+ )
+ }
+
function OAuthCodeView() {
const [formStore, setFormStore] = createStore({
value: "",
@@ -481,6 +585,12 @@ export function DialogConnectProvider(props: { provider: string }) {
+
+
+
+
+
+
diff --git a/packages/app/src/i18n/en.ts b/packages/app/src/i18n/en.ts
index 97a572f1cf2..2332ab209b1 100644
--- a/packages/app/src/i18n/en.ts
+++ b/packages/app/src/i18n/en.ts
@@ -132,6 +132,21 @@ export const dict = {
"provider.connect.apiKey.label": "{{provider}} API key",
"provider.connect.apiKey.placeholder": "API key",
"provider.connect.apiKey.required": "API key is required",
+ "provider.connect.env.description":
+ "{{provider}} uses environment variables for authentication. Set one of the following in your shell profile (e.g. ~/.zshrc) or opencode.json config:",
+ "provider.connect.env.configHint": "Or configure in opencode.json:",
+ "provider.connect.env.desktopNote":
+ "If using the desktop app, you may need to restart it after changing your shell profile so the new environment is picked up.",
+ "provider.connect.method.env": "Environment variables",
+ "provider.connect.method.aws": "IAM credentials",
+ "provider.connect.aws.description":
+ "Enter your AWS IAM credentials to connect to Amazon Bedrock. You should use a properly scoped IAM user with Bedrock access.",
+ "provider.connect.aws.accessKeyId.label": "AWS access key ID",
+ "provider.connect.aws.accessKeyId.required": "Access key ID is required",
+ "provider.connect.aws.secretAccessKey.label": "AWS secret access key",
+ "provider.connect.aws.secretAccessKey.placeholder": "Secret access key",
+ "provider.connect.aws.secretAccessKey.required": "Secret access key is required",
+ "provider.connect.aws.region.label": "AWS region",
"provider.connect.opencodeZen.line1":
"OpenCode Zen gives you access to a curated set of reliable optimized models for coding agents.",
"provider.connect.opencodeZen.line2":
diff --git a/packages/opencode/src/auth/index.ts b/packages/opencode/src/auth/index.ts
index 80253a665e9..4a7fccda7fb 100644
--- a/packages/opencode/src/auth/index.ts
+++ b/packages/opencode/src/auth/index.ts
@@ -32,7 +32,16 @@ export namespace Auth {
})
.meta({ ref: "WellKnownAuth" })
- export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown]).meta({ ref: "Auth" })
+ export const Aws = z
+ .object({
+ type: z.literal("aws"),
+ accessKeyId: z.string(),
+ secretAccessKey: z.string(),
+ region: z.string().optional(),
+ })
+ .meta({ ref: "AwsAuth" })
+
+ export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown, Aws]).meta({ ref: "Auth" })
export type Info = z.infer
const filepath = path.join(Global.Path.data, "auth.json")
diff --git a/packages/opencode/src/cli/cmd/auth.ts b/packages/opencode/src/cli/cmd/auth.ts
index 38fba0ce703..cf3db00be68 100644
--- a/packages/opencode/src/cli/cmd/auth.ts
+++ b/packages/opencode/src/cli/cmd/auth.ts
@@ -422,13 +422,70 @@ export const AuthLoginCommand = cmd({
}
if (provider === "amazon-bedrock") {
- prompts.log.info(
- "Amazon Bedrock authentication priority:\n" +
- " 1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" +
- " 2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" +
- "Configure via opencode.json options (profile, region, endpoint) or\n" +
- "AWS environment variables (AWS_PROFILE, AWS_REGION, AWS_ACCESS_KEY_ID, AWS_WEB_IDENTITY_TOKEN_FILE).",
- )
+ const method = await prompts.select({
+ message: "Select authentication method",
+ options: [
+ { value: "aws", label: "IAM credentials (Access Key ID + Secret Access Key)" },
+ { value: "bearer", label: "Bearer token" },
+ { value: "env", label: "Environment variables (view guidance)" },
+ ],
+ })
+ if (prompts.isCancel(method)) throw new UI.CancelledError()
+
+ if (method === "env") {
+ prompts.log.info(
+ "Set one of the following environment variables in your shell profile:\n" +
+ " • AWS_PROFILE\n" +
+ " • AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY\n" +
+ " • AWS_BEARER_TOKEN_BEDROCK\n\n" +
+ "If using the desktop app, restart it after changing your shell profile.",
+ )
+ prompts.outro("Done")
+ return
+ }
+
+ if (method === "aws") {
+ const accessKeyId = await prompts.text({
+ message: "AWS Access Key ID",
+ placeholder: "AKIA...",
+ validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+ })
+ if (prompts.isCancel(accessKeyId)) throw new UI.CancelledError()
+
+ const secretAccessKey = await prompts.password({
+ message: "AWS Secret Access Key",
+ validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+ })
+ if (prompts.isCancel(secretAccessKey)) throw new UI.CancelledError()
+
+ const region = await prompts.text({
+ message: "AWS Region",
+ placeholder: "us-east-1",
+ defaultValue: "us-east-1",
+ })
+ if (prompts.isCancel(region)) throw new UI.CancelledError()
+
+ await Auth.set(provider, {
+ type: "aws",
+ accessKeyId,
+ secretAccessKey,
+ region: region || "us-east-1",
+ })
+ prompts.outro("Done")
+ return
+ }
+
+ const key = await prompts.password({
+ message: "Enter your bearer token",
+ validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+ })
+ if (prompts.isCancel(key)) throw new UI.CancelledError()
+ await Auth.set(provider, {
+ type: "api",
+ key,
+ })
+ prompts.outro("Done")
+ return
}
if (provider === "opencode") {
diff --git a/packages/opencode/src/provider/auth.ts b/packages/opencode/src/provider/auth.ts
index e6681ff0891..55260c49f49 100644
--- a/packages/opencode/src/provider/auth.ts
+++ b/packages/opencode/src/provider/auth.ts
@@ -20,17 +20,32 @@ export namespace ProviderAuth {
export const Method = z
.object({
- type: z.union([z.literal("oauth"), z.literal("api")]),
+ type: z.union([z.literal("oauth"), z.literal("api"), z.literal("env"), z.literal("aws")]),
label: z.string(),
+ env: z.array(z.string()).optional(),
})
.meta({
ref: "ProviderAuthMethod",
})
export type Method = z.infer
+ const ENV_AUTH_PROVIDERS: Record = {
+ "amazon-bedrock": [
+ {
+ type: "aws",
+ label: "IAM credentials",
+ },
+ {
+ type: "env",
+ label: "Environment variables",
+ env: ["AWS_PROFILE", "AWS_ACCESS_KEY_ID", "AWS_BEARER_TOKEN_BEDROCK"],
+ },
+ ],
+ }
+
export async function methods() {
const s = await state().then((x) => x.methods)
- return mapValues(s, (x) =>
+ const result = mapValues(s, (x) =>
x.methods.map(
(y): Method => ({
type: y.type,
@@ -38,6 +53,11 @@ export namespace ProviderAuth {
}),
),
)
+ for (const [providerID, methods] of Object.entries(ENV_AUTH_PROVIDERS)) {
+ if (!result[providerID]) result[providerID] = []
+ result[providerID].push(...methods)
+ }
+ return result
}
export const Authorization = z
diff --git a/packages/opencode/src/provider/provider.ts b/packages/opencode/src/provider/provider.ts
index b4836ae047d..f077eb9bfad 100644
--- a/packages/opencode/src/provider/provider.ts
+++ b/packages/opencode/src/provider/provider.ts
@@ -215,17 +215,18 @@ export namespace Provider {
const auth = await Auth.get("amazon-bedrock")
- // Region precedence: 1) config file, 2) env var, 3) default
+ // Region precedence: 1) config file, 2) auth.json aws creds, 3) env var, 4) default
const configRegion = providerConfig?.options?.region
+ const authRegion = auth?.type === "aws" ? auth.region : undefined
const envRegion = Env.get("AWS_REGION")
- const defaultRegion = configRegion ?? envRegion ?? "us-east-1"
+ const defaultRegion = configRegion ?? authRegion ?? envRegion ?? "us-east-1"
// Profile: config file takes precedence over env var
const configProfile = providerConfig?.options?.profile
const envProfile = Env.get("AWS_PROFILE")
const profile = configProfile ?? envProfile
- const awsAccessKeyId = Env.get("AWS_ACCESS_KEY_ID")
+ const awsAccessKeyId = auth?.type === "aws" ? auth.accessKeyId : Env.get("AWS_ACCESS_KEY_ID")
// TODO: Using process.env directly because Env.set only updates a process.env shallow copy,
// until the scope of the Env API is clarified (test only or runtime?)
