If you’ve been paying attention to the AI space, you’ve probably seen Claude Code pop up. It’s Anthropic’s CLI tool that lets you use Claude directly in your terminal to write code, debug issues, and interact with your codebase. It’s like having a senior engineer sitting next to you, except it doesn’t steal your lunch from the fridge.
Look, I know there are probably a million blog posts about Claude Code and Bedrock at this point. I’m not here to write the definitive guide. I just want to share how I’m actually using it as an SRE who lives in AWS every day, and why the Bedrock piece specifically matters for folks like us.
What a lot of people don’t realize is that Claude Code can run through Amazon Bedrock. That means you get all the power of Claude, but the requests flow through your AWS account. Your data stays in AWS. Your existing IAM policies apply. Your security team doesn’t have a meltdown. For those of us who live in AWS, this is a big deal.
What is Amazon Bedrock?
If you haven’t used it yet, Amazon Bedrock is AWS’s fully managed service for accessing foundation models (large language models, image generators, etc.) from multiple providers through a single API. Think of it as a managed gateway to AI models. Instead of signing up with each AI provider separately, you access them through your AWS account with the same IAM controls, billing, and networking you already use for everything else. Anthropic’s Claude, Meta’s Llama, Amazon’s own models, they’re all available through Bedrock.
The key thing for this post: Bedrock lets you run Claude models inside your AWS environment. No data leaves AWS, no separate API keys to manage, no new vendor relationships for your procurement team to worry about.
Why Bedrock?
You might be wondering why you wouldn’t just use Claude Code directly through Anthropic’s API. Fair question. Here’s why Bedrock matters, especially in a professional context:
Your data stays in your AWS environment. Bedrock doesn’t use your inputs or outputs to train models. For anyone working in an enterprise or dealing with sensitive infrastructure code, this is non-negotiable.
You use your existing AWS billing. No separate Anthropic account, no separate invoice. It all shows up on the same AWS bill your finance team already knows how to handle.
IAM controls everything. You can control who can use Claude through the same IAM policies you use for everything else. Want to restrict it to your DevOps team? That’s just an IAM policy. Want to log every invocation? CloudTrail picks it up automatically.
No new network paths. If you’re already in AWS, your traffic to Bedrock stays on the AWS backbone. No new firewall rules, no new VPC endpoints for external APIs (although you might want a Bedrock VPC endpoint depending on your setup).
Setting It Up
The setup is straightforward. You need three things: Bedrock model access, the right IAM permissions, and Claude Code installed.
1. Enable Claude in Bedrock
First, you need to request access to Claude models in Bedrock. This isn’t automatic.
- Go to the Amazon Bedrock console
- Click Model access in the left sidebar
- Find the Anthropic section and request access to the Claude models
- Wait for approval (usually quick, sometimes instant)
Make sure you’re doing this in a region that supports the Claude models. US East (N. Virginia) us-east-1 and US West (Oregon) us-west-2 are solid bets.
2. IAM Permissions
Your IAM user or role needs permissions to invoke Bedrock models. Here’s a minimal policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": "arn:aws:bedrock:*::foundation-model/anthropic.claude-*"
}
]
}
This gives access to invoke any Claude model in Bedrock. If you want to lock it down to a specific model or region, tighten that Resource ARN.
3. Prerequisites
Before installing Claude Code, you’ll need a couple of things on your machine:
Node.js (v18+) — Claude Code is an npm package, so you need Node.js installed. If you’re on a Mac:
brew install node
Verify it’s installed:
node --version
npm --version
AWS CLI — You probably already have this if you’re reading this blog, but just in case:
brew install awscli
Make sure your credentials are configured (aws configure or environment variables). If you can run aws sts get-caller-identity and get a response, you’re good.
4. Install Claude Code
Once Node.js is set up:
npm install -g @anthropic-ai/claude-code
If you’re brand new to Claude Code, I’d recommend going through Anthropic’s free Claude Code in Action course on Skilljar before diving in. It covers everything from the basics to advanced workflows like MCP servers and GitHub integration. You even get a certificate at the end. It’s worth the time.
5. Configure Claude Code for Bedrock
This is the key part. You need to tell Claude Code to use Bedrock instead of the default Anthropic API:
export CLAUDE_CODE_USE_BEDROCK=1
export AWS_REGION=us-east-1
Claude Code will pick up your AWS credentials from the standard chain, your environment variables, ~/.aws/credentials, IAM role, whatever you’re already using. If you’ve ever run aws s3 ls successfully, you’re probably good to go.
