From 11531bd4280773112008a45d72b1ef11e6c6dbb6 Mon Sep 17 00:00:00 2001 From: Tristan Stahnke Date: Tue, 24 Feb 2026 20:03:22 -0500 Subject: [PATCH 1/2] fix: add Bedrock IAM credentials connect flow and environment variables auth option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Clicking "Connect Amazon Bedrock" shows a generic API key form, but Bedrock uses AWS IAM credentials. This PR fixes that with two changes: 1. IAM credentials form — enter Access Key ID, Secret Access Key, and Region. Stored as a new aws auth type in auth.json and injected into the credential chain at request time. 2. Env var auth option — shows users which env vars to set (AWS_PROFILE, AWS_ACCESS_KEY_ID, AWS_BEARER_TOKEN_BEDROCK) so they can use existing AWS credential chain methods instead. --- .../components/dialog-connect-provider.tsx | 110 ++++++++++++++++++ packages/app/src/i18n/en.ts | 15 +++ packages/opencode/src/auth/index.ts | 11 +- packages/opencode/src/provider/auth.ts | 24 +++- packages/opencode/src/provider/provider.ts | 13 ++- packages/sdk/js/src/v2/gen/types.gen.ts | 12 +- 6 files changed, 177 insertions(+), 8 deletions(-) diff --git a/packages/app/src/components/dialog-connect-provider.tsx b/packages/app/src/components/dialog-connect-provider.tsx index 90f4f41f7c6..5b90a980390 100644 --- a/packages/app/src/components/dialog-connect-provider.tsx +++ b/packages/app/src/components/dialog-connect-provider.tsx @@ -100,6 +100,8 @@ export function DialogConnectProvider(props: { provider: string }) { const methodLabel = (value?: { type?: string; label?: string }) => { if (!value) return "" if (value.type === "api") return language.t("provider.connect.method.apiKey") + if (value.type === "env") return language.t("provider.connect.method.env") + if (value.type === "aws") return language.t("provider.connect.method.aws") return value.label ?? "" } @@ -309,6 +311,108 @@ export function DialogConnectProvider(props: { provider: string }) { ) } + function AwsAuthView() { + const [formStore, setFormStore] = createStore({ + accessKeyId: "", + secretAccessKey: "", + region: "us-east-1", + error: undefined as string | undefined, + }) + + async function handleSubmit(e: SubmitEvent) { + e.preventDefault() + if (!formStore.accessKeyId.trim()) { + setFormStore("error", language.t("provider.connect.aws.accessKeyId.required")) + return + } + if (!formStore.secretAccessKey.trim()) { + setFormStore("error", language.t("provider.connect.aws.secretAccessKey.required")) + return + } + setFormStore("error", undefined) + await globalSDK.client.auth.set({ + providerID: props.provider, + auth: { + type: "aws", + accessKeyId: formStore.accessKeyId.trim(), + secretAccessKey: formStore.secretAccessKey.trim(), + region: formStore.region.trim() || undefined, + }, + }) + await globalSDK.client.global.config.update({ + config: { + provider: { + "amazon-bedrock": { + options: { + region: formStore.region.trim() || "us-east-1", + }, + }, + }, + }, + }) + await complete() + } + + return ( +
+
{language.t("provider.connect.aws.description")}
+
+ setFormStore("accessKeyId", v)} + validationState={formStore.error ? "invalid" : undefined} + error={formStore.error} + /> + setFormStore("secretAccessKey", v)} + /> + setFormStore("region", v)} + /> + + +
+ ) + } + + function EnvAuthView() { + const envVars = createMemo(() => (method() as { env?: string[] })?.env ?? []) + + return ( +
+
+ {language.t("provider.connect.env.description", { provider: provider().name })} +
+
+ {envVars().map((v: string) => ( + {v} + ))} +
+
{language.t("provider.connect.env.desktopNote")}
+ +
+ ) + } + function OAuthCodeView() { const [formStore, setFormStore] = createStore({ value: "", @@ -482,6 +586,12 @@ export function DialogConnectProvider(props: { provider: string }) { + + + + + + diff --git a/packages/app/src/i18n/en.ts b/packages/app/src/i18n/en.ts index 992509fcfa4..1c15fd6b93f 100644 --- a/packages/app/src/i18n/en.ts +++ b/packages/app/src/i18n/en.ts @@ -130,6 +130,21 @@ export const dict = { "provider.connect.apiKey.label": "{{provider}} API key", "provider.connect.apiKey.placeholder": "API key", "provider.connect.apiKey.required": "API key is required", + "provider.connect.env.description": + "{{provider}} uses environment variables for authentication. Set one of the following in your shell profile (e.g. ~/.zshrc) or opencode.json config:", + "provider.connect.env.configHint": "Or configure in opencode.json:", + "provider.connect.env.desktopNote": + "If using the desktop app, you may need to restart it after changing your shell profile so the new environment is picked up.", + "provider.connect.method.env": "Environment variables", + "provider.connect.method.aws": "IAM credentials", + "provider.connect.aws.description": + "Enter your AWS IAM credentials to connect to Amazon Bedrock. You should use a properly scoped IAM user with Bedrock access.", + "provider.connect.aws.accessKeyId.label": "AWS access key ID", + "provider.connect.aws.accessKeyId.required": "Access key ID is required", + "provider.connect.aws.secretAccessKey.label": "AWS secret access key", + "provider.connect.aws.secretAccessKey.placeholder": "Secret access key", + "provider.connect.aws.secretAccessKey.required": "Secret access key is required", + "provider.connect.aws.region.label": "AWS region", "provider.connect.opencodeZen.line1": "OpenCode Zen gives you access to a curated set of reliable optimized models for coding agents.", "provider.connect.opencodeZen.line2": diff --git a/packages/opencode/src/auth/index.ts b/packages/opencode/src/auth/index.ts index 776cc99b444..3f25f5a1cf2 100644 --- a/packages/opencode/src/auth/index.ts +++ b/packages/opencode/src/auth/index.ts @@ -32,7 +32,16 @@ export namespace Auth { }) .meta({ ref: "WellKnownAuth" }) - export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown]).meta({ ref: "Auth" }) + export const Aws = z + .object({ + type: z.literal("aws"), + accessKeyId: z.string(), + secretAccessKey: z.string(), + region: z.string().optional(), + }) + .meta({ ref: "AwsAuth" }) + + export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown, Aws]).meta({ ref: "Auth" }) export type Info = z.infer const filepath = path.join(Global.Path.data, "auth.json") diff --git a/packages/opencode/src/provider/auth.ts b/packages/opencode/src/provider/auth.ts index e6681ff0891..55260c49f49 100644 --- a/packages/opencode/src/provider/auth.ts +++ b/packages/opencode/src/provider/auth.ts @@ -20,17 +20,32 @@ export namespace ProviderAuth { export const Method = z .object({ - type: z.union([z.literal("oauth"), z.literal("api")]), + type: z.union([z.literal("oauth"), z.literal("api"), z.literal("env"), z.literal("aws")]), label: z.string(), + env: z.array(z.string()).optional(), }) .meta({ ref: "ProviderAuthMethod", }) export type Method = z.infer + const ENV_AUTH_PROVIDERS: Record = { + "amazon-bedrock": [ + { + type: "aws", + label: "IAM credentials", + }, + { + type: "env", + label: "Environment variables", + env: ["AWS_PROFILE", "AWS_ACCESS_KEY_ID", "AWS_BEARER_TOKEN_BEDROCK"], + }, + ], + } + export async function methods() { const s = await state().then((x) => x.methods) - return mapValues(s, (x) => + const result = mapValues(s, (x) => x.methods.map( (y): Method => ({ type: y.type, @@ -38,6 +53,11 @@ export namespace ProviderAuth { }), ), ) + for (const [providerID, methods] of Object.entries(ENV_AUTH_PROVIDERS)) { + if (!result[providerID]) result[providerID] = [] + result[providerID].push(...methods) + } + return result } export const Authorization = z diff --git a/packages/opencode/src/provider/provider.ts b/packages/opencode/src/provider/provider.ts index 022ec316795..b3595ef9e8d 100644 --- a/packages/opencode/src/provider/provider.ts +++ b/packages/opencode/src/provider/provider.ts @@ -214,17 +214,18 @@ export namespace Provider { const auth = await Auth.get("amazon-bedrock") - // Region precedence: 1) config file, 2) env var, 3) default + // Region precedence: 1) config file, 