@@ -255,6 +256,12 @@ export namespace Provider {
// Only use credential chain if no bearer token exists
// Bearer token takes precedence over credential chain (profiles, access keys, IAM roles, web identity tokens)
if (!awsBearerToken) {
+ if (auth?.type === "aws") {
+ process.env.AWS_ACCESS_KEY_ID = auth.accessKeyId
+ process.env.AWS_SECRET_ACCESS_KEY = auth.secretAccessKey
+ if (auth.region) process.env.AWS_REGION = auth.region
+ }
+
// Build credential provider options (only pass profile if specified)
const credentialProviderOptions = profile ? { profile } : {}
diff --git a/packages/opencode/test/provider/amazon-bedrock.test.ts b/packages/opencode/test/provider/amazon-bedrock.test.ts
index cb64455b4dd..034da658bba 100644
--- a/packages/opencode/test/provider/amazon-bedrock.test.ts
+++ b/packages/opencode/test/provider/amazon-bedrock.test.ts
@@ -134,6 +134,69 @@ test("Bedrock: loads when bearer token from auth.json is present", async () => {
}
})
+test("Bedrock: loads when IAM credentials from auth.json are present", async () => {
+ await using tmp = await tmpdir({
+ init: async (dir) => {
+ await Filesystem.write(
+ path.join(dir, "opencode.json"),
+ JSON.stringify({
+ $schema: "https://opencode.ai/config.json",
+ provider: {
+ "amazon-bedrock": {
+ options: {
+ region: "us-west-2",
+ },
+ },
+ },
+ }),
+ )
+ },
+ })
+
+ const authPath = path.join(Global.Path.data, "auth.json")
+
+ let originalAuth: string | undefined
+ try {
+ originalAuth = await Filesystem.readText(authPath)
+ } catch {
+ // File doesn't exist, that's fine
+ }
+
+ try {
+ await Filesystem.write(
+ authPath,
+ JSON.stringify({
+ "amazon-bedrock": {
+ type: "aws",
+ accessKeyId: "test-access-key-id",
+ secretAccessKey: "test-secret-key",
+ region: "us-west-2",
+ },
+ }),
+ )
+
+ await Instance.provide({
+ directory: tmp.path,
+ init: async () => {
+ Env.set("AWS_PROFILE", "")
+ Env.set("AWS_ACCESS_KEY_ID", "")
+ Env.set("AWS_BEARER_TOKEN_BEDROCK", "")
+ },
+ fn: async () => {
+ const providers = await Provider.list()
+ expect(providers["amazon-bedrock"]).toBeDefined()
+ expect(providers["amazon-bedrock"].options?.region).toBe("us-west-2")
+ },
+ })
+ } finally {
+ if (originalAuth !== undefined) {
+ await Filesystem.write(authPath, originalAuth)
+ } else {
+ await unlink(authPath).catch(() => {})
+ }
+ }
+})
+
test("Bedrock: config profile takes precedence over AWS_PROFILE env var", async () => {
await using tmp = await tmpdir({
init: async (dir) => {
diff --git a/packages/sdk/js/src/v2/gen/types.gen.ts b/packages/sdk/js/src/v2/gen/types.gen.ts
index 71e075b3916..c90f0a2dc82 100644
--- a/packages/sdk/js/src/v2/gen/types.gen.ts
+++ b/packages/sdk/js/src/v2/gen/types.gen.ts
@@ -1527,7 +1527,14 @@ export type WellKnownAuth = {
token: string
}
-export type Auth = OAuth | ApiAuth | WellKnownAuth
+export type AwsAuth = {
+ type: "aws"
+ accessKeyId: string
+ secretAccessKey: string
+ region?: string
+}
+
+export type Auth = OAuth | ApiAuth | WellKnownAuth | AwsAuth
export type NotFoundError = {
name: "NotFoundError"
@@ -1760,8 +1767,9 @@ export type SubtaskPartInput = {
}
export type ProviderAuthMethod = {
- type: "oauth" | "api"
+ type: "oauth" | "api" | "env" | "aws"
label: string
+ env?: Array
}
export type ProviderAuthAuthorization = {
diff --git a/packages/web/src/content/docs/ar/config.mdx b/packages/web/src/content/docs/ar/config.mdx
index 5a1c294bf21..d88b7db9ad1 100644
--- a/packages/web/src/content/docs/ar/config.mdx
+++ b/packages/web/src/content/docs/ar/config.mdx
@@ -291,7 +291,7 @@ opencode run "Hello world"
- `endpoint` - عنوان URL لنقطة نهاية مخصصة لنقاط نهاية VPC. هذا اسم بديل للخيار العام `baseURL` باستخدام مصطلحات AWS. إذا تم تحديدهما معًا، تكون أولوية `endpoint` أعلى.
:::note
-لرموز Bearer (`AWS_BEARER_TOKEN_BEDROCK` أو `/connect`) أولوية أعلى من المصادقة القائمة على ملف التعريف. راجع [أولوية المصادقة](/docs/providers#authentication-precedence) للتفاصيل.
+لرموز Bearer (`AWS_BEARER_TOKEN_BEDROCK` أو `/connect`) أولوية أعلى من جميع طرق المصادقة الأخرى. بيانات اعتماد IAM المخزنة عبر `/connect` تُحقن في سلسلة بيانات اعتماد AWS. راجع [أولوية المصادقة](/docs/providers#authentication-precedence) للتفاصيل.
:::
[تعرف على المزيد حول إعداد Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/ar/providers.mdx b/packages/web/src/content/docs/ar/providers.mdx
index f5dd70125f9..987712dbc15 100644
--- a/packages/web/src/content/docs/ar/providers.mdx
+++ b/packages/web/src/content/docs/ar/providers.mdx
@@ -165,6 +165,16 @@ OpenCode Go هي خطة اشتراك منخفضة التكلفة توفّر وص
2. **اضبط المصادقة** باستخدام إحدى الطرق التالية:
+ ***
+
+ #### الأمر `/connect`
+
+ شغّل الأمر `/connect`، واختر **Amazon Bedrock**، ثم اختر إحدى الطريقتين:
+ - **بيانات اعتماد IAM** — أدخل معرّف مفتاح الوصول ومفتاح الوصول السري والمنطقة مباشرةً في OpenCode.
+ - **متغيرات البيئة** — اعرض متغيرات البيئة التي يجب ضبطها في ملف shell profile.
+
+ ***
+
#### متغيرات البيئة (بدء سريع)
عيّن أحد متغيرات البيئة التالية أثناء تشغيل opencode:
@@ -246,7 +256,8 @@ OpenCode Go هي خطة اشتراك منخفضة التكلفة توفّر وص
يستخدم Amazon Bedrock أولوية المصادقة التالية:
1. **Bearer Token** - متغير البيئة `AWS_BEARER_TOKEN_BEDROCK` أو الرمز من الأمر `/connect`
- 2. **AWS Credential Chain** - الملف الشخصي، مفاتيح الوصول، بيانات الاعتماد المشتركة، أدوار IAM، رموز Web Identity (EKS IRSA)، بيانات تعريف المثيل
+ 2. **IAM Credentials** - مخزنة عبر `/connect` > بيانات اعتماد IAM (تُحقن في سلسلة بيانات الاعتماد)
+ 3. **AWS Credential Chain** - الملف الشخصي، مفاتيح الوصول، بيانات الاعتماد المشتركة، أدوار IAM، رموز Web Identity (EKS IRSA)، بيانات تعريف المثيل
:::note
عند تعيين bearer token (عبر `/connect` أو `AWS_BEARER_TOKEN_BEDROCK`)، ستكون له أولوية على جميع طرق بيانات اعتماد AWS بما في ذلك ملفات التعريف المضبوطة.
diff --git a/packages/web/src/content/docs/bs/config.mdx b/packages/web/src/content/docs/bs/config.mdx
index 3183a2f92df..c97b819cde7 100644
--- a/packages/web/src/content/docs/bs/config.mdx
+++ b/packages/web/src/content/docs/bs/config.mdx
@@ -291,7 +291,7 @@ Amazon Bedrock podržava konfiguraciju specifičnu za AWS:
- `endpoint` - URL prilagođene krajnje tačke za VPC krajnje tačke. Ovo je alias za generičku opciju `baseURL` koristeći terminologiju specifičnu za AWS. Ako su oba navedena, `endpoint` ima prednost.
:::note
-Tokeni nosioca (`AWS_BEARER_TOKEN_BEDROCK` ili `/connect`) imaju prednost nad autentifikacijom zasnovanom na profilu. Pogledajte [prednost autentifikacije](/docs/providers#authentication-precedence) za detalje.
+Tokeni nosioca (`AWS_BEARER_TOKEN_BEDROCK` ili `/connect`) imaju prednost nad svim ostalim metodama autentifikacije. IAM akreditivi pohranjeni putem `/connect` ubacuju se u AWS lanac akreditiva. Pogledajte [prednost autentifikacije](/docs/providers#authentication-precedence) za detalje.
