Use Codex with Amazon Bedrock

Configure Codex to use OpenAI models available through Amazon Bedrock. In this setup, Codex runs locally and sends model requests to Bedrock using AWS-managed authentication and access controls.

How it works

When you configure Codex with Amazon Bedrock as the model provider, the OpenAI-hosted Responses API isn't in the request path. Codex sends model requests to Amazon Bedrock, and Bedrock provides an OpenAI-compatible Responses API implementation for supported OpenAI models.

Authentication is AWS-native. Users authenticate with a Bedrock API key or AWS IAM credentials. They do not use ChatGPT sign-in or OPENAI_API_KEY for this provider.

Before you start

Make sure you have:

Access to supported OpenAI models in Amazon Bedrock.
An AWS Region where the selected model is available.
Authentication for the Amazon Bedrock Mantle path configured for the AWS account.

Configure Codex

Add the amazon-bedrock model provider for the Amazon Bedrock Mantle path to ~/.codex/config.toml. Supplying a model is optional. Select a supported model explicitly when needed.

model_provider = "amazon-bedrock"

This guide covers the Amazon Bedrock Mantle path in supported commercial AWS Regions. Codex doesn't support Bedrock Mantle endpoints in AWS GovCloud Regions.

Authentication options

Codex supports two Bedrock authentication paths. It checks them in this order:

Bedrock API key.
AWS SDK credential chain.

Option 1: Bedrock API key

Set the Bedrock API key in the environment Codex reads. You must specify a Region when using API-key authentication.

export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>
export AWS_REGION=us-east-2

Option 2: AWS SDK credentials

Use this path when your organization manages Bedrock access through the AWS SDK credential chain. Codex can use these standard AWS SDK credential sources:

Shared AWS config and credentials files.
```
aws configure
```

Environment variables.

export AWS_ACCESS_KEY_ID=<your-access-key-id>
export AWS_SECRET_ACCESS_KEY=<your-secret-access-key>
export AWS_SESSION_TOKEN=<your-session-token>

AWS Management Console credentials.
```
aws login
```

AWS SSO or a named profile.

aws sso login --profile codex-bedrock
export AWS_PROFILE=codex-bedrock

Federated identity configured with credential_process. For corporate SSO or OIDC federation, configure the AWS profile outside Codex and let the AWS SDK resolve credentials. Put browser login, token exchange, caching, and refresh in your AWS profile's credential_process helper.

Desktop app and VS Code extension

Desktop apps and IDE extensions may not inherit environment variables from the shell. Put required values in ~/.codex/.env, then restart the app or extension.

export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>
export AWS_REGION=us-east-2

Verify setup

In Codex CLI, open /status and confirm Codex is using the amazon-bedrock model provider.
In the desktop app or VS Code extension, start a new session after restarting the app.
Confirm the selected model is available in the configured AWS Region and that the AWS identity has permission to access it.

Supported models

Use exact model IDs:

openai.gpt-5.5
openai.gpt-5.4

Model availability varies by AWS Region. Before selecting a model, see model support by AWS Region.

Feature availability

This configuration supports local Codex workflows. Some features that depend on OpenAI-hosted cloud services, hosted tools, or cloud-managed discovery aren't currently available.

Fast Mode isn't available with Amazon Bedrock. Fast Mode uses priority processing, and the initial Amazon Bedrock offering supports on-demand inference only.

^* Feature is currently limited to only specific regions. Check the individual feature documentation to learn more about geo restrictions.

^† Some first party plugins are not available.

Troubleshooting

If setup fails, check the following:

The model ID exactly matches a supported model.
You specify an AWS Region where the model is available.
The Bedrock API key or AWS credentials are valid and not expired.
The AWS identity has permission to access the selected Bedrock model.
AWS_BEARER_TOKEN_BEDROCK isn't set to an expired or unintended key.
For desktop app or VS Code extension usage, required environment variables are present in ~/.codex/.env.

Support boundaries

OpenAI Support can help with Codex client setup, configuration, local CLI behavior, desktop app behavior, IDE extension behavior, and the local Codex product experience.

