Enterprise
10 min

Enterprise Guide: Using Claude Code Securely via AWS Bedrock
- Secure AI Development Support in Tokyo Region -

Learn how to leverage Claude Code via AWS Bedrock (Tokyo region) while meeting enterprise security requirements. Detailed setup procedures for Claude 3.5 Sonnet and Claude Sonnet 4.

Claude CodeAWS BedrockEnterpriseTokyo RegionAI Development

Introduction

Many enterprises have restrictions on direct connections to external AI services due to security and compliance requirements. However, by using AWS Bedrock as an intermediary, it's possible to leverage Claude Code's powerful development assistance features while meeting corporate security policies.

This article explains the specific configuration methods and implementation considerations when using Claude Code via AWS Bedrock (Tokyo region).

Available Models

As of June 2025, Claude models available in AWS Bedrock Tokyo region:

  • Claude 3.5 Sonnet: anthropic.claude-3-5-sonnet-20241022-v2:0
  • Claude Sonnet 4: apac.anthropic.claude-sonnet-4-20250514-v1:0

Environment Setup Procedure

Prerequisites

  1. Access permissions to AWS Bedrock (Tokyo region)
  2. Approved access request for Claude 3.5 Sonnet or Claude Sonnet 4
  3. Properly configured IAM roles or users
  4. Claude Code CLI installation (latest version)

Step 1: Verify AWS Credentials

First, verify that AWS credentials are correctly configured:

bash
# Check current credentials
aws sts get-caller-identity

If displayed correctly, authentication setup is complete.

Step 2: Enable Bedrock Model Access

    From AWS Console:
  1. Navigate to AWS Bedrock service
  2. Select Tokyo region (ap-northeast-1)
  3. Select "Model access"
  4. Click "Request access" for Claude 3.5 Sonnet or Claude Sonnet 4
  5. Agree to terms and submit request

Step 3: IAM Policy Configuration

Add the following IAM policy to your user or role:

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": [
        "arn:aws:bedrock:ap-northeast-1:*:model/anthropic.claude-3-5-sonnet-20241022-v2:0",
        "arn:aws:bedrock:ap-northeast-1:*:model/apac.anthropic.claude-sonnet-4-20250514-v1:0"
      ]
    }
  ]
}

Step 4: Environment Variables Setup

Set environment variables for Claude Code to use AWS Bedrock:

bash
# AWS settings
export AWS_PROFILE=default
export AWS_REGION=ap-northeast-1
export AWS_CONFIG_FILE=~/.aws/config
export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials

# Claude Code settings
export CLAUDE_CODE_USE_BEDROCK=1

Important: Setting CLAUDE_CODE_USE_BEDROCK=1 enables Claude Code to work via AWS Bedrock.

Step 5: Starting Claude Code

Once configuration is complete, start Claude Code:

bash
# Using Claude 3.5 Sonnet
claude --model anthropic.claude-3-5-sonnet-20241022-v2:0

# Using Claude Sonnet 4
claude --model apac.anthropic.claude-sonnet-4-20250514-v1:0

Verification

After startup, verify connection with the following command:

bash
# Execute a simple task
> "Please create a Python script that displays 'Hello World'"

Additional Settings for Enterprise Environments

Proxy Configuration

For environments using proxy, add the following settings:

bash
# HTTP proxy settings
export HTTP_PROXY=http://proxy.company.com:8080
export HTTPS_PROXY=http://proxy.company.com:8080

# Exclude AWS internal communication from proxy
export NO_PROXY=169.254.169.254,169.254.170.2,.amazonaws.com

AWS Configuration File Examples

~/.aws/config:
ini
[default]
region = ap-northeast-1
output = json
~/.aws/credentials:
ini
[default]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY

Troubleshooting

1. Model Not Found Error

bash
# Check available models
aws bedrock list-foundation-models \
  --by-provider Anthropic \
  --region ap-northeast-1 \
  --query 'modelSummaries[*].modelId' \
  --output table

2. Authentication Error

bash
# Verify IAM policy
aws iam get-user-policy --user-name YOUR_USERNAME --policy-name BedrockAccess

3. Region Error

Always specify ap-northeast-1 (Tokyo) region. Models may not be available in other regions.

Best Practices

1. Security

  • Principle of Least Privilege: Grant access only to necessary models
  • CloudTrail Logs: Record all Bedrock API calls
  • VPC Endpoints: Use VPC endpoints when possible

2. Cost Management

bash
# Monitor usage
aws cloudwatch get-metric-statistics \
  --namespace AWS/Bedrock \
  --metric-name ModelInvocations \
  --start-time 2025-06-01T00:00:00Z \
  --end-time 2025-06-16T23:59:59Z \
  --period 86400 \
  --statistics Sum \
  --dimensions Name=ModelId,Value=anthropic.claude-3-5-sonnet-20241022-v2:0

3. Model Selection Guidelines

  • Claude 3.5 Sonnet: Advanced coding tasks, complex logic implementation
  • Claude Sonnet 4: Faster and more efficient, optimal for general development tasks

Project Usage Example

Creating CLAUDE.md File

Create CLAUDE.md in project root with project-specific instructions:

markdown
# Project Configuration

## Tech Stack
- Next.js 14 (App Router)
- TypeScript 5.x
- AWS SDK v3

## Coding Standards
- Follow ESLint configuration
- Add JSDoc comments to all functions
- Always implement error handling

## AWS Integration
- Region: ap-northeast-1
- Use SDK v3 for all AWS services
- IAM role-based authentication

Conclusion

By using Claude Code via AWS Bedrock (Tokyo region), enterprises can receive cutting-edge AI development assistance while meeting security requirements.

    Key Points:
  1. Use Tokyo region (ap-northeast-1)
  2. Set CLAUDE_CODE_USE_BEDROCK=1 environment variable
  3. Specify appropriate Model ID
  4. Fine-grained access control through IAM policies

As more enterprises advance AI-powered development, such secure implementation methods will become increasingly important.

Back to Tips