feat(bedrock): add AWS SigV4 and STS web identity authentication

The Bedrock inference provider previously required a pre-signed bearer
token (AWS_BEARER_TOKEN_BEDROCK). This PR adds full AWS credential chain
support so Bedrock works natively in EKS/IRSA, GitHub Actions OIDC,
EC2, ECS, and Lambda without managing long-lived credentials.

When no api_key is configured, requests are signed using AWS SigV4 via
botocore. STS role assumption and web identity federation are supported
through RefreshableBotoSession, which refreshes credentials
automatically. Bearer token mode is unchanged — if api_key is set in
config or passed via x-llamastack-provider-data, it takes precedence.

Also corrects the endpoint URL from bedrock-mantle to
bedrock-runtime.<region>.amazonaws.com/openai/v1, and gates the
bedrock model in ci-tests on AWS_DEFAULT_REGION (works for both
bearer and SigV4 modes) instead of AWS_BEARER_TOKEN_BEDROCK.

Closes #4730

Signed-off-by: skamenan7 <skamenan@redhat.com>

Author: skamenan7

docs/docs/api-openai/provider_matrix.md

@@ -32,7 +32,7 @@ Models, endpoints, and versions used during test recordings.
 | Provider | Model(s) | Endpoint | Version Info |
 |----------|----------|----------|--------------|
 | azure | gpt-4o | llama-stack-test.openai.azure.com, lls-test.openai.azure.com | openai sdk: 2.5.0 |
-| bedrock | openai.gpt-oss-20b | bedrock-mantle.us-east-2.api.aws | openai sdk: 2.5.0 |
+| bedrock | openai.gpt-oss-20b | bedrock-runtime.us-east-2.amazonaws.com | openai sdk: 2.5.0 |
 | openai | gpt-4o, o4-mini, text-embedding-3-small | api.openai.com | openai sdk: 2.5.0 |
 | vllm | Qwen/Qwen3-0.6B | — | — |
 | watsonx | meta-llama/llama-3-3-70b-instruct | us-south.ml.cloud.ibm.com | openai sdk: 2.5.0 |

docs/docs/providers/inference/remote_bedrock.mdx

@@ -34,11 +34,25 @@ AWS Bedrock inference provider using OpenAI compatible endpoint.
 | `network.timeout.connect` | `float \| None` | No |  | Connection timeout in seconds. |
 | `network.timeout.read` | `float \| None` | No |  | Read timeout in seconds. |
 | `network.headers` | `dict[str, str] \| None` | No |  | Additional HTTP headers to include in all requests. |
-| `region_name` | `str` | No | us-east-2 | AWS Region for the Bedrock Runtime endpoint |
+| `aws_access_key_id` | `SecretStr \| None` | No |  | The AWS access key to use. Default use environment variable: AWS_ACCESS_KEY_ID |
+| `aws_secret_access_key` | `SecretStr \| None` | No |  | The AWS secret access key to use. Default use environment variable: AWS_SECRET_ACCESS_KEY |
+| `aws_session_token` | `SecretStr \| None` | No |  | The AWS session token to use. Default use environment variable: AWS_SESSION_TOKEN |
+| `aws_role_arn` | `str \| None` | No |  | The AWS role ARN to assume. Default use environment variable: AWS_ROLE_ARN |
+| `aws_web_identity_token_file` | `str \| None` | No |  | The path to the web identity token file. Default use environment variable: AWS_WEB_IDENTITY_TOKEN_FILE |
+| `aws_role_session_name` | `str \| None` | No |  | The session name to use when assuming a role. Default use environment variable: AWS_ROLE_SESSION_NAME |
+| `region_name` | `str \| None` | No | us-east-2 | AWS Region for the Bedrock Runtime endpoint |
+| `profile_name` | `str \| None` | No |  | The profile name that contains credentials to use.Default use environment variable: AWS_PROFILE |
+| `total_max_attempts` | `int \| None` | No |  | An integer representing the maximum number of attempts that will be made for a single request, including the initial attempt. Default use environment variable: AWS_MAX_ATTEMPTS |
+| `retry_mode` | `str \| None` | No |  | A string representing the type of retries Boto3 will perform.Default use environment variable: AWS_RETRY_MODE |
+| `connect_timeout` | `float \| None` | No | 60.0 | The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds. |
+| `read_timeout` | `float \| None` | No | 60.0 | The time in seconds till a timeout exception is thrown when attempting to read from a connection.The default is 60 seconds. |
+| `session_ttl` | `int \| None` | No | 3600 | The time in seconds till a session expires. The default is 3600 seconds (1 hour). |
 
