Feat: bedrock iam authentication (#12020)

### What problem does this PR solve?

Feat: bedrock iam authentication #12008 

### Type of change

- [x] New Feature (non-breaking change which adds functionality)

rag/llm/chat_model.py

@@ -1626,11 +1626,13 @@ class LiteLLMBase(ABC):
         elif self.provider == SupportedLiteLLMProvider.Bedrock:
             completion_args.pop("api_key", None)
             completion_args.pop("api_base", None)
+            bedrock_credentials = { "aws_region_name": self.bedrock_region }
+            if self.bedrock_ak and self.bedrock_sk:
+                bedrock_credentials["aws_access_key_id"] = self.bedrock_ak
+                bedrock_credentials["aws_secret_access_key"] = self.bedrock_sk
             completion_args.update(
                 {
-                    "aws_access_key_id": self.bedrock_ak,
-                    "aws_secret_access_key": self.bedrock_sk,
-                    "aws_region_name": self.bedrock_region,
+                    "bedrock_credentials": bedrock_credentials,
                 }
             )
         elif self.provider == SupportedLiteLLMProvider.OpenRouter:

rag/llm/embedding_model.py

@@ -471,9 +471,10 @@ class BedrockEmbed(Base):
         self.is_amazon = self.model_name.split(".")[0] == "amazon"
         self.is_cohere = self.model_name.split(".")[0] == "cohere"
 
-        if self.bedrock_ak == "" or self.bedrock_sk == "" or self.bedrock_region == "":
-            # Try to create a client using the default credentials (AWS_PROFILE, AWS_DEFAULT_REGION, etc.)
-            self.client = boto3.client("bedrock-runtime")
+        if self.bedrock_ak == "" or self.bedrock_sk == "":
+            # Try to create a client using the default credentials if ak/sk are not provided.
+            # Must provide a region.
+            self.client = boto3.client("bedrock-runtime", region_name=self.bedrock_region)
         else:
             self.client = boto3.client(service_name="bedrock-runtime", region_name=self.bedrock_region, aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)
 

web/src/constants/llm.ts

@@ -144,7 +144,7 @@ export const APIMapUrl = {
   [LLMFactory.BaiduYiYan]: 'https://wenxin.baidu.com/user/key',
   [LLMFactory.Meituan]: 'https://longcat.chat/platform/api_keys',
   [LLMFactory.Bedrock]:
-    'https://us-east-2.console.aws.amazon.com/bedrock/home#/api-keys',
+    'https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-2#/users',
   [LLMFactory.AzureOpenAI]:
     'https://portal.azure.com/#create/Microsoft.CognitiveServicesOpenAI',
   [LLMFactory.OpenRouter]: 'https://openrouter.ai/keys',

web/src/locales/en.ts

@@ -785,6 +785,8 @@ This auto-tagging feature enhances retrieval by adding another layer of domain-s
     },
     setting: {
       deleteModel: 'Delete model',
+      bedrockCredentialsHint:
+        'Tip: Leave Access Key / Secret Key blank to use AWS IAM authentication.',
       modelEmptyTip:
         'No models available. <br>Please add models from the panel on the right.',
       sourceEmptyTip: 'No data sources added yet. Select one below to connect.',

web/src/locales/zh-traditional.ts

@@ -544,6 +544,8 @@ export default {
       avatar: '头像',
       avatarTip: '這會在你的個人主頁展示',
       profileDescription: '在此更新您的照片和個人詳細信息。',
+      bedrockCredentialsHint:
+        '提示：Access Key / Secret Key 可留空，以啟用 AWS IAM 自動驗證。',
       maxTokens: '最大token數',
       maxTokensMessage: '最大token數是必填項',
       maxTokensTip:

web/src/locales/zh.ts

@@ -51,6 +51,8 @@ export default {
       search: '搜索',
       noDataFound: '没有找到数据。',
       noData: '暂无数据',
+      bedrockCredentialsHint:
+        '提示：Access Key / Secret Key 可留空，以启用 AWS IAM 自动验证。',
       promptPlaceholder: '请输入或使用 / 快速插入变量。',
       selected: '已选择',
     },

web/src/pages/user-setting/setting-model/modal/bedrock-modal/index.tsx

@@ -1,7 +1,7 @@
 import { useTranslate } from '@/hooks/common-hooks';
 import { IModalProps } from '@/interfaces/common';
 import { IAddLlmRequestBody } from '@/interfaces/request/llm';
-import { Flex, Form, Input, InputNumber, Modal, Select, Space } from 'antd';
+import { Form, Input, InputNumber, Modal, Select, Typography } from 'antd';
 import { useMemo } from 'react';
 import { LLMHeader } from '../../components/llm-header';
 import { BedrockRegionList } from '../../constant';
@@ -13,6 +13,7 @@ type FieldType = IAddLlmRequestBody & {
 };
 
 const { Option } = Select;
+const { Text } = Typography;
 
 const BedrockModal = ({
   visible,
@@ -43,25 +44,18 @@ const BedrockModal = ({
 
   return (
     <Modal
-      title={<LLMHeader name={llmFactory} />}
+      title={
+        <div>
+          <LLMHeader name={llmFactory} />
+          <Text type="secondary" style={{ display: 'block', marginTop: 4 }}>
+            {t('bedrockCredentialsHint')}
+          </Text>
+        </div>
+      }
       open={visible}
       onOk={handleOk}
       onCancel={hideModal}
       okButtonProps={{ loading }}
-      footer={(originNode: React.ReactNode) => {
-        return (
-          <Flex justify={'space-between'}>
-            <a
-              href="https://console.aws.amazon.com/"
-              target="_blank"
-              rel="noreferrer"
-            >
-              {t('ollamaLink', { name: llmFactory })}
-            </a>
-            <Space>{originNode}</Space>
-          </Flex>
-        );
-      }}
     >
       <Form
         name="basic"
@@ -91,14 +85,14 @@ const BedrockModal = ({
         <Form.Item<FieldType>
           label={t('addBedrockEngineAK')}
           name="bedrock_ak"
-          rules={[{ required: true, message: t('bedrockAKMessage') }]}
+          rules={[{ message: t('bedrockAKMessage') }]}
         >
           <Input placeholder={t('bedrockAKMessage')} />
         </Form.Item>
         <Form.Item<FieldType>
           label={t('addBedrockSK')}
           name="bedrock_sk"
-          rules={[{ required: true, message: t('bedrockSKMessage') }]}
+          rules={[{ message: t('bedrockSKMessage') }]}
         >
           <Input placeholder={t('bedrockSKMessage')} />
         </Form.Item>