:::
[Saznajte više o konfiguraciji Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/bs/providers.mdx b/packages/web/src/content/docs/bs/providers.mdx
index 6bdcf457785..fbb4e301c6b 100644
--- a/packages/web/src/content/docs/bs/providers.mdx
+++ b/packages/web/src/content/docs/bs/providers.mdx
@@ -166,6 +166,16 @@ Da biste koristili Amazon Bedrock s OpenCode:
2. **Konfigurirajte autentifikaciju** koristeći jedan od sljedećih metoda:
+ ***
+
+ #### Naredba `/connect`
+
+ Pokrenite naredbu `/connect`, odaberite **Amazon Bedrock** i izaberite jednu od opcija:
+ - **IAM akreditivi** — unesite svoj Access Key ID, Secret Access Key i regiju direktno u OpenCode.
+ - **Varijable okruženja** — pogledajte koje varijable okruženja trebate postaviti u svom shell profilu.
+
+ ***
+
#### Varijable okruženja (Brzi početak)
Postavite jednu od ovih varijabli okruženja dok pokrećete opencode:
@@ -251,7 +261,8 @@ Opcija `endpoint` je pseudonim za generičku opciju `baseURL`, koristeći termin
Amazon Bedrock koristi sljedeći prioritet autentifikacije:
1. **Token nosioca** - `AWS_BEARER_TOKEN_BEDROCK` varijabla okruženja ili token iz naredbe `/connect`
-2. **AWS lanac vjerodajnica** - profil, pristupni ključevi, dijeljeni vjerodajnici, IAM uloge, tokeni web identiteta (EKS IRSA), metapodaci instance
+2. **IAM Credentials** - Pohranjeno putem `/connect` > IAM akreditive (ubačeno u lanac akreditiva)
+3. **AWS lanac vjerodajnica** - profil, pristupni ključevi, dijeljeni vjerodajnici, IAM uloge, tokeni web identiteta (EKS IRSA), metapodaci instance
:::note
Kada se postavi token nosioca (putem `/connect` ili `AWS_BEARER_TOKEN_BEDROCK`), on ima prednost nad svim AWS metodama akreditiva uključujući konfigurirane profile.
diff --git a/packages/web/src/content/docs/config.mdx b/packages/web/src/content/docs/config.mdx
index 038f253274e..ff65c2109db 100644
--- a/packages/web/src/content/docs/config.mdx
+++ b/packages/web/src/content/docs/config.mdx
@@ -295,7 +295,7 @@ Amazon Bedrock supports AWS-specific configuration:
- `endpoint` - Custom endpoint URL for VPC endpoints. This is an alias for the generic `baseURL` option using AWS-specific terminology. If both are specified, `endpoint` takes precedence.
:::note
-Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` or `/connect`) take precedence over profile-based authentication. See [authentication precedence](/docs/providers#authentication-precedence) for details.
+Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` or `/connect`) take precedence over all other auth methods. IAM credentials stored via `/connect` are injected into the AWS credential chain. See [authentication precedence](/docs/providers#authentication-precedence) for details.
:::
[Learn more about Amazon Bedrock configuration](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/da/config.mdx b/packages/web/src/content/docs/da/config.mdx
index 18b462580b7..4bc560e2f99 100644
--- a/packages/web/src/content/docs/da/config.mdx
+++ b/packages/web/src/content/docs/da/config.mdx
@@ -293,7 +293,7 @@ Amazon Bedrock understøtter AWS-specifik konfiguration:
- `endpoint` - Brugerdefineret slutpunkt URL for VPC-endepunkter. Dette er et alias for den generiske `baseURL`-indstilling, der bruger AWS-specifik terminologi. Hvis begge er angivet, har `endpoint` forrang.
:::note
-Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over profilbaseret godkendelse. Se [authentication precedence](/docs/providers#authentication-precedence) for detaljer.
+Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over alle andre godkendelsesmetoder. IAM-legitimationsoplysninger gemt via `/connect` injiceres i AWS-legitimationskæden. Se [authentication precedence](/docs/providers#authentication-precedence) for detaljer.
:::
[Learn more about Amazon Bedrock configuration](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/da/providers.mdx b/packages/web/src/content/docs/da/providers.mdx
index c5cfe23fa88..f016f945a32 100644
--- a/packages/web/src/content/docs/da/providers.mdx
+++ b/packages/web/src/content/docs/da/providers.mdx
@@ -161,6 +161,16 @@ Sådan bruger du Amazon Bedrock med OpenCode:
2. **Konfigurer godkendelse** ved at bruge en af følgende metoder:
+ ***
+
+ #### Kommandoen `/connect`
+
+ Kør kommandoen `/connect`, vælg **Amazon Bedrock**, og vælg enten:
+ - **IAM-legitimationsoplysninger** — indtast dit Access Key ID, Secret Access Key og region direkte i OpenCode.
+ - **Miljøvariabler** — se hvilke miljøvariabler der skal sættes i din shell-profil.
+
+ ***
+
#### Miljøvariabler (hurtigstart)
Angiv en af disse miljøvariabler, mens du kører opencode:
@@ -243,7 +253,8 @@ Sådan bruger du Amazon Bedrock med OpenCode:
Amazon Bedrock bruger følgende godkendelsesprioritet:
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` miljøvariabel eller token fra kommandoen `/connect`
- 2. **AWS legitimationskæde** - profil, adgangsnøgler, delte legitimationsoplysninger, IAM roller, webidentitetstokens (EKS IRSA), instansmetadata
+ 2. **IAM Credentials** - Gemt via `/connect` > IAM-legitimationsoplysninger (injiceret i legitimationskæden)
+ 3. **AWS legitimationskæde** - profil, adgangsnøgler, delte legitimationsoplysninger, IAM roller, webidentitetstokens (EKS IRSA), instansmetadata
:::note
Når et bearer token er angivet (via `/connect` eller `AWS_BEARER_TOKEN_BEDROCK`), har det forrang over alle AWS godkendelsesmetoder inklusiv konfigurerede profiler.
diff --git a/packages/web/src/content/docs/de/config.mdx b/packages/web/src/content/docs/de/config.mdx
index 0a2040be7a1..eb5f6f6fa98 100644
--- a/packages/web/src/content/docs/de/config.mdx
+++ b/packages/web/src/content/docs/de/config.mdx
@@ -292,7 +292,7 @@ Amazon Bedrock unterstützt AWS-spezifische Konfigurationen:
- `endpoint` – Benutzerdefinierter Endpunkt URL für VPC-Endpunkte. Dies ist ein Alias für die generische Option `baseURL` unter Verwendung der AWS-spezifischen Terminologie. Wenn beide angegeben sind, hat `endpoint` Vorrang.
:::note
-Inhabertoken (`AWS_BEARER_TOKEN_BEDROCK` oder `/connect`) haben Vorrang vor der profilbasierten Authentifizierung. Weitere Informationen finden Sie unter [Authentifizierungs-Rangfolge](/docs/providers#authentication-precedence).
+Inhabertoken (`AWS_BEARER_TOKEN_BEDROCK` oder `/connect`) haben Vorrang vor allen anderen Authentifizierungsmethoden. Über `/connect` gespeicherte IAM-Anmeldeinformationen werden in die AWS-Credential-Chain eingefügt. Weitere Informationen finden Sie unter [Authentifizierungs-Rangfolge](/docs/providers#authentication-precedence).
:::
[Erfahren Sie mehr über die Amazon Bedrock-Konfiguration](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/de/providers.mdx b/packages/web/src/content/docs/de/providers.mdx
index fa447594d62..80ebd1ea0ad 100644
--- a/packages/web/src/content/docs/de/providers.mdx
+++ b/packages/web/src/content/docs/de/providers.mdx
@@ -166,6 +166,16 @@ So verwenden Sie Amazon Bedrock mit OpenCode:
2. **Konfigurieren Sie die Authentifizierung** mit einer der folgenden Methoden:
+ ***
+
+ #### Der Befehl `/connect`
+
+ Führen Sie den Befehl `/connect` aus, wählen Sie **Amazon Bedrock** und wählen Sie eine der folgenden Optionen:
+ - **IAM-Anmeldeinformationen** — geben Sie Ihre Access Key ID, Ihren Secret Access Key und die Region direkt in OpenCode ein.
+ - **Umgebungsvariablen** — sehen Sie, welche Umgebungsvariablen in Ihrem Shell-Profil gesetzt werden müssen.