 ## Sample Configuration
 
 ```yaml
 api_key: ${env.AWS_BEARER_TOKEN_BEDROCK:=}
 region_name: ${env.AWS_DEFAULT_REGION:=us-east-2}
+aws_role_arn: ${env.AWS_ROLE_ARN:=}
+aws_web_identity_token_file: ${env.AWS_WEB_IDENTITY_TOKEN_FILE:=}
 ```

docs/docs/providers/safety/remote_bedrock.mdx

@@ -36,6 +36,9 @@ AWS Bedrock safety provider for content moderation using AWS's safety services.
 | `aws_access_key_id` | `SecretStr \| None` | No |  | The AWS access key to use. Default use environment variable: AWS_ACCESS_KEY_ID |
 | `aws_secret_access_key` | `SecretStr \| None` | No |  | The AWS secret access key to use. Default use environment variable: AWS_SECRET_ACCESS_KEY |
 | `aws_session_token` | `SecretStr \| None` | No |  | The AWS session token to use. Default use environment variable: AWS_SESSION_TOKEN |
+| `aws_role_arn` | `str \| None` | No |  | The AWS role ARN to assume. Default use environment variable: AWS_ROLE_ARN |
+| `aws_web_identity_token_file` | `str \| None` | No |  | The path to the web identity token file. Default use environment variable: AWS_WEB_IDENTITY_TOKEN_FILE |
+| `aws_role_session_name` | `str \| None` | No |  | The session name to use when assuming a role. Default use environment variable: AWS_ROLE_SESSION_NAME |
 | `region_name` | `str \| None` | No |  | The default AWS Region to use, for example, us-west-1 or us-west-2.Default use environment variable: AWS_DEFAULT_REGION |
 | `profile_name` | `str \| None` | No |  | The profile name that contains credentials to use.Default use environment variable: AWS_PROFILE |
 | `total_max_attempts` | `int \| None` | No |  | An integer representing the maximum number of attempts that will be made for a single request, including the initial attempt. Default use environment variable: AWS_MAX_ATTEMPTS |

src/llama_stack/core/request_headers.py

@@ -7,13 +7,16 @@
 import contextvars
 import json
 from contextlib import AbstractContextManager
-from typing import Any, cast
+from typing import TYPE_CHECKING, Any, cast
 
 from llama_stack.core.datatypes import User
 from llama_stack.log import get_logger
 
 from .utils.dynamic import instantiate_class_type
 
+if TYPE_CHECKING:
+    from llama_stack_api import ProviderSpec
+
 log = get_logger(name=__name__, category="core")
 
 # Context variable for request provider data and auth attributes
@@ -24,6 +27,9 @@ class RequestProviderDataContext(AbstractContextManager[None]):
     """Context manager for request provider data"""
 
     def __init__(self, provider_data: dict[str, Any] | None = None, user: User | None = None) -> None:
+        if provider_data is not None and not isinstance(provider_data, dict):
+            log.error("Provider data must be a JSON object")
+            provider_data = None
         self.provider_data = provider_data or {}
         if user:
             self.provider_data["__authenticated_user"] = user
@@ -43,6 +49,8 @@ def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
 class NeedsRequestProviderData:
     """Mixin for providers that require per-request provider data from request headers."""
 
+    __provider_spec__: "ProviderSpec"
+
     def get_request_provider_data(self) -> Any:
         spec = getattr(self, "__provider_spec__", None)
         if not spec:
@@ -82,11 +90,20 @@ def parse_request_provider_data(headers: dict[str, str]) -> dict[str, Any] | Non
         return None
 
     try:
-        return cast(dict[str, Any], json.loads(val))
+        parsed = json.loads(val)
     except json.JSONDecodeError:
         log.error("Provider data not encoded as a JSON object!")
         return None
 
+    if parsed is None:
+        return None
+
+    if not isinstance(parsed, dict):
+        log.error("Provider data must be encoded as a JSON object")
+        return None
+
+    return cast(dict[str, Any], parsed)
+
 
 def request_provider_data_context(headers: dict[str, str], user: User | None = None) -> AbstractContextManager[None]:
     """Context manager that sets request provider data from headers and user for the duration of the context"""

src/llama_stack/distributions/ci-tests/ci_tests.py

@@ -52,9 +52,11 @@ def get_distribution_template() -> DistributionTemplate:
 
