To use an embedding model deployed to AWS Bedrock service, specify the model endpoint name prefixed with bedrock: in the from field and include the required parameters in the params section.
| Parameter | Description |
|---|---|
aws_region | AWS region. Default: us-east-1. |
aws_profile | Optional. AWS profile to use when loading credentials. |
aws_access_key_id | Optional. AWS access key ID for authentication. If not provided, credentials will be loaded from environment variables or IAM roles |
aws_secret_access_key | Optional. AWS secret access key for authentication. If not provided, credentials will be loaded from environment variables or IAM roles |
aws_session_token | Optional. AWS session token for authentication |
max_concurrent_invocations | Optional. The maximum number of concurrent API invocations. Defaults to 40 |
requests_per_min_limit | Optional. The maximum number of requests made per minute. Defaults to 1500 |
These parameters are used for Amazon Titan Text embedding model
| Parameter | Description |
|---|---|
normalize | Whether or not to normalize the output embedding. Defaults to true. |
dimensions | The number of dimensions the output embedding should have. The following values are accepted: 1024 (default), 512, 256. |
| Parameter | Description |
|---|---|
truncate | Specifies how the API handles inputs longer than the maximum token length. One of: START, END or NONE (default). |
input_type | Use the Cohere embeddings model optimized for different types of inputs. One of: search_document (default), search_query, classification or clustering. |
spicepod.yaml configuration, Cohere modelspicepod.yaml configuration, Titan modelIf AWS credentials are not explicitly provided in the configuration, the connector will automatically load credentials from the following sources in order.
Environment Variables:
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEYAWS_SESSION_TOKEN (if using temporary credentials)Shared AWS Config/Credentials Files:
Config file: ~/.aws/config (Linux/Mac) or %UserProfile%\.aws\config (Windows)
Credentials file: ~/.aws/credentials (Linux/Mac) or %UserProfile%\.aws\credentials (Windows)
The AWS_PROFILE environment variable can be used to specify a named profile, otherwise the [default] profile is used.
Supports both static credentials and SSO sessions
Example credentials file:
:::tip To set up SSO authentication:
aws configure sso to configure a new SSO profileAWS_PROFILE=sso-profileaws sso login --profile sso-profile to start a new SSO session
:::AWS STS Web Identity Token Credentials:
The connector will try each source in order until valid credentials are found. If no valid credentials are found, an authentication error will be returned.
:::note[IAM Permissions]
Regardless of the credential source, the IAM role or user must have appropriate bedrock permissions (e.g., bedrock:InvokeModel) to access the model. If the Spicepod connects to multiple different AWS services, the permissions should cover all of them.
:::
The IAM role or user needs the following permissions to access DynamoDB tables:
| Permission | Purpose |
|---|---|
bedrock:InvokeModel | Required. Used to invoke the embedding model. |
Refer to the Amazon Bedrock documentation for more details on available models and configurations.
ECS Container Credentials:
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or AWS_CONTAINER_CREDENTIALS_FULL_URI which are automatically injected by ECS.AWS EC2 Instance Metadata Service (IMDSv2):