2) auth.json aws creds, 3) env var, 4) default const configRegion = providerConfig?.options?.region + const authRegion = auth?.type === "aws" ? auth.region : undefined const envRegion = Env.get("AWS_REGION") - const defaultRegion = configRegion ?? envRegion ?? "us-east-1" + const defaultRegion = configRegion ?? authRegion ?? envRegion ?? "us-east-1" // Profile: config file takes precedence over env var const configProfile = providerConfig?.options?.profile const envProfile = Env.get("AWS_PROFILE") const profile = configProfile ?? envProfile - const awsAccessKeyId = Env.get("AWS_ACCESS_KEY_ID") + const awsAccessKeyId = auth?.type === "aws" ? auth.accessKeyId : Env.get("AWS_ACCESS_KEY_ID") // TODO: Using process.env directly because Env.set only updates a process.env shallow copy, // until the scope of the Env API is clarified (test only or runtime?) @@ -254,6 +255,12 @@ export namespace Provider { // Only use credential chain if no bearer token exists // Bearer token takes precedence over credential chain (profiles, access keys, IAM roles, web identity tokens) if (!awsBearerToken) { + if (auth?.type === "aws") { + process.env.AWS_ACCESS_KEY_ID = auth.accessKeyId + process.env.AWS_SECRET_ACCESS_KEY = auth.secretAccessKey + if (auth.region) process.env.AWS_REGION = auth.region + } + // Build credential provider options (only pass profile if specified) const credentialProviderOptions = profile ? { profile } : {} diff --git a/packages/sdk/js/src/v2/gen/types.gen.ts b/packages/sdk/js/src/v2/gen/types.gen.ts index 4050ef15738..ec6a0dba109 100644 --- a/packages/sdk/js/src/v2/gen/types.gen.ts +++ b/packages/sdk/js/src/v2/gen/types.gen.ts @@ -1918,7 +1918,14 @@ export type WellKnownAuth = { token: string } -export type Auth = OAuth | ApiAuth | WellKnownAuth +export type AwsAuth = { + type: "aws" + accessKeyId: string + secretAccessKey: string + region?: string +} + +export type Auth = OAuth | ApiAuth | WellKnownAuth | AwsAuth export type NotFoundError = { name: "NotFoundError" @@ -2140,8 +2147,9 @@ export type SubtaskPartInput = { } export type ProviderAuthMethod = { - type: "oauth" | "api" + type: "oauth" | "api" | "env" | "aws" label: string + env?: Array } export type ProviderAuthAuthorization = { From c34770fa23754684eaed3c2ef4e3f1ca5bf8ec58 Mon Sep 17 00:00:00 2001 From: Tristan Stahnke Date: Thu, 26 Feb 2026 21:58:46 -0500 Subject: [PATCH 2/2] =?UTF-8?q?fix:=20address=20review=20feedback=20?= =?UTF-8?q?=E2=80=94=20update=20docs,=20CLI=20auth=20flow,=20tests,=20and?= =?UTF-8?q?=20OpenAPI=20spec=20for=20Bedrock=20IAM=20credentials?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update CLI auth login to offer IAM credentials, bearer token, or env var guidance when connecting Amazon Bedrock - Add test for type:aws auth from auth.json - Regenerate OpenAPI spec with AwsAuth schema and env/aws method types - Update Bedrock docs (providers.mdx + config.mdx) across all 18 locales to document /connect IAM credentials flow and auth precedence --- packages/opencode/src/cli/cmd/auth.ts | 71 +++++++++++++++++-- .../test/provider/amazon-bedrock.test.ts | 63 ++++++++++++++++ packages/web/src/content/docs/ar/config.mdx | 2 +- .../web/src/content/docs/ar/providers.mdx | 13 +++- packages/web/src/content/docs/bs/config.mdx | 2 +- .../web/src/content/docs/bs/providers.mdx | 13 +++- packages/web/src/content/docs/config.mdx | 2 +- packages/web/src/content/docs/da/config.mdx | 2 +- .../web/src/content/docs/da/providers.mdx | 13 +++- packages/web/src/content/docs/de/config.mdx | 2 +- .../web/src/content/docs/de/providers.mdx | 13 +++- packages/web/src/content/docs/es/config.mdx | 2 +- .../web/src/content/docs/es/providers.mdx | 13 +++- packages/web/src/content/docs/fr/config.mdx | 2 +- .../web/src/content/docs/fr/providers.mdx | 15 +++- packages/web/src/content/docs/it/config.mdx | 2 +- .../web/src/content/docs/it/providers.mdx | 11 ++- packages/web/src/content/docs/ja/config.mdx | 2 +- .../web/src/content/docs/ja/providers.mdx | 13 +++- packages/web/src/content/docs/ko/config.mdx | 2 +- .../web/src/content/docs/ko/providers.mdx | 12 +++- packages/web/src/content/docs/nb/config.mdx | 2 +- .../web/src/content/docs/nb/providers.mdx | 13 +++- packages/web/src/content/docs/pl/config.mdx | 2 +- .../web/src/content/docs/pl/providers.mdx | 13 +++- packages/web/src/content/docs/providers.mdx | 11 ++- .../web/src/content/docs/pt-br/config.mdx | 2 +- .../web/src/content/docs/pt-br/providers.mdx | 13 +++- packages/web/src/content/docs/ru/config.mdx | 2 +- .../web/src/content/docs/ru/providers.mdx | 15 +++- packages/web/src/content/docs/th/config.mdx | 2 +- .../web/src/content/docs/th/providers.mdx | 13 +++- packages/web/src/content/docs/tr/config.mdx | 2 +- .../web/src/content/docs/tr/providers.mdx | 13 +++- .../web/src/content/docs/zh-cn/config.mdx | 2 +- .../web/src/content/docs/zh-cn/providers.mdx | 11 ++- .../web/src/content/docs/zh-tw/config.mdx | 2 +- .../web/src/content/docs/zh-tw/providers.mdx | 13 +++- 38 files changed, 356 insertions(+), 45 deletions(-) diff --git a/packages/opencode/src/cli/cmd/auth.ts b/packages/opencode/src/cli/cmd/auth.ts index 95635916413..55cfda6a046 100644 --- a/packages/opencode/src/cli/cmd/auth.ts +++ b/packages/opencode/src/cli/cmd/auth.ts @@ -384,13 +384,70 @@ export const AuthLoginCommand = cmd({ } if (provider === "amazon-bedrock") { - prompts.log.info( - "Amazon Bedrock authentication priority:\n" + - " 1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" + - " 2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" + - "Configure via opencode.json options (profile, region, endpoint) or\n" + - "AWS environment variables (AWS_PROFILE, AWS_REGION, AWS_ACCESS_KEY_ID, AWS_WEB_IDENTITY_TOKEN_FILE).", - ) + const method = await prompts.select({ + message: "Select authentication method", + options: [ + { value: "aws", label: "IAM credentials (Access Key ID + Secret Access Key)" }, + { value: "bearer", label: "Bearer token" }, + { value: "env", label: "Environment variables (view guidance)" }, + ], + }) + if (prompts.isCancel(method)) throw new UI.CancelledError() + + if (method === "env") { + prompts.log.info( + "Set one of the following environment variables in your shell profile:\n" + + " • AWS_PROFILE\n" + + " • AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY\n" + + " • AWS_BEARER_TOKEN_BEDROCK\n\n" + + "If using the desktop app, restart it after changing your shell profile.", + ) + prompts.outro("Done") + return + } + + if (method === "aws") { + const accessKeyId = await prompts.text({ + message: "AWS Access Key ID", + placeholder: "AKIA...", + validate: (x) => (x && x.length > 0 ? undefined : "Required"), + }) + if (prompts.isCancel(accessKeyId)) throw new UI.CancelledError() + + const secretAccessKey = await prompts.password({ + message: "AWS Secret Access Key", + validate: (x) => (x && x.length > 0 ? undefined : "Required"), + }) + if (prompts.isCancel(secretAccessKey)) throw new UI.CancelledError() + + const region = await prompts.text({ + message: "AWS Region", + placeholder: "us-east-1", + defaultValue: "us-east-1", + }) + if (prompts.isCancel(region)) throw new UI.CancelledError() + + await Auth.set(provider, { + type: "aws", + accessKeyId, + secretAccessKey, + region: region || "us-east-1", + }) + prompts.outro("Done") + return + } + + const key = await prompts.password({ + message: "Enter your bearer token", + validate: (x) => (x && x.length > 0 ? undefined : "Required"), + }) + if (prompts.isCancel(key)) throw new UI.CancelledError() + await Auth.set(provider, { + type: "api", + key, + }) + prompts.outro("Done") + return } if (provider === "opencode") { diff --git a/packages/opencode/test/provider/amazon-bedrock.test.ts b/packages/opencode/test/provider/amazon-bedrock.test.ts index cb64455b4dd..034da658bba 100644 --- a/packages/opencode/test/provider/amazon-bedrock.test.ts +++ b/packages/opencode/test/provider/amazon-bedrock.test.ts @@ -134,6 +134,69 @@ test("Bedrock: loads when bearer