Amazon Bedrock

Config options live under plugins.entries.amazon-bedrock.config.discovery:

{  plugins: {    entries: {      "amazon-bedrock": {        config: {          discovery: {            enabled: true,            region: "us-east-1",            providerFilter: ["anthropic", "amazon"],            refreshInterval: 3600,            defaultContextWindow: 32000,            defaultMaxTokens: 4096,          },        },      },    },  },}

OpenClaw discovers regional and global inference profiles alongside foundation models. When a profile maps to a known foundation model, the profile inherits that model's capabilities (context window, max tokens, reasoning, vision) and the correct Bedrock request region is injected automatically. This means cross-region Claude profiles work without manual provider overrides.

Inference profile IDs look like us.anthropic.claude-opus-4-6-v1:0 (regional) or anthropic.claude-opus-4-6-v1:0 (global). If the backing model is already in the discovery results, the profile inherits its full capability set; otherwise safe defaults apply.

No extra configuration is needed. As long as discovery is enabled and the IAM principal has bedrock:ListInferenceProfiles, profiles appear alongside foundation models in openclaw models list.

Some Bedrock models support a service_tier parameter to optimize for cost or latency. The following tiers are available:

Set serviceTier (or service_tier) via agents.defaults.params for Bedrock model requests, or per-model in agents.defaults.models["<model-key>"].params:

{  agents: {    defaults: {      params: {        serviceTier: "flex", // applies to all models      },      models: {        "amazon-bedrock/mistral.mistral-large-3-675b-instruct": {          params: {            serviceTier: "priority", // per-model override          },        },      },    },  },}

Valid values are default, flex, priority, and reserved. Not all models support all tiers — if an unsupported tier is requested, Bedrock will return a validation error. Note: the error message is somewhat misleading; it may say "The provided model identifier is invalid" rather than indicating an unsupported service tier. If you see this error, check whether the model supports the requested tier.

Bedrock rejects the temperature parameter for Claude Opus 4.7. OpenClaw omits temperature automatically for any Opus 4.7 Bedrock ref, including foundation model ids, named inference profiles, application inference profiles whose underlying model resolves to Opus 4.7 via bedrock:GetInferenceProfile, and dotted opus-4.7 variants with optional region prefixes (us., eu., ap., apac., au., jp., global.). No config knob is required, and the omission applies to both the request options object and the inferenceConfig payload field.

Use amazon-bedrock/anthropic.claude-fable-5 in us-east-1, or the regional inference ids such as us.anthropic.claude-fable-5. OpenClaw applies Fable's 1M context window, 128K output limit, always-on adaptive thinking, and supported effort mapping. /think off and /think minimal map to low; unsupported temperature and forced tool choice controls are omitted. Streaming output is held until Bedrock returns a terminal status so mid-stream refusals do not expose partial text. Fable supports only the standard service tier; OpenClaw ignores configured flex, priority, and reserved tiers for this model.

AWS requires an explicit provider_data_share data-retention opt-in before Fable is available. Prompts and completions are shared with Anthropic and retained for up to 30 days for trust and safety. Review and configure Bedrock data retention before enabling the model.

You can apply Amazon Bedrock Guardrails to all Bedrock model invocations by adding a guardrail object to the amazon-bedrock plugin config. Guardrails let you enforce content filtering, topic denial, word filters, sensitive information filters, and contextual grounding checks.

{  plugins: {    entries: {      "amazon-bedrock": {        config: {          guardrail: {            guardrailIdentifier: "abc123", // guardrail ID or full ARN            guardrailVersion: "1", // version number or "DRAFT"            streamProcessingMode: "sync", // optional: "sync" or "async"            trace: "enabled", // optional: "enabled", "disabled", or "enabled_full"          },        },      },    },  },}

Bedrock can also serve as the embedding provider for memory search. This is configured separately from the inference provider -- set agents.defaults.memorySearch.provider to "bedrock":

{  agents: {    defaults: {      memorySearch: {        provider: "bedrock",        model: "amazon.titan-embed-text-v2:0", // default      },    },  },}

Bedrock embeddings use the same AWS SDK credential chain as inference (instance roles, SSO, access keys, shared config, and web identity). No API key is needed. Set memorySearch.provider: "bedrock" explicitly to use Bedrock embeddings.

Supported embedding models include Amazon Titan Embed (v1, v2), Amazon Nova Embed, Cohere Embed (v3, v4), and TwelveLabs Marengo. See Memory configuration reference -- Bedrock for the full model list and dimension options.

• Bedrock requires model access enabled in your AWS account/region.
• Automatic discovery needs the bedrock:ListFoundationModels and bedrock:ListInferenceProfiles permissions.
• If you rely on auto mode, set one of the supported AWS auth env markers on the gateway host. If you prefer IMDS/shared-config auth without env markers, set plugins.entries.amazon-bedrock.config.discovery.enabled: true.
• OpenClaw surfaces the credential source in this order: AWS_BEARER_TOKEN_BEDROCK, then AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY, then AWS_PROFILE, then the default AWS SDK chain.
• Reasoning support depends on the model; check the Bedrock model card for current capabilities.
• If you prefer a managed key flow, you can also place an OpenAI-compatible proxy in front of Bedrock and configure it as an OpenAI provider instead.