+
+ ***
+
#### Umgebungsvariablen (Schnellstart)
Legen Sie eine dieser Umgebungsvariablen fest, während Sie OpenCode ausführen:
@@ -248,7 +258,8 @@ So verwenden Sie Amazon Bedrock mit OpenCode:
Amazon Bedrock verwendet die folgende Authentifizierungspriorität:
1. **Bearer-Token** – `AWS_BEARER_TOKEN_BEDROCK`-Umgebungsvariable oder Token aus dem `/connect`-Befehl
- 2. **AWS Anmeldeinformationskette** – Profil, Zugriffsschlüssel, gemeinsame Anmeldeinformationen, IAM Rollen, Web-Identitätstoken (EKS IRSA), Instanzmetadaten
+ 2. **IAM Credentials** - Gespeichert über `/connect` > IAM-Anmeldeinformationen (in die Credential Chain eingefügt)
+ 3. **AWS Anmeldeinformationskette** – Profil, Zugriffsschlüssel, gemeinsame Anmeldeinformationen, IAM Rollen, Web-Identitätstoken (EKS IRSA), Instanzmetadaten
:::note
Wenn ein Inhabertoken festgelegt ist (über `/connect` oder `AWS_BEARER_TOKEN_BEDROCK`), hat es Vorrang vor allen AWS-Anmeldeinformationsmethoden, einschließlich konfigurierter Profile.
diff --git a/packages/web/src/content/docs/es/config.mdx b/packages/web/src/content/docs/es/config.mdx
index c6142e69901..ea5b753859c 100644
--- a/packages/web/src/content/docs/es/config.mdx
+++ b/packages/web/src/content/docs/es/config.mdx
@@ -292,7 +292,7 @@ Amazon Bedrock admite la configuración específica de AWS:
- `endpoint`: URL de punto de enlace personalizada para puntos de enlace de VPC. Este es un alias para la opción genérica `baseURL` que utiliza terminología específica de AWS. Si se especifican ambos, `endpoint` tiene prioridad.
:::note
-Los tokens de portador (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) tienen prioridad sobre la autenticación basada en perfil. Consulte [precedencia de autenticación](/docs/providers#authentication-precedence) para obtener más detalles.
+Los tokens de portador (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) tienen prioridad sobre todos los demás métodos de autenticación. Las credenciales IAM almacenadas a través de `/connect` se inyectan en la cadena de credenciales de AWS. Consulte [precedencia de autenticación](/docs/providers#authentication-precedence) para obtener más detalles.
:::
[Obtenga más información sobre la configuración de Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/es/providers.mdx b/packages/web/src/content/docs/es/providers.mdx
index 2ee033f00d0..9c47068f99f 100644
--- a/packages/web/src/content/docs/es/providers.mdx
+++ b/packages/web/src/content/docs/es/providers.mdx
@@ -167,6 +167,16 @@ Para usar Amazon Bedrock con OpenCode:
2. **Configure la autenticación** utilizando uno de los siguientes métodos:
+ ***
+
+ #### Comando `/connect`
+
+ Ejecute el comando `/connect`, seleccione **Amazon Bedrock** y elija una de las opciones:
+ - **Credenciales IAM** — ingrese su Access Key ID, Secret Access Key y región directamente en OpenCode.
+ - **Variables de entorno** — vea qué variables de entorno configurar en su perfil de shell.
+
+ ***
+
#### Variables de entorno (Inicio rápido)
Establezca una de estas variables de entorno mientras ejecuta opencode:
@@ -249,7 +259,8 @@ Para usar Amazon Bedrock con OpenCode:
Amazon Bedrock utiliza la siguiente prioridad de autenticación:
1. **Bearer token** - variable de entorno `AWS_BEARER_TOKEN_BEDROCK` o token del comando `/connect`
- 2. **AWS Cadena de credenciales**: perfil, claves de acceso, credenciales compartidas, roles de IAM, tokens de identidad web (EKS IRSA), metadatos de instancia
+ 2. **IAM Credentials** - Almacenadas a través de `/connect` > credenciales IAM (inyectadas en la cadena de credenciales)
+ 3. **AWS Cadena de credenciales**: perfil, claves de acceso, credenciales compartidas, roles de IAM, tokens de identidad web (EKS IRSA), metadatos de instancia
:::nota
Cuando se define un bearer token (a traves de `/connect` o `AWS_BEARER_TOKEN_BEDROCK`), tiene prioridad sobre todos los metodos de credenciales de AWS, incluidos los perfiles configurados.
diff --git a/packages/web/src/content/docs/fr/config.mdx b/packages/web/src/content/docs/fr/config.mdx
index c576fe2da11..bc97e528186 100644
--- a/packages/web/src/content/docs/fr/config.mdx
+++ b/packages/web/src/content/docs/fr/config.mdx
@@ -292,7 +292,7 @@ Amazon Bedrock prend en charge la configuration spécifique à AWS :
- `endpoint` - Point de terminaison personnalisé URL pour les points de terminaison d'un VPC. Il s'agit d'un alias pour l'option générique `baseURL` utilisant la terminologie spécifique à AWS. Si les deux sont spécifiés, `endpoint` est prioritaire.
:::note
-Les jetons du porteur (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) ont priorité sur l'authentification basée sur le profil. Voir [précédence d'authentification](/docs/providers#authentication-precedence) pour plus de détails.
+Les jetons du porteur (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) ont priorité sur toutes les autres méthodes d'authentification. Les identifiants IAM stockés via `/connect` sont injectés dans la chaîne de credentials AWS. Voir [précédence d'authentification](/docs/providers#authentication-precedence) pour plus de détails.
:::
[En savoir plus sur la configuration d'Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/fr/providers.mdx b/packages/web/src/content/docs/fr/providers.mdx
index 36e1ed2d2bf..41e023f24bb 100644
--- a/packages/web/src/content/docs/fr/providers.mdx
+++ b/packages/web/src/content/docs/fr/providers.mdx
@@ -165,7 +165,17 @@ Pour utiliser Amazon Bedrock avec OpenCode :
Vous devez avoir accès au modèle souhaité dans Amazon Bedrock.
:::
-2. **Configurez l'authentification** à l'aide de l'une des méthodes suivantes :
+2. **Configurez l'authentification** à l'aide de l'une des méthodes suivantes :
+
+ ***
+
+ #### Commande /connect
+
+ Exécutez la commande `/connect`, sélectionnez **Amazon Bedrock**, puis choisissez :
+ - **IAM credentials** — saisissez votre Access Key ID, Secret Access Key et la région directement dans OpenCode.
+ - **Variables d'environnement** — consultez les variables d'environnement à définir dans votre profil shell.
+
+ ***
#### Variables d'environnement (démarrage rapide)
@@ -252,7 +262,8 @@ L'option `endpoint` est un alias pour l'option générique `baseURL`, utilisant
Amazon Bedrock utilise la priorité d'authentification suivante :
1. **Bearer Token** - Variable d'environnement `AWS_BEARER_TOKEN_BEDROCK` ou jeton de la commande `/connect`
-2. **AWS Credential Chain** - Profil, clés d'accès, informations d'identification partagées, rôles IAM, jetons d'identité Web (EKS IRSA), métadonnées d'instance
+2. **IAM Credentials** - Stockées via `/connect` > identifiants IAM (injectées dans la chaîne de credentials)
+3. **AWS Credential Chain** - Profil, clés d'accès, informations d'identification partagées, rôles IAM, jetons d'identité Web (EKS IRSA), métadonnées d'instance
:::note
Lorsqu'un jeton de porteur est défini (via `/connect` ou `AWS_BEARER_TOKEN_BEDROCK`), il est prioritaire sur toutes les méthodes d'identification AWS, y compris les profils configurés.
diff --git a/packages/web/src/content/docs/it/config.mdx b/packages/web/src/content/docs/it/config.mdx
index 05741e172ed..2c46fb42a0b 100644
--- a/packages/web/src/content/docs/it/config.mdx
+++ b/packages/web/src/content/docs/it/config.mdx
@@ -291,7 +291,7 @@ Amazon Bedrock supporta una configurazione specifica per AWS:
- `endpoint` - URL endpoint personalizzato per gli endpoint VPC. E un alias dell'opzione generica `baseURL` usando la terminologia AWS. Se sono specificati sia `endpoint` sia `baseURL`, `endpoint` ha precedenza.
:::note
-I bearer token (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) hanno precedenza sull'autenticazione basata su profilo. Vedi [ordine di precedenza dell'autenticazione](/docs/providers#authentication-precedence) per i dettagli.
+I bearer token (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) hanno precedenza su tutti gli altri metodi di autenticazione. Le credenziali IAM memorizzate tramite `/connect` vengono iniettate nella catena delle credenziali AWS. Vedi [ordine di precedenza dell'autenticazione](/docs/providers#authentication-precedence) per i dettagli.
:::
[Scopri di piu sulla configurazione di Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/it/providers.mdx b/packages/web/src/content/docs/it/providers.mdx
index c0c5489d080..5b7a4f4fa5b 100644
--- a/packages/web/src/content/docs/it/providers.mdx
+++ b/packages/web/src/content/docs/it/providers.mdx
@@ -137,6 +137,14 @@ Per usare Amazon Bedrock con OpenCode:
***
+ #### Comando /connect
+
+ Esegui il comando `/connect`, seleziona **Amazon Bedrock** e scegli tra:
+ - **IAM credentials** — inserisci Access Key ID, Secret Access Key e regione direttamente in OpenCode.
+ - **Variabili d'ambiente** — visualizza quali variabili d'ambiente impostare nel tuo profilo shell.