token from auth.json is present", async () => { } }) +test("Bedrock: loads when IAM credentials from auth.json are present", async () => { + await using tmp = await tmpdir({ + init: async (dir) => { + await Filesystem.write( + path.join(dir, "opencode.json"), + JSON.stringify({ + $schema: "https://opencode.ai/config.json", + provider: { + "amazon-bedrock": { + options: { + region: "us-west-2", + }, + }, + }, + }), + ) + }, + }) + + const authPath = path.join(Global.Path.data, "auth.json") + + let originalAuth: string | undefined + try { + originalAuth = await Filesystem.readText(authPath) + } catch { + // File doesn't exist, that's fine + } + + try { + await Filesystem.write( + authPath, + JSON.stringify({ + "amazon-bedrock": { + type: "aws", + accessKeyId: "test-access-key-id", + secretAccessKey: "test-secret-key", + region: "us-west-2", + }, + }), + ) + + await Instance.provide({ + directory: tmp.path, + init: async () => { + Env.set("AWS_PROFILE", "") + Env.set("AWS_ACCESS_KEY_ID", "") + Env.set("AWS_BEARER_TOKEN_BEDROCK", "") + }, + fn: async () => { + const providers = await Provider.list() + expect(providers["amazon-bedrock"]).toBeDefined() + expect(providers["amazon-bedrock"].options?.region).toBe("us-west-2") + }, + }) + } finally { + if (originalAuth !== undefined) { + await Filesystem.write(authPath, originalAuth) + } else { + await unlink(authPath).catch(() => {}) + } + } +}) + test("Bedrock: config profile takes precedence over AWS_PROFILE env var", async () => { await using tmp = await tmpdir({ init: async (dir) => { diff --git a/packages/web/src/content/docs/ar/config.mdx b/packages/web/src/content/docs/ar/config.mdx index d415969972d..0b8c8497548 100644 --- a/packages/web/src/content/docs/ar/config.mdx +++ b/packages/web/src/content/docs/ar/config.mdx @@ -291,7 +291,7 @@ opencode run "Hello world" - `endpoint` - عنوان URL لنقطة نهاية مخصصة لنقاط نهاية VPC. هذا اسم بديل للخيار العام `baseURL` باستخدام مصطلحات AWS. إذا تم تحديدهما معًا، تكون أولوية `endpoint` أعلى. :::note -لرموز Bearer (`AWS_BEARER_TOKEN_BEDROCK` أو `/connect`) أولوية أعلى من المصادقة القائمة على ملف التعريف. راجع [أولوية المصادقة](/docs/providers#authentication-precedence) للتفاصيل. +لرموز Bearer (`AWS_BEARER_TOKEN_BEDROCK` أو `/connect`) أولوية أعلى من جميع طرق المصادقة الأخرى. بيانات اعتماد IAM المخزنة عبر `/connect` تُحقن في سلسلة بيانات اعتماد AWS. راجع [أولوية المصادقة](/docs/providers#authentication-precedence) للتفاصيل. ::: [تعرف على المزيد حول إعداد Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/ar/providers.mdx b/packages/web/src/content/docs/ar/providers.mdx index 1d448986f31..5e5a54c1ea6 100644 --- a/packages/web/src/content/docs/ar/providers.mdx +++ b/packages/web/src/content/docs/ar/providers.mdx @@ -134,6 +134,16 @@ OpenCode Zen هي قائمة نماذج يوفّرها فريق OpenCode وقد 2. **اضبط المصادقة** باستخدام إحدى الطرق التالية: + *** + + #### الأمر `/connect` + + شغّل الأمر `/connect`، واختر **Amazon Bedrock**، ثم اختر إحدى الطريقتين: + - **بيانات اعتماد IAM** — أدخل معرّف مفتاح الوصول ومفتاح الوصول السري والمنطقة مباشرةً في OpenCode. + - **متغيرات البيئة** — اعرض متغيرات البيئة التي يجب ضبطها في ملف shell profile. + + *** + #### متغيرات البيئة (بدء سريع) عيّن أحد متغيرات البيئة التالية أثناء تشغيل opencode: @@ -215,7 +225,8 @@ OpenCode Zen هي قائمة نماذج يوفّرها فريق OpenCode وقد يستخدم Amazon Bedrock أولوية المصادقة التالية: 1. **Bearer Token** - متغير البيئة `AWS_BEARER_TOKEN_BEDROCK` أو الرمز من الأمر `/connect` - 2. **AWS Credential Chain** - الملف الشخصي، مفاتيح الوصول، بيانات الاعتماد المشتركة، أدوار IAM، رموز Web Identity (EKS IRSA)، بيانات تعريف المثيل + 2. **IAM Credentials** - مخزنة عبر `/connect` > بيانات اعتماد IAM (تُحقن في سلسلة بيانات الاعتماد) + 3. **AWS Credential Chain** - الملف الشخصي، مفاتيح الوصول، بيانات الاعتماد المشتركة، أدوار IAM، رموز Web Identity (EKS IRSA)، بيانات تعريف المثيل :::note عند تعيين bearer token (عبر `/connect` أو `AWS_BEARER_TOKEN_BEDROCK`)، ستكون له أولوية على جميع طرق بيانات اعتماد AWS بما في ذلك ملفات التعريف المضبوطة. diff --git a/packages/web/src/content/docs/bs/config.mdx b/packages/web/src/content/docs/bs/config.mdx index 3e20f1890d4..afa87732646 100644 --- a/packages/web/src/content/docs/bs/config.mdx +++ b/packages/web/src/content/docs/bs/config.mdx @@ -273,7 +273,7 @@ Amazon Bedrock podržava konfiguraciju specifičnu za AWS: - `profile` - AWS imenovani profil iz `~/.aws/credentials` (zadano na `AWS_PROFILE` env var) - `endpoint` - URL prilagođene krajnje tačke za VPC krajnje tačke. Ovo je alias za generičku opciju `baseURL` koristeći terminologiju specifičnu za AWS. Ako su oba navedena, `endpoint` ima prednost. :::note - Tokeni nosioca (`AWS_BEARER_TOKEN_BEDROCK` ili `/connect`) imaju prednost nad autentifikacijom zasnovanom na profilu. Pogledajte [prednost autentifikacije](/docs/providers#authentication-precedence) za detalje. + Tokeni nosioca (`AWS_BEARER_TOKEN_BEDROCK` ili `/connect`) imaju prednost nad svim ostalim metodama autentifikacije. IAM akreditivi pohranjeni putem `/connect` ubacuju se u AWS lanac akreditiva. Pogledajte [prednost autentifikacije](/docs/providers#authentication-precedence) za detalje. ::: [Saznajte više o konfiguraciji Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/bs/providers.mdx b/packages/web/src/content/docs/bs/providers.mdx index 2415cda2778..f5dd7cefc2d 100644 --- a/packages/web/src/content/docs/bs/providers.mdx +++ b/packages/web/src/content/docs/bs/providers.mdx @@ -135,6 +135,16 @@ Da biste koristili Amazon Bedrock s OpenCode: 2. **Konfigurirajte autentifikaciju** koristeći jedan od sljedećih metoda: + *** + + #### Naredba `/connect` + + Pokrenite naredbu `/connect`, odaberite **Amazon Bedrock** i izaberite jednu od opcija: + - **IAM akreditivi** — unesite svoj Access Key ID, Secret Access Key i regiju direktno u OpenCode. + - **Varijable okruženja** — pogledajte koje varijable okruženja trebate postaviti u svom shell profilu. + + *** + #### Varijable okruženja (Brzi početak) Postavite jednu od ovih varijabli okruženja dok pokrećete opencode: @@ -220,7 +230,8 @@ Opcija `endpoint` je pseudonim za generičku opciju `baseURL`, koristeći termin Amazon Bedrock koristi sljedeći prioritet autentifikacije: 1. **Token nosioca** - `AWS_BEARER_TOKEN_BEDROCK` varijabla okruženja ili token iz naredbe `/connect` -2. **AWS lanac vjerodajnica** - profil, pristupni ključevi, dijeljeni vjerodajnici, IAM uloge, tokeni web identiteta (EKS IRSA), metapodaci instance +2. **IAM Credentials** - Pohranjeno putem `/connect` > IAM akreditive (ubačeno u lanac akreditiva) +3. **AWS lanac vjerodajnica** - profil, pristupni ključevi, dijeljeni vjerodajnici, IAM uloge, tokeni web identiteta (EKS IRSA), metapodaci instance :::note Kada se postavi token nosioca (putem `/connect` ili `AWS_BEARER_TOKEN_BEDROCK`), on ima prednost nad svim AWS metodama akreditiva uključujući konfigurirane profile. diff --git a/packages/web/src/content/docs/config.mdx b/packages/web/src/content/docs/config.mdx index 038f253274e..ff65c2109db 100644 --- a/packages/web/src/content/docs/config.mdx +++ b/packages/web/src/content/docs/config.mdx @@ -295,7 +295,7 @@ Amazon Bedrock supports AWS-specific configuration: - `endpoint` - Custom endpoint URL for VPC endpoints. This is an alias for the generic `baseURL` option using AWS-specific terminology. If both are specified, `endpoint` takes precedence. :::note -Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` or `/connect`) take precedence over profile-based authentication. See [authentication precedence](/docs/providers#authentication-precedence) for details. +Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` or `/connect`) take precedence over all other auth methods. IAM credentials stored via `/connect` are injected into the AWS credential chain. See [authentication precedence](/docs/providers#authentication-precedence) for details. ::: [Learn more about Amazon Bedrock configuration](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/da/config.mdx