Skip to main content
PentAGI integrates with Amazon Bedrock, offering access to a wide range of foundation models from leading AI companies including Anthropic, AI21, Cohere, Meta, Amazon, and DeepSeek through a single AWS-native interface.

Environment Variables

BEDROCK_REGION
string
default:"us-east-1"
required
AWS region for Bedrock service. Common regions: us-east-1, us-west-2, eu-west-1, ap-northeast-1.
BEDROCK_ACCESS_KEY_ID
string
required
AWS access key ID for authentication. Obtain from AWS IAM.
BEDROCK_SECRET_ACCESS_KEY
string
required
AWS secret access key for authentication.
BEDROCK_SESSION_TOKEN
string
AWS session token for temporary credentials (alternative to access key method).
BEDROCK_SERVER_URL
string
Optional custom Bedrock endpoint URL (for VPC endpoints or testing).
PROXY_URL
string
Optional HTTP proxy URL for enhanced security (e.g., http://your-proxy:8080).

Configuration Example

Add the following to your .env file: 
# Basic AWS Bedrock setup with credentials
BEDROCK_REGION=us-east-1
BEDROCK_ACCESS_KEY_ID=AKIA...
BEDROCK_SECRET_ACCESS_KEY=...

# Using with proxy for enhanced security
BEDROCK_REGION=us-east-1
BEDROCK_ACCESS_KEY_ID=AKIA...
BEDROCK_SECRET_ACCESS_KEY=...
PROXY_URL=http://your-proxy:8080

# Using custom endpoint (for VPC endpoints or testing)
BEDROCK_REGION=us-east-1
BEDROCK_ACCESS_KEY_ID=AKIA...
BEDROCK_SECRET_ACCESS_KEY=...
BEDROCK_SERVER_URL=https://bedrock-runtime.us-east-1.amazonaws.com
AWS credentials can also be provided through:
  • IAM roles (recommended for EC2/ECS deployments)
  • AWS credential files (~/.aws/credentials)
  • Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
Ensure your AWS account has appropriate permissions for Amazon Bedrock service access.

Available Model Providers

Anthropic (Claude)

  • claude-4-sonnet - Latest Claude with exceptional reasoning
  • claude-3-5-sonnet - High-performance security analysis
  • claude-3-5-haiku - Fast vulnerability scanning
  • us.anthropic.claude-sonnet-4-20250514-v1:0 - US region optimized
  • us.anthropic.claude-3-5-haiku-20241022-v1:0 - US region optimized

Amazon Nova

Multimodal models supporting text, image, and video:
  • amazon-nova-pro - Flagship multimodal model
  • amazon-nova-lite - Fast and cost-effective
  • amazon-nova-micro - Ultra-lightweight

Meta Llama

Open-source foundation models:
  • meta.llama3-1-405b-instruct - Largest Llama model
  • meta.llama3-1-70b-instruct - Balanced performance
  • meta.llama3-1-8b-instruct - Efficient lightweight model
  • meta.llama3-2-90b-instruct - Latest generation

AI21 Labs

  • ai21.jamba-1-5-large - Advanced language understanding
  • ai21.jamba-1-5-mini - Fast inference

Cohere

  • cohere.command-r-plus - Advanced reasoning
  • cohere.command-r - Balanced performance
  • cohere.command-light - Fast and efficient

DeepSeek

  • deepseek-r1 - Reasoning-optimized model

Features

  • Multi-Provider Access: Access models from 6+ AI companies through single interface
  • Advanced Reasoning: Support for Claude 4 and reasoning-capable models
  • Multimodal Models: Amazon Nova series for text, image, and video analysis
  • Enterprise Security: AWS-native security, VPC integration, compliance certifications
  • Cost Optimization: Wide range of model sizes for cost-effective testing
  • Regional Availability: Deploy in your preferred AWS region for data residency
  • High Performance: Low-latency inference through AWS global infrastructure

AWS Bedrock Rate Limits Warning

The default PentAGI configuration for AWS Bedrock uses two primary models:
  • us.anthropic.claude-sonnet-4-20250514-v1:0 (for most agents) - 2 requests per minute for new AWS accounts
  • us.anthropic.claude-3-5-haiku-20241022-v1:0 (for simple tasks) - 20 requests per minute for new AWS accounts
These default rate limits are extremely restrictive for comfortable penetration testing and will significantly impact your workflow.
  1. Request quota increases for your AWS Bedrock models through AWS Service Quotas console
  2. Use provisioned throughput models with hourly billing for higher throughput
  3. Switch to alternative models with higher default quotas:
    • Amazon Nova series (higher default limits)
    • Meta Llama models (generous quotas)
    • AI21 Jamba models
  4. Consider using a different LLM provider (OpenAI, Anthropic, Gemini) if you need immediate high-throughput access
Without adequate rate limits, you may experience frequent delays, timeouts, and degraded testing performance.