For AWS credentials, IAM permissions, Bedrock model access, quotas, billing, regional availability, Bedrock request failures, AWS service logs, or Bedrock service behavior, contact the customer's AWS administrator or AWS Support.

amazon-bedrock.md +465 −89

7## How it works7## How it works

8 8

9When you configure Codex with Amazon Bedrock as the model provider, the9When you configure Codex with Amazon Bedrock as the model provider, the

~~10OpenAI-hosted Responses API isn’t in the request path. Codex sends model~~10OpenAI-hosted Responses API isn't in the request path. Codex sends model

11requests to Amazon Bedrock, and Bedrock provides an OpenAI-compatible Responses11requests to Amazon Bedrock, and Bedrock provides an OpenAI-compatible Responses

12API implementation for supported OpenAI models.12API implementation for supported OpenAI models.

13 13

14Authentication is AWS-native. Users authenticate with a Bedrock API key or AWS14Authentication is AWS-native. Users authenticate with a Bedrock API key or AWS

~~15IAM credentials. They do not use ChatGPT sign-in or `OPENAI_API_KEY` for this~~15 IAM credentials. They do not use ChatGPT sign-in or `OPENAI_API_KEY` for this

~~16provider.~~16 provider.

17 17

18## Before you start18## Before you start

19 19

30`~/.codex/config.toml`. Supplying a model is optional. Select a supported model30`~/.codex/config.toml`. Supplying a model is optional. Select a supported model

31explicitly when needed.31explicitly when needed.

32 32

~~33```~~33```toml

34model_provider = "amazon-bedrock"34model_provider = "amazon-bedrock"

35```35```

36 36

37This guide covers the Amazon Bedrock Mantle path in supported commercial AWS37This guide covers the Amazon Bedrock Mantle path in supported commercial AWS

~~38Regions. Codex doesn’t support Bedrock Mantle endpoints in AWS GovCloud~~38 Regions. Codex doesn't support Bedrock Mantle endpoints in AWS GovCloud

~~39Regions.~~39 Regions.

40 40

41## Authentication options41## Authentication options

42 42

50Set the Bedrock API key in the environment Codex reads. You must specify a50Set the Bedrock API key in the environment Codex reads. You must specify a

51Region when using API-key authentication.51Region when using API-key authentication.

52 52

~~53```~~53```shell

54export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>54export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>

55export AWS_REGION=us-east-255export AWS_REGION=us-east-2

56```56```

62 62

631. Shared AWS `config` and `credentials` files.631. Shared AWS `config` and `credentials` files.

64 64

~~65 ```~~65 ```shell

66 aws configure66 aws configure

67 ```67 ```

682. Environment variables.692. Environment variables.

69 70

~~70 ```~~71 ```shell

71 export AWS_ACCESS_KEY_ID=<your-access-key-id>72 export AWS_ACCESS_KEY_ID=<your-access-key-id>

72 export AWS_SECRET_ACCESS_KEY=<your-secret-access-key>73 export AWS_SECRET_ACCESS_KEY=<your-secret-access-key>

73 export AWS_SESSION_TOKEN=<your-session-token>74 export AWS_SESSION_TOKEN=<your-session-token>

74 ```75 ```

753. AWS Management Console credentials.773. AWS Management Console credentials.

76 78

~~77 ```~~79 ```shell

78 aws login80 aws login

79 ```81 ```

804. AWS SSO or a named profile.834. AWS SSO or a named profile.

81 84

~~82 ```~~85 ```shell

83 aws sso login --profile codex-bedrock86 aws sso login --profile codex-bedrock

84 export AWS_PROFILE=codex-bedrock87 export AWS_PROFILE=codex-bedrock

85 ```88 ```

865. Federated identity configured with `credential_process`. For corporate SSO or905. Federated identity configured with `credential_process`. For corporate SSO or

87 OIDC federation, configure the AWS profile outside Codex and let the AWS SDK91 OIDC federation, configure the AWS profile outside Codex and let the AWS SDK

88 resolve credentials. Put browser login, token exchange, caching, and refresh92 resolve credentials. Put browser login, token exchange, caching, and refresh

~~89 in your AWS profile’s `credential_process` helper.~~93 in your AWS profile's `credential_process` helper.

90 94

91## Desktop app and VS Code extension95## Desktop app and VS Code extension

92 96

94shell. Put required values in `~/.codex/.env`, then restart the app or98shell. Put required values in `~/.codex/.env`, then restart the app or

95extension.99extension.

