Merge pull request #3939 from pharindoko/main

fix(bedrock): convert botocore credentials when role is assumed
2025-04-27 11:43:54 +00:00 · 2024-05-31 18:46:15 -07:00 · 2024-05-31 18:46:15 -07:00 · addf8751a2
commit addf8751a2
parent f4dc681dd9 559e825e2f
1 changed files with 10 additions and 1 deletions
--- a/litellm/llms/bedrock_httpx.py
+++ b/litellm/llms/bedrock_httpx.py
@ -294,7 +294,16 @@ class BedrockLLM(BaseLLM):
                RoleArn=aws_role_name, RoleSessionName=aws_session_name
            )

-            return sts_response["Credentials"]
+            # Extract the credentials from the response and convert to Session Credentials
+            sts_credentials = sts_response["Credentials"]
+            from botocore.credentials import Credentials
+
+            credentials = Credentials(
+                access_key=sts_credentials["AccessKeyId"],
+                secret_key=sts_credentials["SecretAccessKey"],
+                token=sts_credentials["SessionToken"],
+            )
+            return credentials
        elif aws_profile_name is not None:  ### CHECK SESSION ###
            # uses auth values from AWS profile usually stored in ~/.aws/credentials
            client = boto3.Session(profile_name=aws_profile_name)