b/packages/web/src/content/docs/da/config.mdx index 5b45f8b0486..0e43dbb39b9 100644 --- a/packages/web/src/content/docs/da/config.mdx +++ b/packages/web/src/content/docs/da/config.mdx @@ -292,7 +292,7 @@ Amazon Bedrock understøtter AWS-specifik konfiguration: - `endpoint` - Brugerdefineret slutpunkt URL for VPC-endepunkter. Dette er et alias for den generiske `baseURL`-indstilling, der bruger AWS-specifik terminologi. Hvis begge er angivet, har `endpoint` forrang. :::note -Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over profilbaseret godkendelse. Se [authentication precedence](/docs/providers#authentication-precedence) for detaljer. +Bearer tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over alle andre godkendelsesmetoder. IAM-legitimationsoplysninger gemt via `/connect` injiceres i AWS-legitimationskæden. Se [authentication precedence](/docs/providers#authentication-precedence) for detaljer. ::: [Learn more about Amazon Bedrock configuration](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/da/providers.mdx b/packages/web/src/content/docs/da/providers.mdx index 829ae46134b..b1a3a0264e0 100644 --- a/packages/web/src/content/docs/da/providers.mdx +++ b/packages/web/src/content/docs/da/providers.mdx @@ -130,6 +130,16 @@ Sådan bruger du Amazon Bedrock med OpenCode: 2. **Konfigurer godkendelse** ved at bruge en af følgende metoder: + *** + + #### Kommandoen `/connect` + + Kør kommandoen `/connect`, vælg **Amazon Bedrock**, og vælg enten: + - **IAM-legitimationsoplysninger** — indtast dit Access Key ID, Secret Access Key og region direkte i OpenCode. + - **Miljøvariabler** — se hvilke miljøvariabler der skal sættes i din shell-profil. + + *** + #### Miljøvariabler (hurtigstart) Angiv en af disse miljøvariabler, mens du kører opencode: @@ -212,7 +222,8 @@ Sådan bruger du Amazon Bedrock med OpenCode: Amazon Bedrock bruger følgende godkendelsesprioritet: 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` miljøvariabel eller token fra kommandoen `/connect` - 2. **AWS legitimationskæde** - profil, adgangsnøgler, delte legitimationsoplysninger, IAM roller, webidentitetstokens (EKS IRSA), instansmetadata + 2. **IAM Credentials** - Gemt via `/connect` > IAM-legitimationsoplysninger (injiceret i legitimationskæden) + 3. **AWS legitimationskæde** - profil, adgangsnøgler, delte legitimationsoplysninger, IAM roller, webidentitetstokens (EKS IRSA), instansmetadata :::note Når et bearer token er angivet (via `/connect` eller `AWS_BEARER_TOKEN_BEDROCK`), har det forrang over alle AWS godkendelsesmetoder inklusiv konfigurerede profiler. diff --git a/packages/web/src/content/docs/de/config.mdx b/packages/web/src/content/docs/de/config.mdx index 0a2040be7a1..eb5f6f6fa98 100644 --- a/packages/web/src/content/docs/de/config.mdx +++ b/packages/web/src/content/docs/de/config.mdx @@ -292,7 +292,7 @@ Amazon Bedrock unterstützt AWS-spezifische Konfigurationen: - `endpoint` – Benutzerdefinierter Endpunkt URL für VPC-Endpunkte. Dies ist ein Alias ​​​​für die generische Option `baseURL` unter Verwendung der AWS-spezifischen Terminologie. Wenn beide angegeben sind, hat `endpoint` Vorrang. :::note -Inhabertoken (`AWS_BEARER_TOKEN_BEDROCK` oder `/connect`) haben Vorrang vor der profilbasierten Authentifizierung. Weitere Informationen finden Sie unter [Authentifizierungs-Rangfolge](/docs/providers#authentication-precedence). +Inhabertoken (`AWS_BEARER_TOKEN_BEDROCK` oder `/connect`) haben Vorrang vor allen anderen Authentifizierungsmethoden. Über `/connect` gespeicherte IAM-Anmeldeinformationen werden in die AWS-Credential-Chain eingefügt. Weitere Informationen finden Sie unter [Authentifizierungs-Rangfolge](/docs/providers#authentication-precedence). ::: [Erfahren Sie mehr über die Amazon Bedrock-Konfiguration](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/de/providers.mdx b/packages/web/src/content/docs/de/providers.mdx index d72ac5af3de..e67b4594346 100644 --- a/packages/web/src/content/docs/de/providers.mdx +++ b/packages/web/src/content/docs/de/providers.mdx @@ -135,6 +135,16 @@ So verwenden Sie Amazon Bedrock mit OpenCode: 2. **Konfigurieren Sie die Authentifizierung** mit einer der folgenden Methoden: + *** + + #### Der Befehl `/connect` + + Führen Sie den Befehl `/connect` aus, wählen Sie **Amazon Bedrock** und wählen Sie eine der folgenden Optionen: + - **IAM-Anmeldeinformationen** — geben Sie Ihre Access Key ID, Ihren Secret Access Key und die Region direkt in OpenCode ein. + - **Umgebungsvariablen** — sehen Sie, welche Umgebungsvariablen in Ihrem Shell-Profil gesetzt werden müssen. + + *** + #### Umgebungsvariablen (Schnellstart) Legen Sie eine dieser Umgebungsvariablen fest, während Sie OpenCode ausführen: @@ -217,7 +227,8 @@ So verwenden Sie Amazon Bedrock mit OpenCode: Amazon Bedrock verwendet die folgende Authentifizierungspriorität: 1. **Bearer-Token** – `AWS_BEARER_TOKEN_BEDROCK`-Umgebungsvariable oder Token aus dem `/connect`-Befehl - 2. **AWS Anmeldeinformationskette** – Profil, Zugriffsschlüssel, gemeinsame Anmeldeinformationen, IAM Rollen, Web-Identitätstoken (EKS IRSA), Instanzmetadaten + 2. **IAM Credentials** - Gespeichert über `/connect` > IAM-Anmeldeinformationen (in die Credential Chain eingefügt) + 3. **AWS Anmeldeinformationskette** – Profil, Zugriffsschlüssel, gemeinsame Anmeldeinformationen, IAM Rollen, Web-Identitätstoken (EKS IRSA), Instanzmetadaten :::note Wenn ein Inhabertoken festgelegt ist (über `/connect` oder `AWS_BEARER_TOKEN_BEDROCK`), hat es Vorrang vor allen AWS-Anmeldeinformationsmethoden, einschließlich konfigurierter Profile. diff --git a/packages/web/src/content/docs/es/config.mdx b/packages/web/src/content/docs/es/config.mdx index c6142e69901..ea5b753859c 100644 --- a/packages/web/src/content/docs/es/config.mdx +++ b/packages/web/src/content/docs/es/config.mdx @@ -292,7 +292,7 @@ Amazon Bedrock admite la configuración específica de AWS: - `endpoint`: URL de punto de enlace personalizada para puntos de enlace de VPC. Este es un alias para la opción genérica `baseURL` que utiliza terminología específica de AWS. Si se especifican ambos, `endpoint` tiene prioridad. :::note -Los tokens de portador (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) tienen prioridad sobre la autenticación basada en perfil. Consulte [precedencia de autenticación](/docs/providers#authentication-precedence) para obtener más detalles. +Los tokens de portador (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) tienen prioridad sobre todos los demás métodos de autenticación. Las credenciales IAM almacenadas a través de `/connect` se inyectan en la cadena de credenciales de AWS. Consulte [precedencia de autenticación](/docs/providers#authentication-precedence) para obtener más detalles. ::: [Obtenga más información sobre la configuración de Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/es/providers.mdx b/packages/web/src/content/docs/es/providers.mdx index 8d86612538b..57cb6644e87 100644 --- a/packages/web/src/content/docs/es/providers.mdx +++ b/packages/web/src/content/docs/es/providers.mdx @@ -135,6 +135,16 @@ Para usar Amazon Bedrock con OpenCode: 2. **Configure la autenticación** utilizando uno de los siguientes métodos: + *** + + #### Comando `/connect` + + Ejecute el comando `/connect`, seleccione **Amazon Bedrock** y elija una de las opciones: + - **Credenciales IAM** — ingrese su Access Key ID, Secret Access Key y región directamente en OpenCode. + - **Variables de entorno** — vea qué variables de entorno configurar en su perfil de shell. + + *** + #### Variables de entorno (Inicio rápido) Establezca una de estas variables de entorno mientras ejecuta opencode: @@ -217,7 +227,8 @@ Para usar Amazon Bedrock con OpenCode: Amazon Bedrock utiliza la siguiente prioridad de autenticación: 1. **Bearer token** - variable de entorno `AWS_BEARER_TOKEN_BEDROCK` o token del comando `/connect` - 2. **AWS Cadena de credenciales**: perfil, claves de acceso, credenciales