96 100

~~97```~~101```shell

98export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>102export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>

99export AWS_REGION=us-east-2103export AWS_REGION=us-east-2

100```104```

112 116

113Use exact model IDs:117Use exact model IDs:

114 118

115```119```text

116openai.gpt-5.5120openai.gpt-5.5

117openai.gpt-5.4121openai.gpt-5.4

118```122```

124## Feature availability128## Feature availability

125 129

126This configuration supports local Codex workflows. Some features that depend on130This configuration supports local Codex workflows. Some features that depend on

127OpenAI-hosted cloud services, hosted tools, or cloud-managed discovery aren’t131OpenAI-hosted cloud services, hosted tools, or cloud-managed discovery aren't

128currently available.132currently available.

129 133

130Fast Mode isn’t available with Amazon Bedrock. Fast Mode uses priority134Fast Mode isn't available with Amazon Bedrock. Fast Mode uses priority

131processing, and the initial Amazon Bedrock offering supports on-demand135 processing, and the initial Amazon Bedrock offering supports on-demand

132inference only.136 inference only.

~~133~~ 137

134Detailed feature availability138<ToggleSection title="Detailed feature availability">

~~135~~ 139 <CodexPlanFeatureMatrix

136| Feature | Amazon Bedrock |140 client:load

137| --- | --- |141 data={{

138| Access and surfaces | |142 plans: [

139| --- | --- |143 {

140| [Codex web](https://developers.openai.com/codex/cloud) | — |144 id: "bedrock",

141| [Codex app for local tasks](https://developers.openai.com/codex/app) | |145 shortLabel: "Amazon Bedrock",

142| [Codex CLI](https://developers.openai.com/codex/cli) | |146 label: "Amazon Bedrock",

143| [IDE extension](https://developers.openai.com/codex/ide) | |147 },

144| [Codex SDK, `codex exec`, and scriptable workflows](https://developers.openai.com/codex/sdk) | |148 ],

145| Models and multimodal | |149 sections: [

146| [Bedrock-backed inference with supported OpenAI models](https://developers.openai.com/codex/amazon-bedrock) | |150 {

147| [Fast mode](https://developers.openai.com/codex/speed) | — |151 title: "Access and surfaces",

148| [Image generation and editing](https://developers.openai.com/codex/app/features#image-generation) | — |152 features: [

149| [Voice dictation](https://developers.openai.com/codex/app/features#voice-dictation) | — |153 {

150| [Web search](https://developers.openai.com/codex/app/features#web-search) | — |154 name: "Codex web",

151| Local features | |155 href: "/codex/cloud",

152| [Local code review with `/review`](https://developers.openai.com/codex/workflows#do-a-local-code-review) | |156 availability: {

153| [Auto-review for approval requests](https://developers.openai.com/codex/concepts/sandboxing/auto-review) | |157 bedrock: "unavailable",

154| [Sandboxing and permission controls](https://developers.openai.com/codex/permissions) | |158 },

155| [Project and standalone app automations](https://developers.openai.com/codex/app/automations) | |159 },

156| [Automations](https://developers.openai.com/codex/app/automations) | |160 {

157| [Worktrees and built-in Git tools](https://developers.openai.com/codex/app/worktrees) | |161 name: "Codex app for local tasks",

158| [Local environments and repeatable actions](https://developers.openai.com/codex/app/local-environments) | |162 href: "/codex/app",

159| [Appshots](https://developers.openai.com/codex/appshots) | |163 availability: {

160| Browser and remote control | |164 bedrock: "available",

161| [In-app browser previews and comments](https://developers.openai.com/codex/app/browser) | |165 },

162| [Browser Use automation](https://developers.openai.com/codex/app/browser#browser-use) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |166 },

163| [Chrome extension browser control](https://developers.openai.com/codex/app/chrome-extension) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |167 {

164| [Computer Use](https://developers.openai.com/codex/app/computer-use) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |168 name: "Codex CLI",

165| [SSH remote connections](https://developers.openai.com/codex/remote-connections#connect-to-an-ssh-host) | |169 href: "/codex/cli",

166| [Mobile remote control](https://developers.openai.com/codex/remote-connections) | — |170 availability: {

167| Customization and extensions | |171 bedrock: "available",

168| [Custom instructions with `AGENTS.md`](https://developers.openai.com/codex/guides/agents-md) | |172 },