+
+ ***
+
#### Variabili d'ambiente (Avvio rapido)
Imposta una di queste variabili d'ambiente mentre esegui opencode:
@@ -227,7 +235,8 @@ Per usare Amazon Bedrock con OpenCode:
Amazon Bedrock usa la seguente priorità di autenticazione:
1. **Bearer Token** - Variabile d'ambiente `AWS_BEARER_TOKEN_BEDROCK` o token dal comando `/connect`
- 2. **AWS Credential Chain** - Profilo, chiavi di accesso, credenziali condivise, ruoli IAM, Web Identity Tokens (EKS IRSA), metadati istanza
+ 2. **IAM Credentials** - Memorizzate tramite `/connect` > credenziali IAM (iniettate nella catena delle credenziali)
+ 3. **AWS Credential Chain** - Profilo, chiavi di accesso, credenziali condivise, ruoli IAM, Web Identity Tokens (EKS IRSA), metadati istanza
:::note
Quando è impostato un bearer token (tramite `/connect` o `AWS_BEARER_TOKEN_BEDROCK`), ha la precedenza su tutti i metodi di credenziali AWS inclusi i profili configurati.
diff --git a/packages/web/src/content/docs/ja/config.mdx b/packages/web/src/content/docs/ja/config.mdx
index 20e29190dae..7630daf11bf 100644
--- a/packages/web/src/content/docs/ja/config.mdx
+++ b/packages/web/src/content/docs/ja/config.mdx
@@ -294,7 +294,7 @@ Amazon Bedrock は、AWS 固有の設定をサポートしています。
- `endpoint` - VPC エンドポイントのカスタムエンドポイント URL。これは、AWS 固有の用語を使用した汎用 `baseURL` オプションのエイリアスです。両方を指定した場合は、`endpoint` が優先されます。
:::note
-ベアラー トークン (`AWS_BEARER_TOKEN_BEDROCK` または `/connect`) は、プロファイルベースの認証より優先されます。詳細については、「[認証優先順位](/docs/providers#authentication-precedence)」を参照してください。
+ベアラー トークン (`AWS_BEARER_TOKEN_BEDROCK` または `/connect`) は、他のすべての認証方法より優先されます。`/connect` 経由で保存された IAM 認証情報は AWS 認証チェーンに注入されます。詳細については、「[認証優先順位](/docs/providers#authentication-precedence)」を参照してください。
:::
[Amazon Bedrock 設定](/docs/providers#amazon-bedrock) の詳細をご覧ください。
diff --git a/packages/web/src/content/docs/ja/providers.mdx b/packages/web/src/content/docs/ja/providers.mdx
index 388dc8e41dc..7fdee35fc59 100644
--- a/packages/web/src/content/docs/ja/providers.mdx
+++ b/packages/web/src/content/docs/ja/providers.mdx
@@ -167,6 +167,16 @@ OpenCode で Amazon Bedrock を使用するには:
***
+ ***
+
+ #### /connect コマンド
+
+ `/connect` コマンドを実行し、**Amazon Bedrock** を選択してから、次のいずれかを選択します:
+ - **IAM credentials** — Access Key ID、Secret Access Key、リージョンを OpenCode に直接入力します。
+ - **環境変数** — シェルプロファイルに設定する環境変数を確認します。
+
+ ***
+
#### 環境変数 (クイックスタート)
opencode の実行中に次の環境変数のいずれかを設定します。
@@ -257,7 +267,8 @@ OpenCode で Amazon Bedrock を使用するには:
Amazon Bedrock は次の認証優先度を使用します。
1. **ベアラー トークン** - `AWS_BEARER_TOKEN_BEDROCK` 環境変数または `/connect` コマンドからのトークン
- 2. **AWS 認証情報チェーン** - プロファイル、アクセスキー、共有認証情報、IAM ロール、Web ID トークン (EKS IRSA)、インスタンスメタデータ
+ 2. **IAM Credentials** - `/connect` > IAM 認証情報で保存(認証チェーンに注入)
+ 3. **AWS 認証情報チェーン** - プロファイル、アクセスキー、共有認証情報、IAM ロール、Web ID トークン (EKS IRSA)、インスタンスメタデータ
:::note
ベアラー トークンが (`/connect` または `AWS_BEARER_TOKEN_BEDROCK` 経由で) 設定されると、設定されたプロファイルを含むすべての AWS 認証情報方法よりも優先されます。
diff --git a/packages/web/src/content/docs/ko/config.mdx b/packages/web/src/content/docs/ko/config.mdx
index 2f08824d699..6bbd222de57 100644
--- a/packages/web/src/content/docs/ko/config.mdx
+++ b/packages/web/src/content/docs/ko/config.mdx
@@ -291,7 +291,7 @@ Amazon Bedrock은 AWS 전용 config를 지원합니다.
- `endpoint` - VPC endpoint용 custom endpoint URL입니다. AWS 용어를 사용한 일반 `baseURL` 옵션의 별칭(alias)입니다. 둘 다 지정하면 `endpoint`가 우선합니다.
:::note
-Bearer token(`AWS_BEARER_TOKEN_BEDROCK` 또는 `/connect`)은 profile 기반 인증보다 우선합니다. 자세한 내용은 [authentication precedence](/docs/providers#authentication-precedence)를 참고하세요.
+Bearer token(`AWS_BEARER_TOKEN_BEDROCK` 또는 `/connect`)은 다른 모든 인증 방법보다 우선합니다. `/connect`를 통해 저장된 IAM 자격 증명은 AWS 자격 증명 체인에 주입됩니다. 자세한 내용은 [authentication precedence](/docs/providers#authentication-precedence)를 참고하세요.
:::
[Amazon Bedrock config 더 알아보기](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/ko/providers.mdx b/packages/web/src/content/docs/ko/providers.mdx
index c543c719dd2..ce07bdd00e8 100644
--- a/packages/web/src/content/docs/ko/providers.mdx
+++ b/packages/web/src/content/docs/ko/providers.mdx
@@ -164,6 +164,14 @@ OpenCode로 Amazon Bedrock을 사용하려면:
***
+ #### /connect 명령
+
+ `/connect` 명령을 실행하고 **Amazon Bedrock**을 선택한 다음 다음 중 하나를 선택합니다:
+ - **IAM credentials** — Access Key ID, Secret Access Key 및 리전을 OpenCode에 직접 입력합니다.
+ - **환경 변수** — 셸 프로필에 설정할 환경 변수를 확인합니다.
+
+ ***
+
#### 환경 변수 (빠른 시작)
OpenCode를 실행하는 동안 다음 환경 변수 중 하나를 설정합니다:
@@ -254,7 +262,8 @@ OpenCode로 Amazon Bedrock을 사용하려면:
Amazon Bedrock은 다음과 같은 인증 우선 순위를 사용합니다.
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` 환경 변수 또는 `/connect` 명령의 토큰
- 2. **AWS Credential Chain** - 프로필, 액세스 키, 공유 자격 증명, IAM 역할, 웹 ID 토큰 (EKS IRSA), 인스턴스 메타데이터
+ 2. **IAM Credentials** - `/connect` > IAM 자격 증명으로 저장 (자격 증명 체인에 주입)
+ 3. **AWS Credential Chain** - 프로필, 액세스 키, 공유 자격 증명, IAM 역할, 웹 ID 토큰 (EKS IRSA), 인스턴스 메타데이터
:::note
Bearer 토큰을 설정할 때 (`/connect` 또는 `AWS_BEARER_TOKEN_BEDROCK`를 통해), 구성된 프로필을 포함한 모든 AWS 자격 증명 방법보다 우선 순위가 높습니다.
diff --git a/packages/web/src/content/docs/nb/config.mdx b/packages/web/src/content/docs/nb/config.mdx
index e8b32d5a067..f78eee1a873 100644
--- a/packages/web/src/content/docs/nb/config.mdx
+++ b/packages/web/src/content/docs/nb/config.mdx
@@ -293,7 +293,7 @@ Amazon Bedrock støtter AWS-spesifikk konfigurasjon:
- `endpoint` - Egendefinert endepunkt URL for VPC endepunkter. Dette er et alias for det generiske `baseURL`-alternativet som bruker AWS-spesifikk terminologi. Hvis begge er spesifisert, har `endpoint` forrang.
:::note
-Bærer-tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over profilbasert autentisering. Se [autentiseringsprioritet](/docs/providers#authentication-precedence) for detaljer.
+Bærer-tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over alle andre autentiseringsmetoder. IAM-legitimasjon lagret via `/connect` injiseres i AWS-legitimasjonskjeden. Se [autentiseringsprioritet](/docs/providers#authentication-precedence) for detaljer.
