Claude Platform on AWS in Practice

Claude Platform on AWS in CI/CD Pipelines

Pipelines that call Claude — for evaluation suites, doc generation, or AI-assisted checks — should hold zero long-lived credentials. OIDC federation plus a narrowly scoped IAM role gets you there.

Claude 3P 101 · Updated July 2026 · Unofficial guide

More CI/CD pipelines are calling Claude these days: running a prompt-regression suite before deploy, generating release notes, or checking that a new system prompt still passes golden test cases. The tempting shortcut is pasting an API key into pipeline secrets. On Claude Platform on AWS you can do strictly better, because authentication is AWS SigV4 — which means the pipeline can authenticate the same way it already authenticates to S3 or ECR: by assuming an IAM role through OIDC federation, with no stored secret at all.

How the credential flow works

OIDC (OpenID Connect) federation lets an external system prove its identity to AWS with a signed, short-lived token instead of a stored key. In GitHub Actions, the workflow requests an OIDC token from GitHub, exchanges it with AWS STS for temporary credentials tied to a role you define, and those credentials expire when the job ends. AWS CodeBuild is simpler still — the build runs under a service role natively. Either way, the Anthropic SDK needs no special handling: the AnthropicAWS client resolves credentials through the standard AWS provider chain, which explicitly supports web identity federation (the AWS_WEB_IDENTITY_TOKEN_FILE plus AWS_ROLE_ARN pattern used by GitHub Actions and Kubernetes IRSA). Temporary credentials also require the x-amz-security-token header on each request — the SDK adds it automatically.

# In the pipeline step, after the OIDC role assumption action has run:
# env: AWS_REGION=us-west-2, ANTHROPIC_AWS_WORKSPACE_ID=wrkspc_01AbCdEf23GhIj
from anthropic import AnthropicAWS

client = AnthropicAWS()  # picks up the job's temporary AWS credentials
resp = client.messages.create(
    model="claude-haiku-4-5", max_tokens=512,
    messages=[{"role": "user", "content": eval_case_prompt}])
print(resp.usage.input_tokens, resp.usage.output_tokens)

Scope the role like you mean it

The pipeline role should be able to run inference against one workspace and nothing else. Anthropic documents a minimal single-workspace inference policy for exactly this shape: allow CreateInference, CountTokens, GetModel, ListModels, and GetWorkspace on the workspace ARN (arn:aws:aws-external-anthropic:{region}:{account}:workspace/wrkspc_...). Prefer that over the managed AnthropicInferenceAccess policy for CI: the managed policy's Get*/List* wildcards apply to Resource: "*" and grant read access to all workspace content — file bytes, batch results, even session conversation history — far more than a test runner needs. Give CI its own dedicated workspace, too, so evaluation traffic never shares quota, cost reporting, or prompt caches with production.

One-time prerequisite: each AWS account must enable outbound web identity federation once (aws iam enable-outbound-web-identity-federation) before any Claude Platform on AWS request succeeds. If pipeline calls fail with "Outbound web identity federation is disabled for your account," that step was skipped — it is the most common setup error.

Auditability per run

Because every pipeline invocation is an assumed-role session, your audit story is per-run, not per-team-shared-key. Role assumptions land in CloudTrail as management events by default. The inference calls themselves are CloudTrail data events — logged only if you explicitly enable (paid) data event logging for the service, which is worth doing for a compliance-sensitive pipeline. Every response also carries two request IDs: x-amzn-requestid (indexed in CloudTrail, quote it to AWS support) and request-id (quote it to Anthropic support). Emit both, plus the token counts from usage, into your job logs so any surprising result or cost spike traces back to a specific commit and run.

When a bearer token is unavoidable

Some pipeline tooling only speaks "API key in a header." Rather than minting a long-lived key in the AWS Console, generate a short-term API key from the job's AWS credentials using Anthropic's token-generator libraries (Python, JavaScript, Java). The token lifetime is capped at the lesser of the requested duration, the underlying credentials' expiry, and 12 hours — a natural fit for a CI job. The token-using principal needs the aws-external-anthropic:CallWithBearerToken IAM action; and if the process can generate the token itself, it already has SigV4 credentials, so plain SigV4 is usually the simpler choice.

Where to go next

See short-term credentials for the token-generator pattern in detail, IAM policy templates for copy-ready policies, and Terraform for Claude Platform on AWS to manage the role itself as code.

Sources