Skip to content

fix(amazon-bedrock): do not inherit env AWS_SESSION_TOKEN with explicit keys#14262

Closed
giulio-leone wants to merge 1 commit into
vercel:mainfrom
giulio-leone:fix/bedrock-session-token-env-14136
Closed

fix(amazon-bedrock): do not inherit env AWS_SESSION_TOKEN with explicit keys#14262
giulio-leone wants to merge 1 commit into
vercel:mainfrom
giulio-leone:fix/bedrock-session-token-env-14136

Conversation

@giulio-leone
Copy link
Copy Markdown
Contributor

@giulio-leone giulio-leone commented Apr 9, 2026

Summary

Fixes #14136

When both accessKeyId and secretAccessKey are provided as explicit options to createAmazonBedrock, the sessionToken is now sourced only from options.sessionToken. Previously, loadOptionalSetting would unconditionally fall back to process.env.AWS_SESSION_TOKEN, which on hosts with workload identity (EKS IRSA, ECS task role, Lambda) belongs to a different principal — producing mixed, invalid SigV4 credentials:

"The security token included in the request is invalid."

Changes

  • packages/amazon-bedrock/src/bedrock-provider.ts — When options.accessKeyId and options.secretAccessKey are both explicitly provided, use options.sessionToken directly instead of falling through to loadOptionalSetting (which reads AWS_SESSION_TOKEN from the environment). When keys come from the environment, env session-token fallback is preserved.
  • packages/amazon-bedrock/src/bedrock-provider.test.ts — Three regression tests exercising the credential-resolution callback:
    1. Explicit keys → env AWS_SESSION_TOKEN is not inherited
    2. Explicit keys + explicit sessionToken → works correctly
    3. No explicit keys → env AWS_SESSION_TOKEN fallback is preserved

Behaviour matrix

accessKeyId secretAccessKey sessionToken option AWS_SESSION_TOKEN env Result
explicit explicit omitted set sessionToken = undefined (no mixing)
explicit explicit explicit set sessionToken = option value
from env from env omitted set sessionToken = env value (preserved)

@giulio-leone
fix(amazon-bedrock): do not inherit env AWS_SESSION_TOKEN with explic…
4cb2809 
…it keys

When both accessKeyId and secretAccessKey are provided as explicit
options, only use options.sessionToken — do not fall back to
process.env.AWS_SESSION_TOKEN via loadOptionalSetting. On hosts with
workload identity (EKS IRSA, ECS task role, Lambda) the env token
belongs to a different principal, causing invalid mixed credentials
and SigV4 auth failures.

Fixes vercel#14136

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@tigent tigent Bot added ai/provider related to a provider package. Must be assigned together with at least one `provider/*` label bug Something isn't working as documented provider/amazon-bedrock Issues related to the @ai-sdk/amazon-bedrock provider labels Apr 9, 2026
@aayush-kapoor aayush-kapoor mentioned this pull request Apr 29, 2026
Closed
4 tasks
aayush-kapoor
aayush-kapoor reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aayush-kapoor aayush-kapoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

closing in favour of #14832

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aayush-kapoor aayush-kapoor aayush-kapoor left review comments

Assignees

No one assigned

Labels

ai/provider related to a provider package. Must be assigned together with at least one `provider/*` label bug Something isn't working as documented provider/amazon-bedrock Issues related to the @ai-sdk/amazon-bedrock provider

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

@ai-sdk/amazon-bedrock: explicit accessKeyId/secretAccessKey should not merge AWS_SESSION_TOKEN from env

2 participants

@giulio-leone @aayush-kapoor