Identity-Based Authentication for AWS Bedrock AI
Drop-in replacement for AWS Bedrock SDK with cryptographic identity. Every message signed, every agent verified, zero cascading failures. Supports Claude, Titan, and all Bedrock models.
Quick Start (15 seconds)
Get started with AWS Bedrock xLink in 15 seconds. Replace AWS SDK import, keep everything else the same. Identity generation and message signing happen automatically.
npm install @private.me/aws-bedrock-xlink @aws-sdk/client-bedrock-runtime
import { BedrockXLinkClient } from '@private.me/aws-bedrock-xlink'; // Create client (generates identity automatically) const client = new BedrockXLinkClient({ region: 'us-east-1', modelId: 'anthropic.claude-v2' }); // Simple chat with auto-signed message const result = await client.chat('Explain quantum computing simply'); if (result.ok) { console.log(result.value.content); console.log('Tokens:', result.value.usage); }
The Problem: Credential-Based Authentication
AWS credentials authenticate infrastructure access, but not AI agent identity. Multi-agent systems can't verify which agent sent a message, audit trails are incomplete, and cascading failures happen when credentials expire.
| Traditional Approach | Problem |
|---|---|
| AWS Access Keys | Authenticate infrastructure, not agent identity |
| IAM Roles | Can't verify which specific agent sent a message |
| Credential Rotation | Cascading failures when keys expire |
| Audit Trails | No cryptographic proof of message authorship |
| Multi-Agent Systems | Agents can't verify each other's messages |
The core issue: One expired OAuth token can restart 500 AI agents simultaneously. Credentials authenticate access but don't prove identity. Cascading failures are inevitable.
Solution: Cryptographic Identity
xLink provides every Bedrock client with a cryptographic identity (DID). Messages are signed with Ed25519, responses can be verified, and identity persists independent of AWS credentials.
How It Works
Each Bedrock client gets a unique xLink DID. Every message is signed before sending to Bedrock. Other agents can verify signatures. Identity survives credential rotation.
┌─────────────┐
│ Agent A │
│ DID: z6Mk.. │
└──────┬──────┘
│
├── Message: "Analyze this data"
│ Signed: Ed25519 signature
│
▼
┌────────────────────────────┐
│ AWS Bedrock │
│ - Claude v2 │
│ - Receives signed message │
│ - Processes request │
└────────────────────────────┘
│
├── Response with agent metadata
│
▼
┌─────────────┐
│ Agent B │
│ Verifies │
│ signature │
└─────────────┘
Benefits
- Cascading Failure Elimination: Identity persists through credential rotation
- Redo Multiplication: 603× speedup vs OAuth (91ms vs 54,853ms)
- Multi-Agent Collaboration: Agents verify each other's messages
- Audit Trails: Cryptographic proof of who said what
- Zero-Trust Architecture: No reliance on network security
Features
Auto-Generated Identity
const client = new BedrockXLinkClient({ region: 'us-east-1', modelId: 'anthropic.claude-v2' }); // Automatically: // - Generates Ed25519 keypair // - Creates DID (did:key:z6Mk...) // - Ready for secure communication console.log('Agent DID:', client.did);
Multi-Turn Conversations
const conv = client.createConversation(); await client.chatInConversation(conv, 'My name is Alice'); await client.chatInConversation(conv, 'What is my name?'); // Model responds: "Your name is Alice"
Streaming Support
await client.streamChat( 'Write a story about a robot', undefined, { onDelta: (chunk) => process.stdout.write(chunk), onComplete: (full) => console.log('\n\nGenerated', full.length, 'characters'), onError: (error) => console.error('Stream failed:', error.message) } );
Multi-Agent Collaboration
// Create two agents with separate identities const researcher = new BedrockXLinkClient({ region: 'us-east-1', modelId: 'anthropic.claude-v2', agentName: 'researcher' }); const writer = new BedrockXLinkClient({ region: 'us-east-1', modelId: 'amazon.titan-text-express-v1', agentName: 'writer' }); // Each has a unique DID console.log('Researcher DID:', researcher.did); console.log('Writer DID:', writer.did); // They can verify each other's messages const researchResult = await researcher.chat('Find facts about AI'); // Writer can verify researcher's signature
Use Cases
Multiple AI agents working together, each with unique identity. Researcher agent gathers data, analyst agent processes it, writer agent generates reports. Each verifies others' messages cryptographically.
verified messagesCryptographic audit trails for all AI conversations. Every message signed with agent DID, every response verifiable. Compliance teams can prove exactly which agent said what, when. SOC2, ISO27001 ready.
compliance auditAI agents in classified environments with zero-trust architecture. No reliance on network security. Each agent cryptographically identified. Message integrity verified end-to-end. FISMA, FedRAMP compliant.
zero-trust verifiedAI agents processing patient data with cryptographic accountability. Every agent identified, every message signed. Audit logs show exactly which agent accessed which patient record. HIPAA BAA satisfied.
