Using Your Own Amazon Bedrock Keys with Zed

| [OpenAI](#openai) | ✅ | | [OpenRouter](#openrouter) | ✅ | | [OpenAI API Compatible](#openai-api-compatible) | 🚫 | ## Use Your Own Keys {#use-your-own-keys} While Zed offers hosted versions of models through [our various plans](/ai/plans-and-usage), we're always happy to support users wanting to supply their own API keys. Below, you can learn how to do that for each provider. > Using your own API keys is _free_—you do not need to subscribe to a Zed plan to use our AI features with your own keys. ### Amazon Bedrock {#amazon-bedrock} > ✅ Supports tool use with models that support streaming tool use. > More details can be found in the [Amazon Bedrock's Tool Use documentation](https://docs.aws.amazon.com/bedrock/latest/userguide/conversation-inference-supported-models-features.html). To use Amazon Bedrock's models, an AWS authentication is required. Ensure your credentials have the following permissions set up: - `bedrock:InvokeModelWithResponseStream` - `bedrock:InvokeModel` - `bedrock:ConverseStream` Your IAM policy should look similar to: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream", "bedrock:ConverseStream" ], "Resource": "*" } ] } ``` With that done, choose one of the two authentication methods: #### Authentication via Named Profile (Recommended) 1. Ensure you have the AWS CLI installed and configured with a named profile 2. Open your `settings.json` (`zed: open settings`) and include the `bedrock` key under `language_models` with the following settings: ```json { "language_models": { "bedrock": { "authentication_method": "named_profile", "region": "your-aws-region", "profile": "your-profile-name" } } } ``` #### Authentication via Static Credentials While it's possible to configure through the Agent Panel settings UI by entering your AWS access key and secret directly, we recommend using named profiles instead for better security practices. To do this: 1. Create an IAM User that you can assume in the [IAM Console](https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/users). 2. Create security credentials for that User, save them and keep them secure. 3. Open the Agent Configuration with (`agent: open configuration`) and go to the Amazon Bedrock section 4. Copy the credentials from Step 2 into the respective **Access Key ID**, **Secret Access Key**, and **Region** fields. #### Cross-Region Inference The Zed implementation of Amazon Bedrock uses [Cross-Region inference](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) for all the models and region combinations that support it. With Cross-Region inference, you can distribute traffic across multiple AWS Regions, enabling higher throughput. For example, if you use `Claude Sonnet 3.7 Thinking` from `us-east-1`, it may be processed across the US regions, namely: `us-east-1`, `us-east-2`, or `us-west-2`. Cross-Region inference requests are kept within the AWS Regions that are part of the geography where the data originally resides. For example, a request made within the US is kept within the AWS Regions in the US. Although the data remains stored only in the source Region, your input prompts and output results might move outside of your source Region during cross-Region inference.

Zed allows users to use their own Amazon Bedrock API keys, offering more control and potentially cost savings. This requires setting up AWS authentication with specific permissions. The preferred method is using a named AWS CLI profile, which involves configuring the `settings.json` file with the profile name and AWS region. Alternatively, static credentials (access key and secret key) can be used, but this is less secure. Zed's Amazon Bedrock implementation supports Cross-Region inference for higher throughput, distributing traffic across multiple AWS Regions while keeping data within the same geography.