169| [Skills](https://developers.openai.com/codex/skills) | |173 },

170| [Plugins](https://developers.openai.com/codex/plugins) | [Limited†](#codex-plan-plugin-limits "Available with plugin limits") |174 {

171| [Plugin sharing](https://developers.openai.com/codex/plugins/build#share-a-local-plugin-with-your-workspace) | — |175 name: "IDE extension",

172| [App connectors](https://developers.openai.com/codex/plugins) | — |176 href: "/codex/ide",

173| [MCP](https://developers.openai.com/codex/mcp) | |177 availability: {

174| [Subagents and custom agents](https://developers.openai.com/codex/subagents) | |178 bedrock: "available",

175| [Memories](https://developers.openai.com/codex/memories) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |179 },

176| [Chronicle](https://developers.openai.com/codex/memories/chronicle) | — |180 },

177| Cloud and integrations | |181 {

178| [Codex cloud tasks](https://developers.openai.com/codex/cloud) | — |182 name: "Codex SDK, `codex exec`, and scriptable workflows",

179| [Sites](https://developers.openai.com/codex/sites) | — |183 shortName: "Codex SDK and scripting",

180| [GitHub issue and PR delegation with `@codex`](https://developers.openai.com/codex/integrations/github#give-codex-other-tasks) | — |184 href: "/codex/sdk",

181| [GitHub code review and automatic PR reviews](https://developers.openai.com/codex/integrations/github) | — |185 availability: {

182| [Slack cloud integration](https://developers.openai.com/codex/integrations/slack) | — |186 bedrock: "available",

183| [Linear cloud integration](https://developers.openai.com/codex/integrations/linear) | — |187 },

184| Admin, security, and analytics | |188 },

185| [SAML SSO, MFA, and workspace user management](https://developers.openai.com/codex/enterprise/admin-setup) | — |189 ],

186| [`requirements.toml` managed config](https://developers.openai.com/codex/enterprise/managed-configuration) | |190 },

187| [Cloud-managed config policies](https://developers.openai.com/codex/enterprise/managed-configuration#cloud-managed-requirements) | — |191 {

188| [Codex RBAC and custom roles](https://developers.openai.com/codex/enterprise/admin-setup#step-2-set-up-custom-roles-rbac) | — |192 title: "Models and multimodal",

189| [SCIM, EKM, and domain verification](https://developers.openai.com/codex/enterprise/admin-setup#enterprise-grade-security-and-privacy) | — |193 features: [

190| [Enterprise retention and residency controls](https://developers.openai.com/codex/enterprise/admin-setup#enterprise-grade-security-and-privacy) | — |194 {

191| [No training on API or business data by default](https://openai.com/business-data/) | |195 name: "Bedrock-backed inference with supported OpenAI models",

192| [Analytics dashboard](https://developers.openai.com/codex/enterprise/governance#analytics-dashboard) | — |196 shortName: "Bedrock-backed inference",

193| [Analytics API](https://developers.openai.com/codex/enterprise/governance#analytics-api) | — |197 href: "/codex/amazon-bedrock",

194| [Compliance API and audit logs](https://developers.openai.com/codex/enterprise/governance#compliance-api) | — |198 availability: {

195| [Codex Security for connected GitHub repositories](https://developers.openai.com/codex/security) | — |199 bedrock: "available",

~~196~~ 200 },

197\* Feature is currently limited to only specific regions. Check201 },

198the individual feature documentation to learn more about geo restrictions.202 {