Then just run:
claude
That’s it. Claude Code is now running through Bedrock. Same features, same capabilities, but everything flows through your AWS account.
Real DevOps Use Cases
Now the fun part. Here’s how I’ve been using Claude Code with Bedrock for actual SRE and DevOps work.
Writing and Reviewing Terraform
This one is a daily driver for me. Instead of bouncing between documentation tabs, I can describe what I need and get working Terraform back.
> Write a Terraform module for an ECS Fargate service with an ALB,
including health checks and auto-scaling based on CPU utilization
Claude Code generates the module with the provider blocks, resource definitions, variables, and outputs. But here’s the thing, it’s not just templating. It understands the relationships between resources. It knows that the ALB target group needs to reference the ECS service’s container port. It knows the security groups need to allow traffic between the ALB and the tasks. It catches the stuff that usually costs you 20 minutes of debugging after terraform plan fails.
I also use it for reviewing existing Terraform:
> Review this module and check for security issues, missing tags,
and anything that doesn't follow AWS best practices
It’ll flag things like overly permissive security groups, missing encryption configurations, and resources without proper tagging. Things that a human reviewer would catch on a good day, but might miss on a Friday afternoon.
Debugging CloudWatch Logs
When something breaks in production at 2 AM, the last thing you want to do is manually parse through thousands of log lines. I’ve been pulling logs and feeding them to Claude Code for analysis:
> Here are the last 500 CloudWatch log entries from our API service.
What's causing the spike in 5xx errors?
It can identify patterns that take a human much longer to spot. Correlated errors across services, gradual memory leaks shown in log patterns, connection pool exhaustion. It doesn’t replace your monitoring, but it gives you a head start on root cause analysis when you’re working an incident.
Writing Automation Scripts
Every SRE team has a backlog of automation tasks that never get done because there’s always something more urgent. Claude Code has been helping me knock these out faster:
> Write a Python script that checks all EC2 instances across all
regions for instances that have been stopped for more than 30 days
and generates a report with instance ID, region, stop time, and
estimated monthly savings if terminated
It produces a working script with proper boto3 pagination, error handling, and output formatting. Does it need review? Absolutely. But it cuts the development time significantly.
IAM Policy Troubleshooting
If you’ve ever stared at an “Access Denied” error and tried to figure out which of the 47 policies attached to a role is causing the issue, you’ll appreciate this one:
> Here's the IAM role's trust policy and all attached policies.
Why can't this role assume the cross-account role
arn:aws:iam::123456789012:role/DeployRole?
Claude Code can trace through the policy evaluation logic and usually pinpoint the issue, whether it’s a missing condition key, a conflicting deny statement, or a trust policy that doesn’t include the right principal.
Things to Keep in Mind
Cost. Bedrock charges per token. For heavy usage, this adds up. Keep an eye on your Bedrock costs in Cost Explorer and set up a billing alarm. You can also set up a spend limit directly in Claude Code by running claude config set --global bedrockSpendLimit 50.00.
Model availability. Not every Claude model is available in every Bedrock region. Check the Bedrock documentation for current availability.
It’s an assistant, not an autopilot. Everything Claude Code generates should be reviewed. I’ve caught subtle issues in generated Terraform, like using deprecated resource arguments or suggesting configurations that work but aren’t optimal. Trust but verify.
Context matters. Claude Code works best when it can see your codebase. Running it from the root of your project gives it context about your existing patterns, naming conventions, and architecture. The more context it has, the better the output.
The Bigger Picture
What makes this setup compelling for DevOps and SRE work isn’t just that it can generate code. It’s that it integrates into a workflow that already lives in AWS. The model runs in Bedrock, the infrastructure it helps build runs in AWS, the logs it helps debug come from CloudWatch, the policies it helps troubleshoot are IAM. It’s all the same ecosystem.
What I’ve shown here is a pretty basic setup and workflow. It can get way crazier than this. Custom system prompts, automated pipelines that use Claude Code as part of CI/CD, hooking it into incident response runbooks, building custom agents with the Bedrock API. I’m just scratching the surface, and I’ll share more as I go deeper. But even at this basic level, Claude Code through Bedrock has earned a spot in my toolkit.
I’m a Staff Site Reliability Engineer and I get busy with AWS, GitHub, Terraform, and VS Code, among other things. If you’re feeling it, subscribe below. Want to connect? Find me on LinkedIn, GitHub, or X.