:::
[Les mer om konfigurasjon av Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/nb/providers.mdx b/packages/web/src/content/docs/nb/providers.mdx
index 682f923f8c4..466cffcb671 100644
--- a/packages/web/src/content/docs/nb/providers.mdx
+++ b/packages/web/src/content/docs/nb/providers.mdx
@@ -168,6 +168,16 @@ Slik bruker du Amazon Bedrock med OpenCode:
2. **Konfigurer autentisering** ved å bruke en av følgende metoder:
+ ***
+
+ #### /connect-kommando
+
+ Kjør `/connect`-kommandoen, velg **Amazon Bedrock**, og velg mellom:
+ - **IAM credentials** — skriv inn Access Key ID, Secret Access Key og region direkte i OpenCode.
+ - **Miljøvariabler** — se hvilke miljøvariabler som skal settes i shell-profilen din.
+
+ ***
+
#### Miljøvariabler (hurtigstart)
Angi en av disse miljøvariablene mens du kjører OpenCode:
@@ -250,7 +260,8 @@ Slik bruker du Amazon Bedrock med OpenCode:
Amazon Bedrock bruker følgende autentiseringsprioritet:
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` miljøvariabel eller token fra kommandoen `/connect`
- 2. **AWS legitimasjonskjede** - profil, tilgangsnøkler, delt legitimasjon, IAM roller, nettidentitetstokener (EKS IRSA), forekomstmetadata
+ 2. **IAM Credentials** - Lagret via `/connect` > IAM-legitimasjon (injisert i legitimasjonskjeden)
+ 3. **AWS legitimasjonskjede** - profil, tilgangsnøkler, delt legitimasjon, IAM roller, nettidentitetstokener (EKS IRSA), forekomstmetadata
:::note
Når et bærertoken er angitt (via `/connect` eller `AWS_BEARER_TOKEN_BEDROCK`), har det forrang over alle AWS legitimasjonsmetoder inkludert konfigurerte profiler.
diff --git a/packages/web/src/content/docs/pl/config.mdx b/packages/web/src/content/docs/pl/config.mdx
index a6a6fb156d7..a1da6b29a2b 100644
--- a/packages/web/src/content/docs/pl/config.mdx
+++ b/packages/web/src/content/docs/pl/config.mdx
@@ -288,7 +288,7 @@ Amazon Bedrock umożliwia konfigurację połączenia z AWS:
- `endpoint` — Niestandardowy adres URL punktu końcowego (np. dla punktów końcowych VPC). Jest to alias dla opcji ogólnej `baseURL` przy użyciu terminologii AWS. Jeśli podano oba, pierwszeństwo ma `endpoint`.
:::note
-Token okaziciela (`AWS_BEARER_TOKEN_BEDROCK` lub `/connect`) ma pierwszeństwo przed uwierzytelnianiem opartym na profilu. Aby uzyskać szczegółowe informacje, zobacz [pierwszeństwo uwierzytelniania](/docs/providers#authentication-precedence).
+Token okaziciela (`AWS_BEARER_TOKEN_BEDROCK` lub `/connect`) ma pierwszeństwo przed wszystkimi innymi metodami uwierzytelniania. Dane uwierzytelniające IAM przechowywane przez `/connect` są wstrzykiwane do łańcucha poświadczeń AWS. Aby uzyskać szczegółowe informacje, zobacz [pierwszeństwo uwierzytelniania](/docs/providers#authentication-precedence).
:::
[Dowiedz się więcej o Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/pl/providers.mdx b/packages/web/src/content/docs/pl/providers.mdx
index fa509011031..0c6c43434a2 100644
--- a/packages/web/src/content/docs/pl/providers.mdx
+++ b/packages/web/src/content/docs/pl/providers.mdx
@@ -166,6 +166,16 @@ Aby używać Amazon Bedrock z opencode:
2. **Skonfiguruj uwierzytelnianie** przy użyciu jednej z następujących metod:
+ ***
+
+ #### Komenda /connect
+
+ Uruchom komendę `/connect`, wybierz **Amazon Bedrock**, a następnie wybierz:
+ - **IAM credentials** — wprowadź Access Key ID, Secret Access Key i region bezpośrednio w OpenCode.
+ - **Zmienne środowiskowe** — sprawdź, które zmienne środowiskowe ustawić w profilu powłoki.
+
+ ***
+
#### Zmienne środowiskowe (Szybki start)
Ustaw jedną z tych zmiennych środowiskowych podczas uruchamiania opencode:
@@ -248,7 +258,8 @@ Aby używać Amazon Bedrock z opencode:
Amazon Bedrock wykorzystuje następujący priorytet uwierzytelniania:
1. **Token nośnika** - zmienna środowiskowa `AWS_BEARER_TOKEN_BEDROCK` lub token z komendy `/connect`
- 2. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata
+ 2. **IAM Credentials** - Przechowywane przez `/connect` > dane uwierzytelniające IAM (wstrzykiwane do łańcucha poświadczeń)
+ 3. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata
:::note
Gdy ustawisz bearer token (przez `/connect` lub `AWS_BEARER_TOKEN_BEDROCK`), ma on pierwszeństwo nad wszystkimi metodami poświadczeń AWS, w tym profilami.
diff --git a/packages/web/src/content/docs/providers.mdx b/packages/web/src/content/docs/providers.mdx
index 34e3626499c..fb0b4e00148 100644
--- a/packages/web/src/content/docs/providers.mdx
+++ b/packages/web/src/content/docs/providers.mdx
@@ -169,6 +169,14 @@ To use Amazon Bedrock with OpenCode:
***
+ #### /connect Command
+
+ Run the `/connect` command, select **Amazon Bedrock**, and choose either:
+ - **IAM credentials** — enter your Access Key ID, Secret Access Key, and region directly in OpenCode.
+ - **Environment variables** — view which env vars to set in your shell profile.
+
+ ***
+
#### Environment Variables (Quick Start)
Set one of these environment variables while running opencode:
@@ -259,7 +267,8 @@ To use Amazon Bedrock with OpenCode:
Amazon Bedrock uses the following authentication priority:
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` environment variable or token from `/connect` command
- 2. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata
+ 2. **IAM Credentials** - Stored via `/connect` > IAM credentials (injected into credential chain)
+ 3. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata
:::note
When a bearer token is set (via `/connect` or `AWS_BEARER_TOKEN_BEDROCK`), it takes precedence over all AWS credential methods including configured profiles.
diff --git a/packages/web/src/content/docs/pt-br/config.mdx b/packages/web/src/content/docs/pt-br/config.mdx
index 4684bb199ec..14650d33db3 100644
--- a/packages/web/src/content/docs/pt-br/config.mdx
+++ b/packages/web/src/content/docs/pt-br/config.mdx
@@ -292,7 +292,7 @@ Amazon Bedrock suporta configuração específica da AWS:
- `endpoint` - URL de endpoint personalizada para endpoints VPC. Este é um alias para a opção genérica `baseURL` usando terminologia específica da AWS. Se ambos forem especificados, `endpoint` tem precedência.
:::note
-Tokens Bearer (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) têm precedência sobre a autenticação baseada em perfil. Veja [precedência de autenticação](/docs/providers#authentication-precedence) para detalhes.
+Tokens Bearer (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) têm precedência sobre todos os outros métodos de autenticação. Credenciais IAM armazenadas via `/connect` são injetadas na cadeia de credenciais AWS. Veja [precedência de autenticação](/docs/providers#authentication-precedence) para detalhes.
:::
[Saiba mais sobre a configuração do Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/pt-br/providers.mdx b/packages/web/src/content/docs/pt-br/providers.mdx
index 2ef2ebdc006..89e89169176 100644
--- a/packages/web/src/content/docs/pt-br/providers.mdx
+++ b/packages/web/src/content/docs/pt-br/providers.mdx
@@ -164,6 +164,14 @@ Para usar o Amazon Bedrock com o opencode:
***
+ #### Comando /connect
+
+ Execute o comando `/connect`, selecione **Amazon Bedrock** e escolha uma das opções:
+ - **IAM credentials** — insira seu Access Key ID, Secret Access Key e região diretamente no OpenCode.
+ - **Environment variables** — veja quais variáveis de ambiente definir no seu perfil bash.
+
+ ***
+
#### Variáveis de Ambiente (Início Rápido)
Defina uma dessas variáveis de ambiente ao executar o opencode:
@@ -254,7 +262,8 @@ Para usar o Amazon Bedrock com o opencode:
O Amazon Bedrock usa a seguinte prioridade de autenticação:
1. **Bearer Token** - variável de ambiente `AWS_BEARER_TOKEN_BEDROCK` ou token do comando `/connect`
- 2. **Cadeia de Credenciais da AWS** - Perfil, chaves de acesso, credenciais compartilhadas, funções IAM, Tokens de Identidade da Web (EKS IRSA), metadados da instância
+ 2. **IAM Credentials** - Armazenadas via `/connect` > credenciais IAM (injetadas na cadeia de credenciais)
+ 3. **Cadeia de Credenciais da AWS** - Perfil, chaves de acesso, credenciais compartilhadas, funções IAM, Tokens de Identidade da Web (EKS IRSA), metadados da instância
:::note
Quando um token bearer é definido (via `/connect` ou `AWS_BEARER_TOKEN_BEDROCK`), ele tem precedência sobre todos os métodos de credenciais da AWS, incluindo perfis configurados.
diff --git a/packages/web/src/content/docs/ru/config.mdx b/packages/web/src/content/docs/ru/config.mdx
index 5d91dc5e01b..c387a1b4a0a 100644
--- a/packages/web/src/content/docs/ru/config.mdx
+++ b/packages/web/src/content/docs/ru/config.mdx
@@ -291,7 +291,7 @@ Amazon Bedrock поддерживает конфигурацию, специфи
- `endpoint` — URL-адрес пользовательской конечной точки для конечных точек VPC. Это псевдоним общего параметра `baseURL`, использующий терминологию, специфичную для AWS. Если указаны оба параметра, `endpoint` имеет приоритет.