~~199~~ 203 name: "Fast mode",

200† Some first party plugins are not available.204 href: "/codex/speed",

205 availability: {

206 bedrock: "unavailable",

207 },

208 },

209 {

210 name: "Image generation and editing",

211 href: "/codex/app/features#image-generation",

212 availability: {

213 bedrock: "unavailable",

214 },

215 },

216 {

217 name: "Voice dictation",

218 href: "/codex/app/features#voice-dictation",

219 availability: {

220 bedrock: "unavailable",

221 },

222 },

223 {

224 name: "Web search",

225 href: "/codex/app/features#web-search",

226 availability: {

227 bedrock: "unavailable",

228 },

229 },

230 ],

231 },

232 {

233 title: "Local features",

234 features: [

235 {

236 name: "Local code review with `/review`",

237 shortName: "Local code review",

238 href: "/codex/workflows#do-a-local-code-review",

239 availability: {

240 bedrock: "available",

241 },

242 },

243 {

244 name: "Auto-review for approval requests",

245 href: "/codex/concepts/sandboxing/auto-review",

246 availability: {

247 bedrock: "available",

248 },

249 },

250 {

251 name: "Sandboxing and permission controls",

252 href: "/codex/permissions",

253 availability: {

254 bedrock: "available",

255 },

256 },

257 {

258 name: "Project and standalone app automations",

259 shortName: "App automations",

260 href: "/codex/app/automations",

261 availability: {

262 bedrock: "available",

263 },

264 },

265 {

266 name: "Automations",

267 href: "/codex/app/automations",

268 availability: {

269 bedrock: "available",

270 },

271 },

272 {

273 name: "Worktrees and built-in Git tools",

274 shortName: "Built-in Git tools",

275 href: "/codex/app/worktrees",

276 availability: {

277 bedrock: "available",

278 },

279 },

280 {

281 name: "Local environments and repeatable actions",

282 shortName: "Repeatable actions",

283 href: "/codex/app/local-environments",

284 availability: {

285 bedrock: "available",

286 },

287 },

288 {

289 name: "Appshots",

290 href: "/codex/appshots",

291 availability: {

292 bedrock: "available",

293 },

294 },

295 ],

296 },

297 {

298 title: "Browser and remote control",

299 features: [

300 {

301 name: "In-app browser previews and comments",

302 shortName: "In-app browser",

303 href: "/codex/app/browser",

304 availability: {

305 bedrock: "available",

306 },

307 },

308 {

309 name: "Browser Use automation",

310 href: "/codex/app/browser#browser-use",

311 availability: {

312 bedrock: "limited",

313 },

314 },

315 {

316 name: "Chrome extension browser control",

317 shortName: "Chrome browser control",

318 href: "/codex/app/chrome-extension",

319 availability: {

320 bedrock: "limited",

321 },

322 },

323 {

324 name: "Computer Use",

325 href: "/codex/app/computer-use",

326 availability: {

327 bedrock: "limited",

328 },

329 },

330 {

331 name: "SSH remote connections",

332 shortName: "SSH remote",

333 href: "/codex/remote-connections#connect-to-an-ssh-host",

334 availability: {

335 bedrock: "available",

336 },

337 },

338 {

339 name: "Mobile remote control",

340 href: "/codex/remote-connections",

341 availability: {

342 bedrock: "unavailable",

343 },

344 },

345 ],

346 },

347 {

348 title: "Customization and extensions",

349 features: [

350 {

351 name: "Custom instructions with `AGENTS.md`",

352 shortName: "Custom instructions",

353 href: "/codex/guides/agents-md",

354 availability: {

355 bedrock: "available",

356 },

357 },

358 {

359 name: "Skills",

360 href: "/codex/skills",

361 availability: {

362 bedrock: "available",

363 },

364 },

365 {

366 name: "Plugins",

367 href: "/codex/plugins",

368 availability: {

369 bedrock: "limited",

370 },

371 limitedFootnote: "plugins",

372 },

373 {

374 name: "Plugin sharing",

375 href: "/codex/plugins/build#share-a-local-plugin-with-your-workspace",

376 availability: {

377 bedrock: "unavailable",

378 },

379 },

380 {

381 name: "App connectors",

382 href: "/codex/plugins",

383 availability: {

384 bedrock: "unavailable",

385 },

386 },

387 {

388 name: "MCP",

389 href: "/codex/mcp",

390 availability: {

391 bedrock: "available",

392 },

393 },

394 {

395 name: "Subagents and custom agents",

396 shortName: "Subagents",

397 href: "/codex/subagents",

398 availability: {

399 bedrock: "available",

400 },

401 },

402 {

403 name: "Memories",

404 href: "/codex/memories",

405 availability: {

406 bedrock: "limited",

407 },

408 },

409 {

