Amazon Bedrock in Practice

Multi-Account Bedrock Setup with AWS Organizations

Most enterprises don't run one AWS account — they run dozens. Getting Claude on Bedrock working cleanly across an organization is mostly a question of where you put access, guardrails, and quota.

Claude 3P 101 · Updated July 2026 · Unofficial guide

AWS Organizations is the service that groups many AWS accounts under one management account, with shared billing and centrally enforced policies. If your company follows standard AWS practice — separate accounts per team, per environment, or per workload — then "rolling out Claude on Bedrock" really means answering four questions: who enables model access, who is allowed to invoke, where quota lives, and how usage is observed. Each has a clean answer.

Model access: enable once, inherit everywhere it counts

Bedrock model access is enabled per account, and the first invocation of a third-party model auto-initiates the AWS Marketplace subscription (allow up to 15 minutes; missing prerequisites produce an AccessDeniedException). The identity enabling a model for the first time needs aws-marketplace:Subscribe, aws-marketplace:Unsubscribe, and aws-marketplace:ViewSubscriptions.

The organization-level shortcut: Anthropic models require a one-time First Time Use (FTU) use-case form, and a submission from the management account is inherited by the whole AWS Organization. Submitting it once centrally (via the console or the PutUseCaseForModelAccess API) saves every member account from repeating the step. The FTU form does not apply at all to Claude accessed through the newer bedrock-mantle endpoint. Details in requesting Claude model access.

Guardrails: SCPs are the organization-wide "no"

Service Control Policies (SCPs) set the outer boundary of what any identity in a member account can do, regardless of its IAM policies. Two Bedrock-specific facts shape how you write them:

First, to block model use, deny the invocation actions — bedrock:InvokeModel (or the bedrock:InvokeModel* wildcard, plus bedrock:Converse/bedrock:ConverseStream for completeness). Denying Marketplace subscription alone does not block first invocation, and deleting a model agreement doesn't either — invoking the model re-creates it.

Second, cross-region inference interacts with region-restricting SCPs: geographic inference profiles need all destination regions allowed, and global profiles need "aws:RequestedRegion": "unspecified" permitted. An SCP that pins accounts to two regions will quietly break global routing. See using SCPs to restrict Bedrock for worked policies.

Rule of thumb: allow-list at the SCP layer by model family and region, then let each account's IAM policies do fine-grained scoping. SCPs are blunt instruments; keep them few and legible.

Quota: it lives where the call is made

Bedrock quotas are allocated per account, per region, and — importantly — per endpoint: the legacy bedrock-runtime endpoint and the newer bedrock-mantle endpoint track separate quota allocations even for the same Claude model. This drives the central architectural choice:

PatternHow it worksTrade-off
DistributedEach workload account calls Bedrock directlyQuota and cost isolation per team; more accounts to govern
CentralizedWorkload accounts assume a role into a central inference accountOne quota pool and one governance point; central account becomes a shared dependency

The centralized pattern is covered in cross-account Bedrock calls via role assumption. Whichever you choose, quota increases for bedrock-runtime go through the Service Quotas console, while bedrock-mantle increases require an AWS Support case naming the endpoint, region, model, and quota.

Observability across accounts

CloudTrail records Bedrock API calls in each account, and cross-region requests are logged in the source region with an additionalEventData.inferenceRegion field showing where processing happened. Model invocation logging (full request/response capture to CloudWatch Logs or S3) is configured per account and only supports destinations in the same account and region — so in a multi-account setup, plan for per-account logging configuration plus whatever central aggregation your organization already uses for other services. Note that invocation logging currently captures bedrock-runtime calls, not bedrock-mantle traffic.

Where to go next

Layer in IAM condition keys for per-model restrictions, and read cross-region inference profiles before writing region SCPs. The enterprise checklist covers the non-AWS parts of a rollout.

Sources