opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 8 hours ago verified publisher icon anomalyco

feat: Add AWS Web Identity Token File (EKS IRSA) support for Bedrock

Open bainos opened this issue 8 hours ago • 1 comments

Feature Request: AWS Web Identity Token File (EKS IRSA) Support for Bedrock

Problem: OpenCode cannot authenticate with Amazon Bedrock from Kubernetes/EKS environments using IAM Roles for Service Accounts (IRSA).

Proposed Solution: Add support for AWS Web Identity Token File authentication by detecting AWS_WEB_IDENTITY_TOKEN_FILE environment variable and enabling the AWS credential chain when no bearer token is present.

Use Case: Enable OpenCode to run in containerized workloads (Kubernetes/EKS) with IRSA, which is the standard AWS authentication method for pods.

Environment Variables:

  • AWS_WEB_IDENTITY_TOKEN_FILE - Path to token file (set by Kubernetes)
  • AWS_ROLE_ARN - IAM role to assume
  • AWS_REGION - AWS region

bainos avatar Jan 14 '26 13:01 bainos