Eai.Adapter.Converse (eai v1.0.2)

Copy Markdown

AWS Bedrock Converse API wire format adapter with SigV4 signing.

Implements AWS Signature Version 4 for authenticating Bedrock Runtime requests. Credentials are read from the standard AWS environment variables:

  • AWS_ACCESS_KEY_ID (required)
  • AWS_SECRET_ACCESS_KEY (required)
  • AWS_SESSION_TOKEN (optional — for temporary credentials / IAM roles)
  • AWS_REGION (defaults to us-east-1)

SigV4 signing flow

Every to_request_body/5 call computes a fresh SigV4 signature:

  1. Build the canonical request (method, URI, sorted headers, payload hash)
  2. Build the string to sign (algorithm, timestamp, credential scope, canonical hash)
  3. Derive the signing key via four-round HMAC-SHA256 key derivation
  4. Attach Authorization + x-amz-date + x-amz-content-sha256 (+ optional x-amz-security-token) headers

The signed headers are returned in the adapter response map, and Eai.LLM.Direct passes adapter headers through unchanged (first clause: when headers != []).

Model config example

# config/models/claude_bedrock.exs
import Config
config :eai, :model_claude_bedrock,
  name: :claude_bedrock,
  model: "us.anthropic.claude-sonnet-4-20250514-v1:0",
  provider: :converse,
  region: "us-west-2",
  api_key_env: nil