compartidas, roles de IAM, tokens de identidad web (EKS IRSA), metadatos de instancia + 2. **IAM Credentials** - Almacenadas a través de `/connect` > credenciales IAM (inyectadas en la cadena de credenciales) + 3. **AWS Cadena de credenciales**: perfil, claves de acceso, credenciales compartidas, roles de IAM, tokens de identidad web (EKS IRSA), metadatos de instancia :::nota Cuando se define un bearer token (a traves de `/connect` o `AWS_BEARER_TOKEN_BEDROCK`), tiene prioridad sobre todos los metodos de credenciales de AWS, incluidos los perfiles configurados. diff --git a/packages/web/src/content/docs/fr/config.mdx b/packages/web/src/content/docs/fr/config.mdx index 8c0d15e183a..d3d733b25e5 100644 --- a/packages/web/src/content/docs/fr/config.mdx +++ b/packages/web/src/content/docs/fr/config.mdx @@ -289,7 +289,7 @@ Amazon Bedrock prend en charge la configuration spécifique à AWS : - `endpoint` - Point de terminaison personnalisé URL pour les points de terminaison d'un VPC. Il s'agit d'un alias pour l'option générique `baseURL` utilisant la terminologie spécifique à AWS. Si les deux sont spécifiés, `endpoint` est prioritaire. :::note -Les jetons du porteur (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) ont priorité sur l'authentification basée sur le profil. Voir [précédence d'authentification](/docs/providers#authentication-precedence) pour plus de détails. +Les jetons du porteur (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) ont priorité sur toutes les autres méthodes d'authentification. Les identifiants IAM stockés via `/connect` sont injectés dans la chaîne de credentials AWS. Voir [précédence d'authentification](/docs/providers#authentication-precedence) pour plus de détails. ::: [En savoir plus sur la configuration d'Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/fr/providers.mdx b/packages/web/src/content/docs/fr/providers.mdx index b65e9c00a15..f558739b1e6 100644 --- a/packages/web/src/content/docs/fr/providers.mdx +++ b/packages/web/src/content/docs/fr/providers.mdx @@ -133,7 +133,17 @@ Pour utiliser Amazon Bedrock avec OpenCode : Vous devez avoir accès au modèle souhaité dans Amazon Bedrock. ::: -2. **Configurez l'authentification** à l'aide de l'une des méthodes suivantes : +2. **Configurez l'authentification** à l'aide de l'une des méthodes suivantes : + + *** + + #### Commande /connect + + Exécutez la commande `/connect`, sélectionnez **Amazon Bedrock**, puis choisissez : + - **IAM credentials** — saisissez votre Access Key ID, Secret Access Key et la région directement dans OpenCode. + - **Variables d'environnement** — consultez les variables d'environnement à définir dans votre profil shell. + + *** #### Variables d'environnement (démarrage rapide) @@ -220,7 +230,8 @@ L'option `endpoint` est un alias pour l'option générique `baseURL`, utilisant Amazon Bedrock utilise la priorité d'authentification suivante : 1. **Bearer Token** - Variable d'environnement `AWS_BEARER_TOKEN_BEDROCK` ou jeton de la commande `/connect` -2. **AWS Credential Chain** - Profil, clés d'accès, informations d'identification partagées, rôles IAM, jetons d'identité Web (EKS IRSA), métadonnées d'instance +2. **IAM Credentials** - Stockées via `/connect` > identifiants IAM (injectées dans la chaîne de credentials) +3. **AWS Credential Chain** - Profil, clés d'accès, informations d'identification partagées, rôles IAM, jetons d'identité Web (EKS IRSA), métadonnées d'instance :::note Lorsqu'un jeton de porteur est défini (via `/connect` ou `AWS_BEARER_TOKEN_BEDROCK`), il est prioritaire sur toutes les méthodes d'identification AWS, y compris les profils configurés. diff --git a/packages/web/src/content/docs/it/config.mdx b/packages/web/src/content/docs/it/config.mdx index c94cc59a9b3..93aba1ae676 100644 --- a/packages/web/src/content/docs/it/config.mdx +++ b/packages/web/src/content/docs/it/config.mdx @@ -288,7 +288,7 @@ Amazon Bedrock supporta una configurazione specifica per AWS: - `endpoint` - URL endpoint personalizzato per gli endpoint VPC. E un alias dell'opzione generica `baseURL` usando la terminologia AWS. Se sono specificati sia `endpoint` sia `baseURL`, `endpoint` ha precedenza. :::note -I bearer token (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) hanno precedenza sull'autenticazione basata su profilo. Vedi [ordine di precedenza dell'autenticazione](/docs/providers#authentication-precedence) per i dettagli. +I bearer token (`AWS_BEARER_TOKEN_BEDROCK` o `/connect`) hanno precedenza su tutti gli altri metodi di autenticazione. Le credenziali IAM memorizzate tramite `/connect` vengono iniettate nella catena delle credenziali AWS. Vedi [ordine di precedenza dell'autenticazione](/docs/providers#authentication-precedence) per i dettagli. ::: [Scopri di piu sulla configurazione di Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/it/providers.mdx b/packages/web/src/content/docs/it/providers.mdx index 9b4c07b665d..e3ca6c06a22 100644 --- a/packages/web/src/content/docs/it/providers.mdx +++ b/packages/web/src/content/docs/it/providers.mdx @@ -137,6 +137,14 @@ Per usare Amazon Bedrock con OpenCode: *** + #### Comando /connect + + Esegui il comando `/connect`, seleziona **Amazon Bedrock** e scegli tra: + - **IAM credentials** — inserisci Access Key ID, Secret Access Key e regione direttamente in OpenCode. + - **Variabili d'ambiente** — visualizza quali variabili d'ambiente impostare nel tuo profilo shell. + + *** + #### Variabili d'ambiente (Avvio rapido) Imposta una di queste variabili d'ambiente mentre esegui opencode: @@ -227,7 +235,8 @@ Per usare Amazon Bedrock con OpenCode: Amazon Bedrock usa la seguente priorità di autenticazione: 1. **Bearer Token** - Variabile d'ambiente `AWS_BEARER_TOKEN_BEDROCK` o token dal comando `/connect` - 2. **AWS Credential Chain** - Profilo, chiavi di accesso, credenziali condivise, ruoli IAM, Web Identity Tokens (EKS IRSA), metadati istanza + 2. **IAM Credentials** - Memorizzate tramite `/connect` > credenziali IAM (iniettate nella catena delle credenziali) + 3. **AWS Credential Chain** - Profilo, chiavi di accesso, credenziali condivise, ruoli IAM, Web Identity Tokens (EKS IRSA), metadati istanza :::note Quando è impostato un bearer token (tramite `/connect` o `AWS_BEARER_TOKEN_BEDROCK`), ha la precedenza su tutti i metodi di credenziali AWS inclusi i profili configurati. diff --git a/packages/web/src/content/docs/ja/config.mdx b/packages/web/src/content/docs/ja/config.mdx index 114336d43c9..032f626053c 100644 --- a/packages/web/src/content/docs/ja/config.mdx +++ b/packages/web/src/content/docs/ja/config.mdx @@ -290,7 +290,7 @@ Amazon Bedrock は、AWS 固有の設定をサポートしています。 - `endpoint` - VPC エンドポイントのカスタムエンドポイント URL。これは、AWS 固有の用語を使用した汎用 `baseURL` オプションのエイリアスです。両方を指定した場合は、`endpoint` が優先されます。 :::note -ベアラー トークン (`AWS_BEARER_TOKEN_BEDROCK` または `/connect`) は、プロファイルベースの認証より優先されます。詳細については、「認証優先順位](/docs/providers#authentication-precedence)」を参照してください。 +ベアラー トークン (`AWS_BEARER_TOKEN_BEDROCK` または `/connect`) は、他のすべての認証方法より優先されます。`/connect` 経由で保存された IAM 認証情報は AWS 認証チェーンに注入されます。詳細については、「認証優先順位](/docs/providers#authentication-precedence)」を参照してください。 ::: [Amazon Bedrock 設定 ](/docs/providers#amazon-bedrock) の詳細をご覧ください。 diff --git a/packages/web/src/content/docs/ja/providers.mdx b/packages/web/src/content/docs/ja/providers.mdx index 2602f8ef22a..dd12c1b0a6a 100644 --- a/packages/web/src/content/docs/ja/providers.mdx +++ b/packages/web/src/content/docs/ja/providers.mdx @@ -135,6 +135,16 @@ Amazon Bedrock で必要なモデルにアクセスできる必要がありま 2. **次のいずれかの方法を使用して認証を構成します**。 + *** + + #### /connect コマンド + + `/connect` コマンドを実行し、**Amazon Bedrock** を選択してから、次のいずれかを選択します: + - **IAM credentials** — Access Key ID、Secret Access Key、リージョンを OpenCode に直接入力します。 + - **環境変数** — シェルプロファイルに設定する環境変数を確認します。 + + *** + #### 環境変数 (クイックスタート) opencode の実行中に次の環境変数のいずれかを設定します。 @@ -220,7 +230,8 @@ Bedrock の VPC エンドポイントを使用している場合: Amazon Bedrock は次の認証優先度を使用します。 