C
Custom Aws Credentials
Powerful setting for configure, credential, management, bedrock. Includes structured workflows, validation checks, and reusable patterns for global.
SettingClipticsglobalv1.0.0MIT
0 views0 copies
Custom Aws Credentials
AWS credential management for Bedrock integration with custom refresh and export scripts.
When to Use This Setting
Apply this setting when you need to:
- Configure Claude Code to authenticate with AWS Bedrock using SSO profiles or rotating credentials
- Automate AWS credential refresh for long-running Claude Code sessions that outlast token expiry
- Integrate custom credential generation scripts for organizations with non-standard AWS auth workflows Consider alternatives when:
- You use static AWS access keys stored in ~/.aws/credentials that do not require periodic refresh
- Your Claude Code setup does not use AWS Bedrock and communicates directly with the Anthropic API
Quick Start
Configuration
name: custom-aws-credentials type: setting category: global
Example Application
claude setting:apply custom-aws-credentials
Example Output
Setting applied. Changes:
- awsAuthRefresh: aws sso login --profile myprofile
- awsCredentialExport: /bin/generate_aws_grant.sh
Core Concepts
AWS Authentication Flow Overview
| Aspect | Details |
|---|---|
| SSO Login | Initiates browser-based AWS SSO authentication for the specified profile |
| Credential Export | Runs a custom script that exports AWS_ACCESS_KEY_ID, SECRET, and SESSION_TOKEN |
| Auto-refresh | Claude Code triggers the refresh command when credentials expire mid-session |
| Profile Support | Works with named AWS profiles configured in ~/.aws/config |
Credential Lifecycle Architecture
+-------------------+
| Claude Code |
| Session Start |
+--------+----------+
|
v
+-------------------+ +-------------------+
| awsAuthRefresh | --> | AWS SSO Login |
| (aws sso login) | | (browser auth) |
+--------+----------+ +--------+----------+
| |
v v
+-------------------+ +-------------------+
| awsCredentialExport| --> | generate_aws |
| (custom script) | | _grant.sh |
+--------+----------+ +--------+----------+
| |
v v
+-------------------+ +-------------------+
| AWS Environment | | Bedrock API |
| Variables Set | --> | Calls Authorized |
+-------------------+ +-------------------+
Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
| awsAuthRefresh | string | N/A | Shell command to refresh AWS authentication, typically an SSO login command |
| awsCredentialExport | string | N/A | Path to script that exports AWS credential environment variables |
| description | string | N/A | Human-readable explanation of the credential management approach |
| AWS_PROFILE | string | "default" | AWS profile name used by the SSO login command |
| CLAUDE_CODE_USE_BEDROCK | string | "1" | Enable Bedrock as the model provider in a companion environment setting |
Best Practices
- Make credential export scripts idempotent - Your generate_aws_grant.sh script should check for valid existing credentials before initiating a new grant. This prevents unnecessary authentication prompts during rapid session restarts.
- Use named profiles for multi-account setups - If you work across multiple AWS accounts, create separate Claude Code settings for each account with the appropriate profile name in the awsAuthRefresh command.
- Set appropriate credential TTL - AWS SSO tokens typically expire after 8-12 hours. Schedule your Claude Code sessions accordingly or ensure the refresh command handles re-authentication gracefully.
- Secure your credential export script - The script at awsCredentialExport has access to sensitive credentials. Ensure it has restrictive file permissions (chmod 700) and is owned by your user account.
- Test the refresh flow manually first - Before applying this setting, run both commands manually in your terminal to verify they work correctly. This helps isolate whether issues are with the commands themselves or the Claude Code integration.
Common Issues
- SSO login opens browser but session is not detected - AWS SSO login requires a browser callback. If your browser does not redirect back correctly, check that the SSO start URL and region in your AWS config are accurate.
- Credential export script not found - Ensure the path in awsCredentialExport is absolute and the script is executable. Relative paths may resolve differently when invoked by Claude Code versus your shell.
- Credentials expire during long sessions - If your session outlasts the credential TTL, Claude Code should trigger awsAuthRefresh automatically. If this fails, verify that the refresh command exits with code 0 on success and non-zero on failure.
Community
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
#
Project Standards Config
Claude Code settings preset that enforces consistent coding standards. Configures TypeScript strict mode, ESLint rules, Prettier formatting, and naming conventions.
Setting
00
View ā#
Bedrock Configuration Blueprint
All-in-one setting covering configure, claude, code, amazon. Includes structured workflows, validation checks, and reusable patterns for api.
Setting
00
View ā#
Refined Corporate Preset
Production-ready setting that handles configure, proxy, settings, corporate. Includes structured workflows, validation checks, and reusable patterns for api.
Setting
00
View ā