     # Bedrock model must be pre-registered because the recording system cannot
     # replay model-list discovery calls against the Bedrock endpoint in CI.
+    # Gate on AWS_DEFAULT_REGION (required for both bearer-token and SigV4 modes)
+    # rather than AWS_BEARER_TOKEN_BEDROCK so the model registers in OIDC/IRSA CI too.
     bedrock_model = ModelInput(
         model_id="bedrock/openai.gpt-oss-20b",
-        provider_id="${env.AWS_BEARER_TOKEN_BEDROCK:+bedrock}",
+        provider_id="${env.AWS_DEFAULT_REGION:+bedrock}",
         provider_model_id="openai.gpt-oss-20b",
         model_type=ModelType.llm,
     )

src/llama_stack/distributions/ci-tests/config.yaml

@@ -47,6 +47,8 @@ providers:
     config:
       api_key: ${env.AWS_BEARER_TOKEN_BEDROCK:=}
       region_name: ${env.AWS_DEFAULT_REGION:=us-east-2}
+      aws_role_arn: ${env.AWS_ROLE_ARN:=}
+      aws_web_identity_token_file: ${env.AWS_WEB_IDENTITY_TOKEN_FILE:=}
   - provider_id: ${env.NVIDIA_API_KEY:+nvidia}
     provider_type: remote::nvidia
     config:
@@ -301,7 +303,7 @@ registered_resources:
     model_type: llm
   - metadata: {}
     model_id: bedrock/openai.gpt-oss-20b
-    provider_id: ${env.AWS_BEARER_TOKEN_BEDROCK:+bedrock}
+    provider_id: ${env.AWS_DEFAULT_REGION:+bedrock}
     provider_model_id: openai.gpt-oss-20b
     model_type: llm
   shields:

src/llama_stack/distributions/ci-tests/run-with-postgres-store.yaml

@@ -47,6 +47,8 @@ providers:
     config:
       api_key: ${env.AWS_BEARER_TOKEN_BEDROCK:=}
       region_name: ${env.AWS_DEFAULT_REGION:=us-east-2}
+      aws_role_arn: ${env.AWS_ROLE_ARN:=}
+      aws_web_identity_token_file: ${env.AWS_WEB_IDENTITY_TOKEN_FILE:=}
   - provider_id: ${env.NVIDIA_API_KEY:+nvidia}
     provider_type: remote::nvidia
     config:
@@ -314,7 +316,7 @@ registered_resources:
     model_type: llm
   - metadata: {}
     model_id: bedrock/openai.gpt-oss-20b
-    provider_id: ${env.AWS_BEARER_TOKEN_BEDROCK:+bedrock}
+    provider_id: ${env.AWS_DEFAULT_REGION:+bedrock}
     provider_model_id: openai.gpt-oss-20b
     model_type: llm
   shields:

src/llama_stack/distributions/starter/config.yaml

@@ -47,6 +47,8 @@ providers:
     config:
       api_key: ${env.AWS_BEARER_TOKEN_BEDROCK:=}
       region_name: ${env.AWS_DEFAULT_REGION:=us-east-2}
+      aws_role_arn: ${env.AWS_ROLE_ARN:=}
+      aws_web_identity_token_file: ${env.AWS_WEB_IDENTITY_TOKEN_FILE:=}
   - provider_id: ${env.NVIDIA_API_KEY:+nvidia}
     provider_type: remote::nvidia
     config:

src/llama_stack/distributions/starter/run-with-postgres-store.yaml

@@ -47,6 +47,8 @@ providers:
     config:
       api_key: ${env.AWS_BEARER_TOKEN_BEDROCK:=}
       region_name: ${env.AWS_DEFAULT_REGION:=us-east-2}
+      aws_role_arn: ${env.AWS_ROLE_ARN:=}
+      aws_web_identity_token_file: ${env.AWS_WEB_IDENTITY_TOKEN_FILE:=}
   - provider_id: ${env.NVIDIA_API_KEY:+nvidia}
     provider_type: remote::nvidia
     config:

src/llama_stack/providers/registry/inference.py

@@ -121,7 +121,7 @@ def available_providers() -> list[ProviderSpec]:
             api=Api.inference,
             adapter_type="bedrock",
             provider_type="remote::bedrock",
-            pip_packages=[],
+            pip_packages=["boto3"],
             module="llama_stack.providers.remote.inference.bedrock",
             config_class="llama_stack.providers.remote.inference.bedrock.BedrockConfig",
             provider_data_validator="llama_stack.providers.remote.inference.bedrock.config.BedrockProviderDataValidator",