Phase 0: Infrastructure Foundation on Claude Code Wiki

Amazon Bedrock Fundamentals

Mon, 01 Jan 0001 00:00:00 +0000

Amazon Bedrock Fundamentals#

What Is Amazon Bedrock?#

Bedrock is AWS’s managed API gateway for foundation models. Instead of going directly to Anthropic for model access, Bedrock gives you a single AWS-native service that brokers access to foundation models through the same IAM, billing, networking, and compliance infrastructure you already use for everything else in AWS.

Analogy for Cloud Foundry practitioners: If Cloud Foundry abstracts away infrastructure for app developers, Bedrock does the same for model inference. Developers don’t think about where Claude is running – they just call the API. The platform team controls the networking, access, cost, and compliance layer underneath.

Google Vertex AI Fundamentals

Mon, 01 Jan 0001 00:00:00 +0000

Google Vertex AI Fundamentals#

What Is Vertex AI?#

Vertex AI is Google Cloud’s managed AI platform. Anthropic’s Claude models are available as partner models through Vertex AI, giving you a GCP-native API that uses the same IAM, billing, networking, and compliance infrastructure you already use for everything else in Google Cloud.

Analogy for Cloud Foundry practitioners: Same abstraction as Bedrock – developers call an API, the platform team controls networking, access, cost, and compliance underneath. The difference is which cloud’s control plane you’re working with.

Azure Foundry Fundamentals

Mon, 01 Jan 0001 00:00:00 +0000

Azure Foundry Fundamentals#

What Is Azure AI Foundry?#

Azure AI Foundry (also called Microsoft Foundry) is Microsoft’s managed AI platform. Anthropic’s Claude models are available as partner models through Foundry, giving you an Azure-native API that uses the same Entra ID, billing, networking, and compliance infrastructure you already use for everything else in Azure.

VPC Endpoint and PrivateLink Architecture

Mon, 01 Jan 0001 00:00:00 +0000

VPC Endpoint and PrivateLink Architecture#

Purpose#

Create a private connection between the corporate VPC and Amazon Bedrock. No internet gateway, no NAT, no public IPs needed. All traffic between the enterprise network and Bedrock stays within AWS’s private backbone.

Key Terraform Resources#

# VPC Endpoint for Bedrock Runtime
resource "aws_vpc_endpoint" "bedrock_runtime" {
 vpc_id = aws_vpc.main.id
 service_name = "com.amazonaws.${var.region}.bedrock-runtime"
 vpc_endpoint_type = "Interface"
 private_dns_enabled = true

 subnet_ids = var.private_subnet_ids
 security_group_ids = [aws_security_group.bedrock_endpoint.id]

 policy = jsonencode({
 Version = "2012-10-17"
 Statement = [
 {
 Effect = "Allow"
 Principal = "*"
 Action = [
 "bedrock:InvokeModel",
 "bedrock:InvokeModelWithResponseStream"
 ]
 Resource = "*"
 }
 ]
 })
}

# Security group: only allow traffic from developer subnets
resource "aws_security_group" "bedrock_endpoint" {
 name_prefix = "bedrock-endpoint-"
 vpc_id = aws_vpc.main.id

 ingress {
 from_port = 443
 to_port = 443
 protocol = "tcp"
 cidr_blocks = var.developer_subnet_cidrs
 }
}

Design Decisions#

Private DNS Enabled#

With private_dns_enabled = true, Claude Code’s standard Bedrock URLs resolve internally to the VPC endpoint’s private IP addresses. No application-level configuration changes needed beyond enabling Bedrock mode.

LLM Gateway Design

Mon, 01 Jan 0001 00:00:00 +0000

LLM Gateway Design#

Why a Gateway?#

The LLM gateway is the piece most enterprises skip and regret. Without it, you have 500 developer machines each holding AWS credentials and making direct Bedrock calls with no centralized visibility or control.

Deploy LiteLLM (open-source or enterprise cloud) or Kong AI Gateway as an internal service between developers and Bedrock.

What the Gateway Provides#

Per-User/Per-Team Token Budgets and Rate Limiting#

Set monthly token budgets per team or per user
Default to Sonnet for routine work, gate Opus access to specific use cases
Prevent a single developer from burning through the entire org’s budget

Centralized Authentication#

The gateway holds AWS credentials for Bedrock – developers don’t need AWS access
Developers authenticate to the gateway via corporate SSO
Eliminates 500 sets of AWS credentials on developer machines

Request/Response Logging for Audit#

Log request metadata: who, when, which model, token count, latency
Don’t log prompt content if Zero Data Retention (ZDR) is active
Feed metrics to CloudWatch or your observability stack

Provider Abstraction#

Swap models or providers without touching developer configs
Route to different models based on request characteristics
A/B test model versions transparently

Developer-Facing Configuration#

Once the gateway is deployed, the developer config becomes three environment variables:

Security Constraint Clarification

Mon, 01 Jan 0001 00:00:00 +0000

Security Constraint Clarification#

First Conversation with the CISO#

“No code leaves the network” has three interpretations that lead to completely different architectures. Get written alignment before doing anything else.

Level 1: “No code to Anthropic directly”#

What it means: Route through a cloud provider’s managed service (AWS Bedrock, Google Vertex AI). The enterprise’s contract is with AWS/GCP, not Anthropic directly. Data isn’t retained, isn’t used for training.

Architecture: Claude Code → Bedrock (standard) or Vertex AI (standard)