Converse API Requirements

PentAGI uses the Amazon Bedrock Converse API for model interactions. Models must support:
  • Converse - Basic conversation API
  • ConverseStream - Streaming responses
  • Tool use - Function calling for penetration testing tools
  • Streaming tool use - Real-time tool execution feedback
Before selecting models, verify their feature support at: Supported models and model featuresSome models like AI21 Jurassic-2 and Cohere Command (Text) have limited chat support and may not work properly with PentAGI’s multi-turn conversation workflows.

Model Selection by Agent Type

PentAGI’s default Bedrock configuration leverages Claude models:
Agent TypeDefault ModelRequests/Min (New Account)Use Case
Primary Agentclaude-sonnet-42Core penetration testing
Simple tasksclaude-3-5-haiku20Quick queries
Coderclaude-sonnet-42Exploit development
Pentesterclaude-sonnet-42Dedicated testing

IAM Permissions

Your AWS IAM user or role needs these permissions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream",
        "bedrock:ListFoundationModels",
        "bedrock:GetFoundationModel"
      ],
      "Resource": "*"
    }
  ]
}

Regional Model Availability

Not all models are available in all regions. Check availability: 
aws bedrock list-foundation-models --region us-east-1
Popular regions for model availability:
  • us-east-1 (N. Virginia) - Widest model selection
  • us-west-2 (Oregon) - Most major models
  • eu-west-1 (Ireland) - European data residency
  • ap-northeast-1 (Tokyo) - Asia-Pacific availability

Provisioned Throughput

For high-volume penetration testing, consider provisioned throughput:
  1. Purchase model units in AWS Bedrock console
  2. Create provisioned model ARN
  3. Use provisioned ARN in your configuration
Benefits:
  • Guaranteed throughput
  • No rate limits
  • Predictable pricing
  • Lower per-token cost at scale

Advanced Configuration

Customize Bedrock models using YAML configuration: 
primary_agent:
  model: "us.anthropic.claude-sonnet-4-20250514-v1:0"
  temperature: 0.7
  top_p: 0.9
  max_tokens: 4096
  price:
    input: 3.0
    output: 15.0

fast_scanner:
  model: "amazon.nova-lite-v1:0"
  temperature: 0.5
  max_tokens: 2000
  price:
    input: 0.06
    output: 0.24

Troubleshooting

Access Denied Errors

  1. Verify IAM permissions include bedrock:InvokeModel
  2. Check model is available in your region
  3. Ensure model access is enabled in Bedrock console

Rate Limit Errors

  1. Check current quotas in Service Quotas console
  2. Request quota increase (typically approved within 24-48 hours)
  3. Consider provisioned throughput for guaranteed capacity
  4. Switch to models with higher default limits

Model Not Found

  1. Verify model availability in your region: 
    aws bedrock list-foundation-models --region your-region
  2. Enable model access in Bedrock console
  3. Check model ID format (some use versioned IDs)

VPC Endpoint Issues

If using VPC endpoints:
  1. Ensure endpoint policy allows Bedrock actions
  2. Verify security group rules
  3. Check route tables for VPC endpoint
  4. Use custom endpoint URL in BEDROCK_SERVER_URL

Cost Optimization

Strategies for cost-effective Bedrock usage:
  1. Use appropriate model sizes - Don’t use large models for simple tasks
  2. Enable caching - Leverage PentAGI’s built-in caching
  3. Monitor usage - Track costs in AWS Cost Explorer
  4. Set budgets - Configure AWS Budgets alerts
  5. Consider provisioned throughput - Lower per-token cost at scale

Build docs developers (and LLMs) love

Get started for freeTalk to us