:::note
-Токены носителя (`AWS_BEARER_TOKEN_BEDROCK` или `/connect`) имеют приоритет над аутентификацией на основе профиля. Подробности см. в [приоритет аутентификации](/docs/providers#authentication-precedence).
+Токены носителя (`AWS_BEARER_TOKEN_BEDROCK` или `/connect`) имеют приоритет над всеми другими методами аутентификации. Учетные данные IAM, сохраненные через `/connect`, внедряются в цепочку учетных данных AWS. Подробности см. в [приоритет аутентификации](/docs/providers#authentication-precedence).
:::
[Подробнее о конфигурации Amazon Bedrock](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/ru/providers.mdx b/packages/web/src/content/docs/ru/providers.mdx
index c36dfd9f78c..1533aa1bab8 100644
--- a/packages/web/src/content/docs/ru/providers.mdx
+++ b/packages/web/src/content/docs/ru/providers.mdx
@@ -166,6 +166,16 @@ OpenCode Go — это недорогой план подписки, обесп
2. **Настройте аутентификацию** одним из следующих способов:
+ ***
+
+ #### Команда /connect
+
+ Выполните команду `/connect`, выберите **Amazon Bedrock** и выберите один из вариантов:
+ - **IAM credentials** — введите Access Key ID, Secret Access Key и регион прямо в OpenCode.
+ - **Environment variables** — посмотрите, какие переменные среды необходимо задать в профиле bash.
+
+ ***
+
#### Переменные среды (быстрый старт)
Установите одну из этих переменных среды при запуске opencode:
@@ -247,8 +257,9 @@ OpenCode Go — это недорогой план подписки, обесп
#### Приоритет аутентификации
Amazon Bedrock использует следующий приоритет аутентификации:
- 1. **Токен носителя** — переменная среды `AWS_BEARER_TOKEN_BEDROCK` или токен из команды `/connect`.
- 2. **Цепочка учетных данных AWS** — профиль, ключи доступа, общие учетные данные, роли IAM, токены веб-идентификации (EKS IRSA), метаданные экземпляра.
+ 1. **Токен носителя** — переменная среды `AWS_BEARER_TOKEN_BEDROCK` или токен из команды `/connect`.
+ 2. **IAM Credentials** - Сохранены через `/connect` > учетные данные IAM (внедряются в цепочку учетных данных)
+ 3. **Цепочка учетных данных AWS** — профиль, ключи доступа, общие учетные данные, роли IAM, токены веб-идентификации (EKS IRSA), метаданные экземпляра.
:::note
Когда токен-носитель установлен (через `/connect` или `AWS_BEARER_TOKEN_BEDROCK`), он имеет приоритет над всеми методами учетных данных AWS, включая настроенные профили.
diff --git a/packages/web/src/content/docs/th/config.mdx b/packages/web/src/content/docs/th/config.mdx
index c58469c77ab..a2407fc7b6e 100644
--- a/packages/web/src/content/docs/th/config.mdx
+++ b/packages/web/src/content/docs/th/config.mdx
@@ -295,7 +295,7 @@ Amazon Bedrock รองรับ AWS-การกำหนดค่าเฉพ
- `endpoint` - จุดสิ้นสุดที่กำหนดเอง URL สำหรับจุดสิ้นสุด VPC นี่เป็นนามแฝงสำหรับตัวเลือก `baseURL` ทั่วไปโดยใช้คำศัพท์เฉพาะ AWS หากระบุทั้งสองรายการ `endpoint` จะมีความสำคัญกว่า
:::note
-Bearer Token (`AWS_BEARER_TOKEN_BEDROCK` หรือ `/connect`) มีความสำคัญมากกว่าการตรวจสอบสิทธิ์ตามโปรไฟล์ ดู [ลำดับความสำคัญในการรับรองความถูกต้อง](/docs/providers#การรับรองความถูกต้อง-เหนือกว่า) สำหรับรายละเอียด
+Bearer Token (`AWS_BEARER_TOKEN_BEDROCK` หรือ `/connect`) มีความสำคัญมากกว่าวิธีการตรวจสอบสิทธิ์อื่นๆ ทั้งหมด ข้อมูลรับรอง IAM ที่จัดเก็บผ่าน `/connect` จะถูกฉีดเข้าสู่ AWS credential chain ดู [ลำดับความสำคัญในการรับรองความถูกต้อง](/docs/providers#การรับรองความถูกต้อง-เหนือกว่า) สำหรับรายละเอียด
:::
[เรียนรู้เพิ่มเติมเกี่ยวกับการกำหนดค่า Amazon Bedrock](/docs/providers#amazon-bedrock)
diff --git a/packages/web/src/content/docs/th/providers.mdx b/packages/web/src/content/docs/th/providers.mdx
index 122ade42772..a372fd04517 100644
--- a/packages/web/src/content/docs/th/providers.mdx
+++ b/packages/web/src/content/docs/th/providers.mdx
@@ -166,6 +166,16 @@ OpenCode Go คือแผนการสมัครสมาชิกรา
2. **กำหนดค่าการตรวจสอบสิทธิ์** โดยใช้วิธีใดวิธีหนึ่งต่อไปนี้:
+ ***
+
+ #### คำสั่ง /connect
+
+ เรียกใช้คำสั่ง `/connect` เลือก **Amazon Bedrock** และเลือกอย่างใดอย่างหนึ่ง:
+ - **IAM credentials** — ป้อน Access Key ID, Secret Access Key และ region โดยตรงใน OpenCode
+ - **Environment variables** — ดูตัวแปรสภาพแวดล้อมที่ต้องตั้งค่าในโปรไฟล์ shell ของคุณ
+
+ ***
+
#### ตัวแปรสภาพแวดล้อม (เริ่มต้นอย่างรวดเร็ว)
ตั้งค่าหนึ่งในตัวแปรสภาพแวดล้อมเหล่านี้ขณะเรียกใช้ opencode:
@@ -248,7 +258,8 @@ OpenCode Go คือแผนการสมัครสมาชิกรา
Amazon Bedrock ใช้ลำดับความสำคัญในการรับรองความถูกต้องต่อไปนี้:
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` ตัวแปรสภาพแวดล้อมหรือโทเค็นจากคำสั่ง `/connect`
- 2. **AWS Credential Chain** - โปรไฟล์, คีย์การเข้าถึง, ข้อมูลประจำตัวที่แชร์, บทบาท IAM, โทเค็นข้อมูลประจำตัวของเว็บ (EKS IRSA), ข้อมูลเมตาของอินสแตนซ์
+ 2. **IAM Credentials** - จัดเก็บผ่าน `/connect` > ข้อมูลรับรอง IAM (ถูกฉีดเข้าสู่ credential chain)
+ 3. **AWS Credential Chain** - โปรไฟล์, คีย์การเข้าถึง, ข้อมูลประจำตัวที่แชร์, บทบาท IAM, โทเค็นข้อมูลประจำตัวของเว็บ (EKS IRSA), ข้อมูลเมตาของอินสแตนซ์
:::note
เมื่อตั้งค่าBearer Token (ผ่าน `/connect` หรือ `AWS_BEARER_TOKEN_BEDROCK`) โทเค็นนั้นจะมีความสำคัญเหนือกว่าวิธีการข้อมูลประจำตัว AWS ทั้งหมด รวมถึงโปรไฟล์ที่กำหนดค่าไว้
diff --git a/packages/web/src/content/docs/tr/config.mdx b/packages/web/src/content/docs/tr/config.mdx
index 8a769ba6908..febf3411606 100644
--- a/packages/web/src/content/docs/tr/config.mdx
+++ b/packages/web/src/content/docs/tr/config.mdx
@@ -292,7 +292,7 @@ Amazon Bedrock, AWS'a özgü yapılandırmayı destekler:
- `endpoint` - VPC uç noktaları için özel uç nokta URL. Bu, AWS'e özgü terminolojiyi kullanan genel `baseURL` seçeneğinin takma adıdır. Her ikisi de belirtilirse `endpoint` öncelikli olur.