1. **ベアラー トークン** - `AWS_BEARER_TOKEN_BEDROCK` 環境変数または `/connect` コマンドからのトークン -2. **AWS 認証情報チェーン** - プロファイル、アクセスキー、共有認証情報、IAM ロール、Web ID トークン (EKS IRSA)、インスタンスメタデータ +2. **IAM Credentials** - `/connect` > IAM 認証情報で保存(認証チェーンに注入) +3. **AWS 認証情報チェーン** - プロファイル、アクセスキー、共有認証情報、IAM ロール、Web ID トークン (EKS IRSA)、インスタンスメタデータ :::note ベアラー トークンが (`/connect` または `AWS_BEARER_TOKEN_BEDROCK` 経由で) 設定されると、設定されたプロファイルを含むすべての AWS 認証情報方法よりも優先されます。 diff --git a/packages/web/src/content/docs/ko/config.mdx b/packages/web/src/content/docs/ko/config.mdx index e906eaf47b2..05568ca6a74 100644 --- a/packages/web/src/content/docs/ko/config.mdx +++ b/packages/web/src/content/docs/ko/config.mdx @@ -288,7 +288,7 @@ Amazon Bedrock은 AWS 전용 config를 지원합니다. - `endpoint` - VPC endpoint용 custom endpoint URL입니다. AWS 용어를 사용한 일반 `baseURL` 옵션의 별칭(alias)입니다. 둘 다 지정하면 `endpoint`가 우선합니다. :::note -Bearer token(`AWS_BEARER_TOKEN_BEDROCK` 또는 `/connect`)은 profile 기반 인증보다 우선합니다. 자세한 내용은 [authentication precedence](/docs/providers#authentication-precedence)를 참고하세요. +Bearer token(`AWS_BEARER_TOKEN_BEDROCK` 또는 `/connect`)은 다른 모든 인증 방법보다 우선합니다. `/connect`를 통해 저장된 IAM 자격 증명은 AWS 자격 증명 체인에 주입됩니다. 자세한 내용은 [authentication precedence](/docs/providers#authentication-precedence)를 참고하세요. ::: [Amazon Bedrock config 더 알아보기](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/ko/providers.mdx b/packages/web/src/content/docs/ko/providers.mdx index ea48dbfb0a9..130ff3bf269 100644 --- a/packages/web/src/content/docs/ko/providers.mdx +++ b/packages/web/src/content/docs/ko/providers.mdx @@ -133,6 +133,15 @@ OpenCode로 Amazon Bedrock을 사용하려면: --- +#### /connect 명령 + +`/connect` 명령을 실행하고 **Amazon Bedrock**을 선택한 다음 다음 중 하나를 선택합니다: + +- **IAM credentials** — Access Key ID, Secret Access Key 및 리전을 OpenCode에 직접 입력합니다. +- **환경 변수** — 셸 프로필에 설정할 환경 변수를 확인합니다. + +--- + ### 환경 변수 (빠른 시작) OpenCode를 실행하는 동안 다음 환경 변수 중 하나를 설정합니다: @@ -226,7 +235,8 @@ Bedrock의 VPC 엔드포인트를 사용하는 경우: Amazon Bedrock은 다음과 같은 인증 우선 순위를 사용합니다. 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` 환경 변수 또는 `/connect` 명령의 토큰 -2. **AWS Credential Chain** - 프로필, 액세스 키, 공유 자격 증명, IAM 역할, 웹 ID 토큰 (EKS IRSA), 인스턴스 메타데이터 +2. **IAM Credentials** - `/connect` > IAM 자격 증명으로 저장 (자격 증명 체인에 주입) +3. **AWS Credential Chain** - 프로필, 액세스 키, 공유 자격 증명, IAM 역할, 웹 ID 토큰 (EKS IRSA), 인스턴스 메타데이터 :::note Bearer 토큰을 설정할 때 (`/connect` 또는 `AWS_BEARER_TOKEN_BEDROCK`를 통해), 구성된 프로필을 포함한 모든 AWS 자격 증명 방법보다 우선 순위가 높습니다. diff --git a/packages/web/src/content/docs/nb/config.mdx b/packages/web/src/content/docs/nb/config.mdx index 8f54335794c..34ea6ccc40b 100644 --- a/packages/web/src/content/docs/nb/config.mdx +++ b/packages/web/src/content/docs/nb/config.mdx @@ -292,7 +292,7 @@ Amazon Bedrock støtter AWS-spesifikk konfigurasjon: - `endpoint` - Egendefinert endepunkt URL for VPC endepunkter. Dette er et alias for det generiske `baseURL`-alternativet som bruker AWS-spesifikk terminologi. Hvis begge er spesifisert, har `endpoint` forrang. :::note -Bærer-tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over profilbasert autentisering. Se [autentiseringsprioritet](/docs/providers#authentication-precedence) for detaljer. +Bærer-tokens (`AWS_BEARER_TOKEN_BEDROCK` eller `/connect`) har forrang over alle andre autentiseringsmetoder. IAM-legitimasjon lagret via `/connect` injiseres i AWS-legitimasjonskjeden. Se [autentiseringsprioritet](/docs/providers#authentication-precedence) for detaljer. ::: [Les mer om konfigurasjon av Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/nb/providers.mdx b/packages/web/src/content/docs/nb/providers.mdx index 58d325cab8c..90d55de8946 100644 --- a/packages/web/src/content/docs/nb/providers.mdx +++ b/packages/web/src/content/docs/nb/providers.mdx @@ -135,6 +135,16 @@ Slik bruker du Amazon Bedrock med OpenCode: 2. **Konfigurer autentisering** ved å bruke en av følgende metoder: + *** + + #### /connect-kommando + + Kjør `/connect`-kommandoen, velg **Amazon Bedrock**, og velg mellom: + - **IAM credentials** — skriv inn Access Key ID, Secret Access Key og region direkte i OpenCode. + - **Miljøvariabler** — se hvilke miljøvariabler som skal settes i shell-profilen din. + + *** + #### Miljøvariabler (hurtigstart) Angi en av disse miljøvariablene mens du kjører OpenCode: @@ -217,7 +227,8 @@ Slik bruker du Amazon Bedrock med OpenCode: Amazon Bedrock bruker følgende autentiseringsprioritet: 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` miljøvariabel eller token fra kommandoen `/connect` - 2. **AWS legitimasjonskjede** - profil, tilgangsnøkler, delt legitimasjon, IAM roller, nettidentitetstokener (EKS IRSA), forekomstmetadata + 2. **IAM Credentials** - Lagret via `/connect` > IAM-legitimasjon (injisert i legitimasjonskjeden) + 3. **AWS legitimasjonskjede** - profil, tilgangsnøkler, delt legitimasjon, IAM roller, nettidentitetstokener (EKS IRSA), forekomstmetadata :::note Når et bærertoken er angitt (via `/connect` eller `AWS_BEARER_TOKEN_BEDROCK`), har det forrang over alle AWS legitimasjonsmetoder inkludert konfigurerte profiler. diff --git a/packages/web/src/content/docs/pl/config.mdx b/packages/web/src/content/docs/pl/config.mdx index cde2e312eaa..c3d56fb73de 100644 --- a/packages/web/src/content/docs/pl/config.mdx +++ b/packages/web/src/content/docs/pl/config.mdx @@ -288,7 +288,7 @@ Amazon Bedrock umożliwia konfigurację połączenia z AWS: - `endpoint` — Niestandardowy adres URL punktu końcowego (np. dla punktów końcowych VPC). Jest to alias dla opcji ogólnej `baseURL` przy użyciu terminologii AWS. Jeśli podano oba, pierwszeństwo ma `endpoint`. :::note -Token okaziciela (`AWS_BEARER_TOKEN_BEDROCK` lub `/connect`) ma pierwszeństwo przed uwierzytelnianiem opartym na profilu. Aby uzyskać szczegółowe informacje, zobacz [pierwszeństwo uwierzytelniania](/docs/providers#authentication-precedence). +Token okaziciela (`AWS_BEARER_TOKEN_BEDROCK` lub `/connect`) ma pierwszeństwo przed wszystkimi innymi metodami uwierzytelniania. Dane uwierzytelniające IAM przechowywane przez `/connect` są wstrzykiwane do łańcucha poświadczeń AWS. Aby uzyskać szczegółowe informacje, zobacz [pierwszeństwo uwierzytelniania](/docs/providers#authentication-precedence). ::: [Dowiedz się więcej o Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/pl/providers.mdx b/packages/web/src/content/docs/pl/providers.mdx index 58f824764ef..4770d3acb26 100644 --- a/packages/web/src/content/docs/pl/providers.mdx +++ b/packages/web/src/content/docs/pl/providers.mdx @@ -135,6 +135,16 @@ Aby używać Amazon Bedrock z opencode: 2. **Skonfiguruj uwierzytelnianie** przy użyciu jednej z następujących metod: + *** + + #### Komenda /connect + + Uruchom komendę `/connect`, wybierz **Amazon Bedrock**, a następnie wybierz: + - **IAM credentials** — wprowadź Access Key ID, Secret Access Key i region bezpośrednio w OpenCode. + - **Zmienne środowiskowe** — sprawdź, które zmienne środowiskowe ustawić w profilu powłoki. + + *** + #### Zmienne środowiskowe (Szybki start) Ustaw jedną z tych zmiennych środowiskowych podczas uruchamiania opencode: @@ -217,7 +227,8 @@ Aby używać Amazon Bedrock z opencode: Amazon Bedrock wykorzystuje następujący priorytet uwierzytelniania: 1. **Token nośnika** - zmienna środowiskowa `AWS_BEARER_TOKEN_BEDROCK` lub token z komendy `/connect` - 2. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata + 2. **IAM Credentials** - Przechowywane przez `/connect` > dane uwierzytelniające IAM (wstrzykiwane do łańcucha poświadczeń) + 3. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata :::note Gdy ustawisz bearer token (przez `/connect` lub `AWS_BEARER_TOKEN_BEDROCK`), ma on pierwszeństwo nad wszystkimi metodami poświadczeń AWS, w tym profilami. diff --git a/packages/web/src/content/docs/providers.mdx b/packages/web/src/content/docs/providers.mdx index 34e3626499c..fb0b4e00148 100644 --- a/packages/web/src/content/docs/providers.mdx +++ b/packages/web/src/content/docs/providers.mdx @@ -169,6 +169,14 @@ To use Amazon Bedrock with OpenCode: *** + #### /connect Command + + Run the `/connect` command, select **Amazon Bedrock**, and choose either: + - **IAM credentials** — enter your Access Key ID, Secret Access Key, and region directly in OpenCode. + - **Environment variables** — view which env vars to set in your shell profile. + + *** + #### Environment Variables (Quick Start) Set one of these environment variables while running opencode: @@ -259,7 +267,8 @@ To use Amazon Bedrock with OpenCode: Amazon Bedrock uses the following authentication priority: 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` environment variable or token from `/connect` command - 2. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata + 2. **IAM Credentials** - Stored via `/connect` > IAM credentials (injected into credential chain) + 3. **AWS Credential Chain** - Profile, access keys, shared credentials, IAM roles, Web Identity Tokens (EKS IRSA), instance metadata :::note When a bearer token is set (via `/connect` or `AWS_BEARER_TOKEN_BEDROCK`), it takes precedence over all AWS credential methods including configured profiles. diff --git a/packages/web/src/content/docs/pt-br/config.mdx b/packages/web/src/content/docs/pt-br/config.mdx index 405c5379456..9cdb1f4b158 100644 --- a/packages/web/src/content/docs/pt-br/config.mdx +++ b/packages/web/src/content/docs/pt-br/config.mdx @@ -289,7 +289,7 @@ Amazon Bedrock suporta configuração específica da AWS: - `endpoint` - URL de endpoint personalizada para endpoints VPC. Este é um alias para a opção genérica `baseURL` usando terminologia específica da AWS. Se ambos forem especificados, `endpoint` tem precedência. :::note -Tokens Bearer (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) têm precedência sobre a autenticação baseada em perfil. Veja [precedência de autenticação](/docs/providers#authentication-precedence) para detalhes. +Tokens Bearer (`AWS_BEARER_TOKEN_BEDROCK` ou `/connect`) têm precedência sobre todos os outros métodos de autenticação. Credenciais IAM armazenadas via `/connect` são injetadas na cadeia de credenciais AWS. Veja [precedência de autenticação](/docs/providers#authentication-precedence) para detalhes. ::: [Saiba mais sobre a configuração do Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/pt-br/providers.mdx b/packages/web/src/content/docs/pt-br/providers.mdx index 43f2e385f13..282532e049d 100644 --- a/packages/web/src/content/docs/pt-br/providers.mdx +++ b/packages/web/src/content/docs/pt-br/providers.mdx @@ -130,6 +130,16 @@ Para usar o Amazon Bedrock com o opencode: 2. **Configure a autenticação** usando um dos seguintes métodos: + *** + + #### Comando /connect + + Execute o comando `/connect`, selecione **Amazon Bedrock** e escolha uma das opções: + - **IAM credentials** — insira seu Access Key ID, Secret Access Key e região diretamente no OpenCode. + - **Environment variables** — veja quais variáveis de ambiente definir no seu perfil bash. + + *** + #### Variáveis de Ambiente (Início Rápido) Defina uma dessas variáveis de ambiente ao executar o opencode: @@ -212,7 +222,8 @@ Para usar o Amazon Bedrock com o opencode: O Amazon Bedrock usa a seguinte prioridade de autenticação: 1. **Bearer Token** - variável de ambiente `AWS_BEARER_TOKEN_BEDROCK` ou token do comando `/connect` - 2. **Cadeia de Credenciais da AWS** - Perfil, chaves de acesso, credenciais compartilhadas, funções IAM, Tokens de Identidade da Web (EKS IRSA), metadados da instância + 2. **IAM Credentials** - Armazenadas via `/connect` > credenciais IAM (injetadas na cadeia de credenciais) + 3. **Cadeia de Credenciais da AWS** - Perfil, chaves de acesso, credenciais compartilhadas, funções IAM, Tokens de Identidade da Web (EKS IRSA), metadados da instância :::note Quando um token bearer é definido (via `/connect` ou `AWS_BEARER_TOKEN_BEDROCK`), ele tem precedência sobre todos os métodos de credenciais da AWS, incluindo perfis configurados. diff --git a/packages/web/src/content/docs/ru/config.mdx b/packages/web/src/content/docs/ru/config.mdx index 14af31cfd76..b3ced643fbf 100644 --- a/packages/web/src/content/docs/ru/config.mdx +++ b/packages/web/src/content/docs/ru/config.mdx @@ -289,7 +289,7 @@ Amazon Bedrock поддерживает конфигурацию, специфи - `endpoint` — URL-адрес пользовательской конечной точки для конечных точек VPC. Это псевдоним общего параметра `baseURL`, использующий терминологию, специфичную для AWS. Если указаны оба параметра, `endpoint` имеет приоритет. :::note -Токены носителя (`AWS_BEARER_TOKEN_BEDROCK` или `/connect`) имеют приоритет над аутентификацией на основе профиля. Подробности см. в [приоритет аутентификации](/docs/providers#authentication-precedence). +Токены носителя (`AWS_BEARER_TOKEN_BEDROCK` или `/connect`) имеют приоритет над всеми другими методами аутентификации. Учетные данные IAM, сохраненные через `/connect`, внедряются в цепочку учетных данных AWS. Подробности см. в [приоритет аутентификации](/docs/providers#authentication-precedence). ::: [Подробнее о конфигурации Amazon Bedrock](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/ru/providers.mdx b/packages/web/src/content/docs/ru/providers.mdx index 5984c89f43b..8e04c441edf 100644 --- a/packages/web/src/content/docs/ru/providers.mdx +++ b/packages/web/src/content/docs/ru/providers.mdx @@ -134,6 +134,16 @@ OpenCode Zen — это список моделей, предоставленн 2. **Настройте аутентификацию** одним из следующих способов: + *** + + #### Команда /connect + + Выполните команду `/connect`, выберите **Amazon Bedrock** и выберите один из вариантов: + - **IAM credentials** — введите Access Key ID, Secret Access Key и регион прямо в OpenCode. + - **Environment variables** — посмотрите, какие переменные среды необходимо задать в профиле bash. + + *** + #### Переменные среды (быстрый старт) Установите одну из этих переменных среды при запуске opencode: @@ -215,8 +225,9 @@ OpenCode Zen — это список моделей, предоставленн #### Приоритет аутентификации Amazon Bedrock использует следующий приоритет аутентификации: - 1. **Токен носителя** — переменная среды `AWS_BEARER_TOKEN_BEDROCK` или токен из команды `/connect`. - 2. **Цепочка учетных данных AWS** — профиль, ключи доступа, общие учетные данные, роли IAM, токены веб-идентификации (EKS IRSA), метаданные экземпляра. + 1. **Токен носителя** — переменная среды `AWS_BEARER_TOKEN_BEDROCK` или токен из команды `/connect`. + 2. **IAM Credentials** - Сохранены через `/connect` > учетные данные IAM (внедряются в цепочку учетных данных) + 3. **Цепочка учетных данных AWS** — профиль, ключи доступа, общие учетные данные, роли IAM, токены веб-идентификации (EKS IRSA), метаданные экземпляра. :::note Когда токен-носитель установлен (через `/connect` или `AWS_BEARER_TOKEN_BEDROCK`), он имеет приоритет над всеми методами учетных данных AWS, включая настроенные профили. diff --git a/packages/web/src/content/docs/th/config.mdx b/packages/web/src/content/docs/th/config.mdx index 06836aca3be..018ec09f2ef 100644 --- a/packages/web/src/content/docs/th/config.mdx +++ b/packages/web/src/content/docs/th/config.mdx @@ -292,7 +292,7 @@ Amazon Bedrock รองรับ AWS-การกำหนดค่าเฉพ - `endpoint` - ​​จุดสิ้นสุดที่กำหนดเอง URL สำหรับจุดสิ้นสุด VPC นี่เป็นนามแฝงสำหรับตัวเลือก `baseURL` ทั่วไปโดยใช้คำศัพท์เฉพาะ AWS หากระบุทั้งสองรายการ `endpoint` จะมีความสำคัญกว่า :::note -Bearer Token (`AWS_BEARER_TOKEN_BEDROCK` หรือ `/connect`) มีความสำคัญมากกว่าการตรวจสอบสิทธิ์ตามโปรไฟล์ ดู [ลำดับความสำคัญในการรับรองความถูกต้อง](/docs/providers#การรับรองความถูกต้อง-เหนือกว่า) สำหรับรายละเอียด +Bearer Token (`AWS_BEARER_TOKEN_BEDROCK` หรือ `/connect`) มีความสำคัญมากกว่าวิธีการตรวจสอบสิทธิ์อื่นๆ ทั้งหมด ข้อมูลรับรอง IAM ที่จัดเก็บผ่าน `/connect` จะถูกฉีดเข้าสู่ AWS credential chain ดู [ลำดับความสำคัญในการรับรองความถูกต้อง](/docs/providers#การรับรองความถูกต้อง-เหนือกว่า) สำหรับรายละเอียด ::: [เรียนรู้เพิ่มเติมเกี่ยวกับการกำหนดค่า Amazon Bedrock](/docs/providers#amazon-bedrock) diff --git a/packages/web/src/content/docs/th/providers.mdx b/packages/web/src/content/docs/th/providers.mdx index e9fbb351d7d..4039e16de4b 100644 --- a/packages/web/src/content/docs/th/providers.mdx +++ b/packages/web/src/content/docs/th/providers.mdx @@ -135,6 +135,16 @@ OpenCode Zen คือรายชื่อโมเดลที่จัดท 2. **กำหนดค่าการตรวจสอบสิทธิ์** โดยใช้วิธีใดวิธีหนึ่งต่อไปนี้: + *** + + #### คำสั่ง /connect + + เรียกใช้คำสั่ง `/connect` เลือก **Amazon Bedrock** และเลือกอย่างใดอย่างหนึ่ง: + - **IAM credentials** — ป้อน Access Key ID, Secret Access Key และ region โดยตรงใน OpenCode + - **Environment variables** — ดูตัวแปรสภาพแวดล้อมที่ต้องตั้งค่าในโปรไฟล์ shell ของคุณ + + *** + #### ตัวแปรสภาพแวดล้อม (เริ่มต้นอย่างรวดเร็ว) ตั้งค่าหนึ่งในตัวแปรสภาพแวดล้อมเหล่านี้ขณะเรียกใช้ opencode: @@ -217,7 +227,8 @@ OpenCode Zen คือรายชื่อโมเดลที่จัดท Amazon Bedrock ใช้ลำดับความสำคัญในการรับรองความถูกต้องต่อไปนี้: 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` ตัวแปรสภาพแวดล้อมหรือโทเค็นจากคำสั่ง `/connect` - 2. **AWS Credential Chain** - โปรไฟล์, คีย์การเข้าถึง, ข้อมูลประจำตัวที่แชร์, บทบาท IAM, โทเค็นข้อมูลประจำตัวของเว็บ (EKS IRSA), ข้อมูลเมตาของอินสแตนซ์ + 2. **IAM Credentials** - จัดเก็บผ่าน `/connect` > ข้อมูลรับรอง IAM (ถูกฉีดเข้าสู่ credential chain) + 3. **AWS Credential Chain** - โปรไฟล์, คีย์การเข้าถึง, ข้อมูลประจำตัวที่แชร์, บทบาท IAM, โทเค็นข้อมูลประจำตัวของเว็บ (EKS IRSA), ข้อมูลเมตาของอินสแตนซ์ :::note เมื่อตั้งค่าBearer Token (ผ่าน `/connect` หรือ `AWS_BEARER_TOKEN_BEDROCK`) โทเค็นนั้นจะมีความสำคัญเหนือกว่าวิธีการข้อมูลประจำตัว AWS ทั้งหมด รวมถึงโปรไฟล์ที่กำหนดค่าไว้ diff --git a/packages/web/src/content/docs/tr/config.mdx b/packages/web/src/content/docs/tr/config.mdx index fe60991c626..e13d8b27ced 100644 --- a/packages/web/src/content/docs/tr/config.mdx +++ b/packages/web/src/content/docs/tr/config.mdx @@ -292,7 +292,7 @@ Amazon Bedrock, AWS'a özgü yapılandırmayı destekler: - `endpoint` - VPC uç noktaları için özel uç nokta URL. Bu, AWS'e özgü terminolojiyi kullanan genel `baseURL` seçeneğinin takma adıdır. Her ikisi de belirtilirse `endpoint` öncelikli olur. :::note -Taşıyıcı belirteçleri (`AWS_BEARER_TOKEN_BEDROCK` veya `/connect`) profil tabanlı kimlik doğrulamaya göre önceliklidir. Ayrıntılar için [authentication precedence](/docs/providers#authentication-precedence)'ye bakın. +Taşıyıcı belirteçleri (`AWS_BEARER_TOKEN_BEDROCK` veya `/connect`) diğer tüm kimlik doğrulama yöntemlerine göre önceliklidir. `/connect` aracılığıyla saklanan IAM kimlik bilgileri AWS kimlik bilgisi zincirine enjekte edilir. Ayrıntılar için [authentication precedence](/docs/providers#authentication-precedence)'ye bakın. ::: [Amazon Bedrock yapılandırması hakkında daha fazla bilgi](/docs/providers#amazon-bedrock). diff --git a/packages/web/src/content/docs/tr/providers.mdx b/packages/web/src/content/docs/tr/providers.mdx index efe5ff9afa4..db9fd0749a9 100644 --- a/packages/web/src/content/docs/tr/providers.mdx +++ b/packages/web/src/content/docs/tr/providers.mdx @@ -135,6 +135,16 @@ Amazon Bedrock'u opencode ile kullanmak için: 2. **Kimlik doğrulamayı yapılandırın**: Aşağıdaki yöntemlerden birini kullanın: + *** + + #### /connect Komutu + + `/connect` komutunu çalıştırın, **Amazon Bedrock**'u seçin ve şunlardan birini seçin: + - **IAM credentials** — Access Key ID, Secret Access Key ve bölgenizi doğrudan OpenCode'a girin. + - **Environment variables** — kabuk profilinizde hangi ortam değişkenlerini ayarlamanız gerektiğini görün. + + *** + #### Ortam Değişkenleri (Hızlı Başlangıç) opencode'u çalıştırırken bu ortam değişkenlerinden birini ayarlayın: @@ -219,7 +229,8 @@ Bedrock için VPC uç noktaları kullanıyorsanız: Amazon Bedrock aşağıdaki kimlik doğrulama önceliğini kullanır: 1. **Taşıyıcı Belirteç** - `AWS_BEARER_TOKEN_BEDROCK` ortam değişkeni veya `/connect` komutundan belirteç -2. **AWS Credential Chain** - Profil, erişim anahtarları, paylaşılan kimlik bilgileri, IAM rolleri, Web Identity Tokens (EKS IRSA), örnek meta verileri +2. **IAM Credentials** - `/connect` > IAM kimlik bilgileri ile saklanır (kimlik bilgisi zincirine enjekte edilir) +3. **AWS Credential Chain** - Profil, erişim anahtarları, paylaşılan kimlik bilgileri, IAM rolleri, Web Identity Tokens (EKS IRSA), örnek meta verileri :::note Bir taşıyıcı belirteç ayarlandığında (`/connect` veya `AWS_BEARER_TOKEN_BEDROCK` yoluyla), yapılandırılmış profiller dahil olmak üzere tüm AWS kimlik bilgisi yöntemlerine göre öncelik kazanır. diff --git a/packages/web/src/content/docs/zh-cn/config.mdx b/packages/web/src/content/docs/zh-cn/config.mdx index 8ed3c8fbee3..bac172918c1 100644 --- a/packages/web/src/content/docs/zh-cn/config.mdx +++ b/packages/web/src/content/docs/zh-cn/config.mdx @@ -288,7 +288,7 @@ Amazon Bedrock 支持 AWS 特定配置: - `endpoint` - VPC 端点的自定义端点 URL。这是通用 `baseURL` 选项使用 AWS 特定术语的别名。如果两者都指定,`endpoint` 优先。 :::note -Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)优先于基于配置文件的身份验证。详情请参见[身份验证优先级](/docs/providers#authentication-precedence)。 +Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)优先于所有其他身份验证方法。通过 `/connect` 存储的 IAM 凭证会注入 AWS 凭证链。详情请参见[身份验证优先级](/docs/providers#authentication-precedence)。 ::: [了解更多关于 Amazon Bedrock 配置的信息](/docs/providers#amazon-bedrock)。 diff --git a/packages/web/src/content/docs/zh-cn/providers.mdx b/packages/web/src/content/docs/zh-cn/providers.mdx index 9c1616876d7..727a4810360 100644 --- a/packages/web/src/content/docs/zh-cn/providers.mdx +++ b/packages/web/src/content/docs/zh-cn/providers.mdx @@ -133,6 +133,14 @@ OpenCode Zen 是由 OpenCode 团队提供的模型列表,这些模型已经过 *** + #### /connect 命令 + + 执行 `/connect` 命令,选择 **Amazon Bedrock**,然后选择以下选项之一: + - **IAM credentials** — 直接在 OpenCode 中输入你的 Access Key ID、Secret Access Key 和区域。 + - **Environment variables** — 查看需要在 shell 配置文件中设置哪些环境变量。 + + *** + #### 环境变量(快速上手) 运行 opencode 时设置以下环境变量之一: @@ -223,7 +231,8 @@ OpenCode Zen 是由 OpenCode 团队提供的模型列表,这些模型已经过 Amazon Bedrock 使用以下认证优先级: 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` 环境变量或通过 `/connect` 命令获取的 Token - 2. **AWS 凭证链** - 配置文件、访问密钥、共享凭证、IAM 角色、Web Identity Token(EKS IRSA)、实例元数据 + 2. **IAM 凭证** - 通过 `/connect` > IAM 凭证存储(注入凭证链) + 3. **AWS 凭证链** - 配置文件、访问密钥、共享凭证、IAM 角色、Web Identity Token(EKS IRSA)、实例元数据 :::note 当设置了 Bearer Token(通过 `/connect` 或 `AWS_BEARER_TOKEN_BEDROCK`)时,它的优先级高于所有 AWS 凭证方式,包括已配置的配置文件。 diff --git a/packages/web/src/content/docs/zh-tw/config.mdx b/packages/web/src/content/docs/zh-tw/config.mdx index 3715dd0c9f7..99eb72315ec 100644 --- a/packages/web/src/content/docs/zh-tw/config.mdx +++ b/packages/web/src/content/docs/zh-tw/config.mdx @@ -288,7 +288,7 @@ Amazon Bedrock 支援 AWS 特定設定: - `endpoint` - VPC 端點的自訂端點 URL。這是通用 `baseURL` 選項使用 AWS 特定術語的別名。如果兩者都指定,`endpoint` 優先。 :::note -Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)優先於基於設定檔的身分驗證。詳情請參見[認證優先級](/docs/providers#authentication-precedence)。 +Bearer Token(`AWS_BEARER_TOKEN_BEDROCK` 或 `/connect`)優先於所有其他身分驗證方法。透過 `/connect` 儲存的 IAM 憑證會注入 AWS 憑證鏈。詳情請參見[認證優先級](/docs/providers#authentication-precedence)。 ::: [了解更多關於 Amazon Bedrock 設定的資訊](/docs/providers#amazon-bedrock)。 diff --git a/packages/web/src/content/docs/zh-tw/providers.mdx b/packages/web/src/content/docs/zh-tw/providers.mdx index 12c4ded4e36..63ea1b370e6 100644 --- a/packages/web/src/content/docs/zh-tw/providers.mdx +++ b/packages/web/src/content/docs/zh-tw/providers.mdx @@ -131,6 +131,16 @@ OpenCode Zen 是由 OpenCode 團隊提供的模型列表,這些模型已經過 2. 使用以下方法之一**設定身分驗證**: + *** + + #### /connect 指令 + + 執行 `/connect` 指令,選擇 **Amazon Bedrock**,然後選擇以下選項之一: + - **IAM credentials** — 直接在 OpenCode 中輸入您的 Access Key ID、Secret Access Key 和區域。 + - **Environment variables** — 查看需要在 shell 設定檔中設定哪些環境變數。 + + *** + #### 環境變數(快速上手) 執行 opencode 時設定以下環境變數之一: @@ -213,7 +223,8 @@ OpenCode Zen 是由 OpenCode 團隊提供的模型列表,這些模型已經過 Amazon Bedrock 使用以下認證優先順序: 1. **Bearer Token** - `AWS_BEARER_TOKEN_BEDROCK` 環境變數或透過 `/connect` 指令取得的 Token - 2. **AWS 憑證鏈** - 設定檔、存取金鑰、共享憑證、IAM 角色、Web Identity Token(EKS IRSA)、執行個體中繼資料 + 2. **IAM 憑證** - 透過 `/connect` > IAM 憑證儲存(注入憑證鏈) + 3. **AWS 憑證鏈** - 設定檔、存取金鑰、共享憑證、IAM 角色、Web Identity Token(EKS IRSA)、執行個體中繼資料 :::note 當設定了 Bearer Token(透過 `/connect` 或 `AWS_BEARER_TOKEN_BEDROCK`)時,它的優先順序高於所有 AWS 憑證方式,包括已設定的設定檔。