HIPAA audit trailPurchase & Subscription
Pricing
Standard pricing: $5/month Basic • $10/month Middle • $15/month Enterprise
| Tier | Price | Features |
|---|---|---|
| Basic | $5/month | Bedrock integration, identity auth, signature verification, unlimited requests |
| Middle | $10/month | Everything in Basic + trust registry integration, multi-agent verification |
| Enterprise | $15/month | Everything in Middle + air-gapped deployment + white-label + SSO + SLA |
3-month trial - No credit card required
API Purchase Endpoint
curl -X POST https://private.me/api/purchase \ -H "Content-Type: application/json" \ -d '{ "product": "aws-bedrock-xlink", "tier": "basic", "customer": { "email": "user@example.com", "connection_id": "conn_abc123" } }'
Error Handling
All errors follow RFC 7807 Problem Details format:
{
"type": "https://private.me/errors/invalid-tier",
"title": "Invalid subscription tier",
"status": 400,
"fields": {
"tier": "Provided value 'premium' is not valid"
}
}
API Reference
BedrockXLinkClient
Main class for AWS Bedrock integration with xLink identity.
Properties
client.did // The xLink DID for this client client.agent // The underlying xLink Agent instance
Configuration Interface
interface BedrockXLinkConfig { region: string; // AWS region (e.g., "us-east-1") modelId: string; // Model ID (e.g., "anthropic.claude-v2") accessKeyId?: string; // AWS access key (optional) secretAccessKey?: string; // AWS secret key (optional) sessionToken?: string; // Session token for temporary credentials agentName?: string; // Name for xLink identity registryUrl?: string; // Trust registry URL verbose?: boolean; // Enable debug logging }
Supported Models
Anthropic Claude
anthropic.claude-v2anthropic.claude-v2:1anthropic.claude-instant-v1anthropic.claude-3-sonnet-20240229-v1:0anthropic.claude-3-haiku-20240307-v1:0
Amazon Titan
amazon.titan-text-express-v1amazon.titan-text-lite-v1
Other Models
Most Bedrock models are supported with automatic format detection. If you encounter a model that doesn't work, contact us at contact@private.me.
const client = new BedrockXLinkClient({ region: 'us-west-2', modelId: 'amazon.titan-text-express-v1' }); const result = await client.chat('Generate a product description for headphones');
Architecture
Component Stack
┌─────────────────────────────┐
│ Your Application │
└──────────┬──────────────────┘
│
▼
┌─────────────────────────────┐
│ BedrockXLinkClient │
│ - Auto-generates DID │
│ - Signs messages │
│ - Verifies responses │
└──────────┬──────────────────┘
│
├─────────┬─────────
│ │
▼ ▼
┌──────────┐ ┌──────────┐
│ xLink │ │ AWS SDK │
│ Agent │ │ Bedrock │
└──────────┘ └──────────┘
│ │
└─────────┘
│
▼
┌──────────────┐
│ AWS Bedrock │
│ Claude/Titan │
└──────────────┘
Message Flow
- Application sends message: Call
client.chat('query') - xLink signs message: Ed25519 signature added automatically
- AWS SDK sends to Bedrock: Standard Bedrock API call
- Model processes request: Claude/Titan generates response
- Response returned: Includes model output + token usage
- Optional verification: Other agents can verify signature
Identity Persistence
xLink identities can be exported and restored across sessions:
// Export identity const identity = await client.agent.exportIdentity(); // Store securely (OS keychain, secrets manager) // Restore later (same DID, same access rights) const restoredClient = new BedrockXLinkClient({ region: 'us-east-1', modelId: 'anthropic.claude-v2', identity: identity.value // Pass existing identity });
Security Model
Five-Layer Security
- Identity Generation: Ed25519 keypair generated using Web Crypto API (FIPS 186-5)
- Message Signing: Every message signed before sending to Bedrock
- DID Creation: Decentralized identifier follows
did:keyspecification - Signature Verification: Other agents verify signatures cryptographically
- Audit Trail: Every message includes DID + timestamp + signature
Security Guarantees
- Non-repudiation: Agent can't deny sending a signed message
- Message Integrity: Tampering invalidates signature
- Identity Persistence: DID survives credential rotation
- Zero Trust: No reliance on network or infrastructure security
- Audit Trail: Cryptographic proof of who said what, when
AWS Credential Handling
This library uses standard AWS SDK credential resolution:
- Environment variables (
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY) - Shared credentials file (
~/.aws/credentials) - IAM roles (when running on EC2/ECS/Lambda)
- Explicit credentials in config (not recommended)