:::note
-Taşıyıcı belirteçleri (`AWS_BEARER_TOKEN_BEDROCK` veya `/connect`) profil tabanlı kimlik doğrulamaya göre önceliklidir. Ayrıntılar için [authentication precedence](/docs/providers#authentication-precedence)'ye bakın.
+Taşıyıcı belirteçleri (`AWS_BEARER_TOKEN_BEDROCK` veya `/connect`) diğer tüm kimlik doğrulama yöntemlerine göre önceliklidir. `/connect` aracılığıyla saklanan IAM kimlik bilgileri AWS kimlik bilgisi zincirine enjekte edilir. Ayrıntılar için [authentication precedence](/docs/providers#authentication-precedence)'ye bakın.
:::
[Amazon Bedrock yapılandırması hakkında daha fazla bilgi](/docs/providers#amazon-bedrock).
diff --git a/packages/web/src/content/docs/tr/providers.mdx b/packages/web/src/content/docs/tr/providers.mdx
index 1ddc65131c9..90e40a5e0c4 100644
--- a/packages/web/src/content/docs/tr/providers.mdx
+++ b/packages/web/src/content/docs/tr/providers.mdx
@@ -166,6 +166,16 @@ Amazon Bedrock'u opencode ile kullanmak için:
2. **Kimlik doğrulamayı yapılandırın**: Aşağıdaki yöntemlerden birini kullanın:
+ ***
+
+ #### /connect Komutu
+
+ `/connect` komutunu çalıştırın, **Amazon Bedrock**'u seçin ve şunlardan birini seçin:
+ - **IAM credentials** — Access Key ID, Secret Access Key ve bölgenizi doğrudan OpenCode'a girin.
+ - **Environment variables** — kabuk profilinizde hangi ortam değişkenlerini ayarlamanız gerektiğini görün.
+
+ ***
+
#### Ortam Değişkenleri (Hızlı Başlangıç)
opencode'u çalıştırırken bu ortam değişkenlerinden birini ayarlayın:
@@ -250,7 +260,8 @@ Bedrock için VPC uç noktaları kullanıyorsanız:
Amazon Bedrock aşağıdaki kimlik doğrulama önceliğini kullanır:
1. **Taşıyıcı Belirteç** - `AWS_BEARER_TOKEN_BEDROCK` ortam değişkeni veya `/connect` komutundan belirteç
-2. **AWS Credential Chain** - Profil, erişim anahtarları, paylaşılan kimlik bilgileri, IAM rolleri, Web Identity Tokens (EKS IRSA), örnek meta verileri
+2. **IAM Credentials** - `/connect` > IAM kimlik bilgileri ile saklanır (kimlik bilgisi zincirine enjekte edilir)
+3. **AWS Credential Chain** - Profil, erişim anahtarları, paylaşılan kimlik bilgileri, IAM rolleri, Web Identity Tokens (EKS IRSA), örnek meta verileri
:::note
Bir taşıyıcı belirteç ayarlandığında (`/connect` veya `AWS_BEARER_TOKEN_BEDROCK` yoluyla), yapılandırılmış profiller dahil olmak üzere tüm AWS kimlik bilgisi yöntemlerine göre öncelik kazanır.
diff --git a/packages/web/src/content/docs/zh-cn/config.mdx b/packages/web/src/content/docs/zh-cn/config.mdx
index c401bcf121f..39890b735a9 100644
--- a/packages/web/src/content/docs/zh-cn/config.mdx
+++ b/packages/web/src/content/docs/zh-cn/config.mdx
@@ -289,7 +289,7 @@ Amazon Bedrock 支持 AWS 特定配置:
- `endpoint` - VPC 端点的自定义端点 URL。这是通用 `baseURL` 选项使用 AWS 特定术语的别名。如果两者都指定,`endpoint` 优先。
:::note
-Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)优先于基于配置文件的身份验证。详情请参见[身份验证优先级](/docs/providers#authentication-precedence)。
+Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)优先于所有其他身份验证方法。通过 `/connect` 存储的 IAM 凭证会注入 AWS 凭证链。详情请参见[身份验证优先级](/docs/providers#authentication-precedence)。
:::
[了解更多关于 Amazon Bedrock 配置的信息](/docs/providers#amazon-bedrock)。
diff --git a/packages/web/src/content/docs/zh-cn/providers.mdx b/packages/web/src/content/docs/zh-cn/providers.mdx
index 9c1616876d7..727a4810360 100644
--- a/packages/web/src/content/docs/zh-cn/providers.mdx
+++ b/packages/web/src/content/docs/zh-cn/providers.mdx
@@ -133,6 +133,14 @@ OpenCode Zen 是由 OpenCode 团队提供的模型列表,这些模型已经过
***
+ #### /connect 命令
+
+ 执行 `/connect` 命令,选择 **Amazon Bedrock**,然后选择以下选项之一:
+ - **IAM credentials** — 直接在 OpenCode 中输入你的 Access Key ID、Secret Access Key 和区域。
+ - **Environment variables** — 查看需要在 shell 配置文件中设置哪些环境变量。
+
+ ***
+
#### 环境变量(快速上手)
运行 opencode 时设置以下环境变量之一:
@@ -223,7 +231,8 @@ OpenCode Zen 是由 OpenCode 团队提供的模型列表,这些模型已经过
Amazon Bedrock 使用以下认证优先级:
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` 环境变量或通过 `/connect` 命令获取的 Token
- 2. **AWS 凭证链** - 配置文件、访问密钥、共享凭证、IAM 角色、Web Identity Token(EKS IRSA)、实例元数据
+ 2. **IAM 凭证** - 通过 `/connect` > IAM 凭证存储(注入凭证链)
+ 3. **AWS 凭证链** - 配置文件、访问密钥、共享凭证、IAM 角色、Web Identity Token(EKS IRSA)、实例元数据
:::note
当设置了 Bearer Token(通过 `/connect` 或 `AWS_BEARER_TOKEN_BEDROCK`)时,它的优先级高于所有 AWS 凭证方式,包括已配置的配置文件。
diff --git a/packages/web/src/content/docs/zh-tw/config.mdx b/packages/web/src/content/docs/zh-tw/config.mdx
index a694823a65f..5882cbe860d 100644
--- a/packages/web/src/content/docs/zh-tw/config.mdx
+++ b/packages/web/src/content/docs/zh-tw/config.mdx
@@ -293,7 +293,7 @@ Amazon Bedrock 支援 AWS 特定設定:
- `endpoint` - VPC 端點的自訂端點 URL。這是通用 `baseURL` 選項使用 AWS 特定術語的別名。如果兩者都指定,`endpoint` 優先。
:::note
-Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)優先於基於設定檔的身分驗證。詳情請參見[認證優先級](/docs/providers#authentication-precedence)。
+Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)優先於所有其他身分驗證方法。透過 `/connect` 儲存的 IAM 憑證會注入 AWS 憑證鏈。詳情請參見[認證優先級](/docs/providers#authentication-precedence)。
:::
[了解更多關於 Amazon Bedrock 設定的資訊](/docs/providers#amazon-bedrock)。
diff --git a/packages/web/src/content/docs/zh-tw/providers.mdx b/packages/web/src/content/docs/zh-tw/providers.mdx
index b673b1ade5a..8762a9160a8 100644
--- a/packages/web/src/content/docs/zh-tw/providers.mdx
+++ b/packages/web/src/content/docs/zh-tw/providers.mdx
@@ -162,6 +162,16 @@ OpenCode Go 是一個低成本的訂閱計畫,提供對 OpenCode 團隊提供
2. 使用以下方法之一**設定身分驗證**:
+ ***
+
+ #### /connect 指令
+
+ 執行 `/connect` 指令,選擇 **Amazon Bedrock**,然後選擇以下選項之一:
+ - **IAM credentials** — 直接在 OpenCode 中輸入您的 Access Key ID、Secret Access Key 和區域。
+ - **Environment variables** — 查看需要在 shell 設定檔中設定哪些環境變數。
+
+ ***
+
#### 環境變數(快速上手)
執行 opencode 時設定以下環境變數之一:
@@ -244,7 +254,8 @@ OpenCode Go 是一個低成本的訂閱計畫,提供對 OpenCode 團隊提供
Amazon Bedrock 使用以下認證優先順序:
1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` 環境變數或透過 `/connect` 指令取得的 Token
- 2. **AWS 憑證鏈** - 設定檔、存取金鑰、共享憑證、IAM 角色、Web Identity Token(EKS IRSA)、執行個體中繼資料
+ 2. **IAM 憑證** - 透過 `/connect` > IAM 憑證儲存(注入憑證鏈)
+ 3. **AWS 憑證鏈** - 設定檔、存取金鑰、共享憑證、IAM 角色、Web Identity Token(EKS IRSA)、執行個體中繼資料
:::note
當設定了 Bearer Token(透過 `/connect` 或 `AWS_BEARER_TOKEN_BEDROCK`)時,它的優先順序高於所有 AWS 憑證方式,包括已設定的設定檔。