameters are used for Amazon Nova multimodal embedding models
| Parameter | Description |
|---|---|
dimensions | Required. The number of dimensions the output embedding should have. Accepted value: 256, 384, 1024 or 3072. |
truncation_mode | Optional. Specifies how the API handles inputs longer than the maximum token length. One of: START, END or NONE (default). |
embedding_purpose | Optional. Use the Nova embeddings model optimized for different purposes. Default GENERIC_INDEX. See reference docs for all options. |
| Parameter | Description |
|---|---|
truncate | Specifies how the API handles inputs longer than the maximum token length. One of: START, END or NONE (default). |
input_type | Use the Cohere embeddings model optimized for different types of inputs. One of: search_document (default), search_query, classification or clustering. |
spicepod.yaml configuration, Cohere modelspicepod.yaml configuration, Titan modelspicepod.yaml configuration, Amazon Nova modelIf AWS credentials are not explicitly provided in the configuration, the connector will automatically load credentials from the following sources in order.
Environment Variables:
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEYAWS_SESSION_TOKEN (if using temporary credentials)Shared AWS Config/Credentials Files:
Config file: ~/.aws/config (Linux/Mac) or %UserProfile%\.aws\config (Windows)
Credentials file: ~/.aws/credentials (Linux/Mac) or %UserProfile%\.aws\credentials (Windows)
The AWS_PROFILE environment variable can be used to specify a named profile, otherwise the [default] profile is used.
Supports both static credentials and SSO sessions
Example credentials file:
:::tip To set up SSO authentication:
aws configure sso to configure a new SSO profileAWS_PROFILE=sso-profileaws sso login --profile sso-profile to start a new SSO session
:::AWS STS Web Identity Token Credentials:
The connector will try each source in order until valid credentials are found. If no valid credentials are found, an authentication error will be returned.
:::note[IAM Permissions]
Regardless of the credential source, the IAM role or user must have appropriate bedrock permissions (e.g., bedrock:InvokeModel) to access the model. If the Spicepod connects to multiple different AWS services, the permissions should cover all of them.
:::
The IAM role or user needs the following permissions to access DynamoDB tables:
| Permission | Purpose |
|---|---|
bedrock:InvokeModel | Required. Used to invoke the embedding model. |
Refer to the Amazon Bedrock documentation for more details on available models and configurations.
ECS Container Credentials:
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or AWS_CONTAINER_CREDENTIALS_FULL_URI which are automatically injected by ECS.AWS EC2 Instance Metadata Service (IMDSv2):