410 name: "Chronicle",

411 href: "/codex/memories/chronicle",

412 availability: {

413 bedrock: "unavailable",

414 },

415 },

416 ],

417 },

418 {

419 title: "Cloud and integrations",

420 features: [

421 {

422 name: "Codex cloud tasks",

423 shortName: "Cloud tasks",

424 href: "/codex/cloud",

425 availability: {

426 bedrock: "unavailable",

427 },

428 },

429 {

430 name: "Sites",

431 href: "/codex/sites",

432 availability: {

433 bedrock: "unavailable",

434 },

435 },

436 {

437 name: "GitHub issue and PR delegation with `@codex`",

438 shortName: "GitHub delegation",

439 href: "/codex/integrations/github#give-codex-other-tasks",

440 availability: {

441 bedrock: "unavailable",

442 },

443 },

444 {

445 name: "GitHub code review and automatic PR reviews",

446 shortName: "GitHub PR reviews",

447 href: "/codex/integrations/github",

448 availability: {

449 bedrock: "unavailable",

450 },

451 },

452 {

453 name: "Slack cloud integration",

454 shortName: "Slack integration",

455 href: "/codex/integrations/slack",

456 availability: {

457 bedrock: "unavailable",

458 },

459 },

460 {

461 name: "Linear cloud integration",

462 shortName: "Linear integration",

463 href: "/codex/integrations/linear",

464 availability: {

465 bedrock: "unavailable",

466 },

467 },

468 ],

469 },

470 {

471 title: "Admin, security, and analytics",

472 features: [

473 {

474 name: "SAML SSO, MFA, and workspace user management",

475 shortName: "Workspace management",

476 href: "/codex/enterprise/admin-setup",

477 availability: {

478 bedrock: "unavailable",

479 },

480 },

481 {

482 name: "`requirements.toml` managed config",

483 shortName: "`requirements.toml` config",

484 href: "/codex/enterprise/managed-configuration",

485 availability: {

486 bedrock: "available",

487 },

488 },

489 {

490 name: "Cloud-managed config policies",

491 shortName: "Cloud-managed policies",

492 href: "/codex/enterprise/managed-configuration#cloud-managed-requirements",

493 availability: {

494 bedrock: "unavailable",

495 },

496 },

497 {

498 name: "Codex RBAC and custom roles",

499 shortName: "RBAC and roles",

500 href: "/codex/enterprise/admin-setup#step-2-set-up-custom-roles-rbac",

501 availability: {

502 bedrock: "unavailable",

503 },

504 },

505 {

506 name: "SCIM, EKM, and domain verification",

507 shortName: "SCIM, EKM, and domains",

508 href: "/codex/enterprise/admin-setup#enterprise-grade-security-and-privacy",

509 availability: {

510 bedrock: "unavailable",

511 },

512 },

513 {

514 name: "Enterprise retention and residency controls",

515 shortName: "Retention and residency",

516 href: "/codex/enterprise/admin-setup#enterprise-grade-security-and-privacy",

517 availability: {

518 bedrock: "unavailable",

519 },

520 },

521 {

522 name: "No training on API or business data by default",

523 shortName: "No default training",

524 href: "https://openai.com/business-data/",

525 availability: {

526 bedrock: "available",

527 },

528 },

529 {

530 name: "Analytics dashboard",

531 href: "/codex/enterprise/governance#analytics-dashboard",

532 availability: {

533 bedrock: "unavailable",

534 },

535 },

536 {

537 name: "Analytics API",

538 href: "/codex/enterprise/governance#analytics-api",

539 availability: {

540 bedrock: "unavailable",

541 },

542 },

543 {

544 name: "Compliance API and audit logs",

545 shortName: "Compliance and audit logs",

546 href: "/codex/enterprise/governance#compliance-api",

547 availability: {

548 bedrock: "unavailable",

549 },

550 },

551 {

552 name: "Codex Security for connected GitHub repositories",

553 shortName: "Codex Security",

554 href: "/codex/security",

555 availability: {

556 bedrock: "unavailable",

557 },

558 },

559 ],

560 },

561 ],

562 }}

563 />

564

565 <div

566 id="codex-plan-region-limits"

567 className="not-prose mt-3 text-sm text-secondary"

568 >

569 <sup>*</sup> Feature is currently limited to only specific regions. Check

570 the individual feature documentation to learn more about geo restrictions.

571 </div>

572 <div

573 id="codex-plan-plugin-limits"

574 className="not-prose mt-1 text-sm text-secondary"

575 >

576 <sup>†</sup> Some first party plugins are not available.

577 </div>

578</ToggleSection>

201 579

202## Troubleshooting580## Troubleshooting

203 581

207- You specify an AWS Region where the model is available.585- You specify an AWS Region where the model is available.

208- The Bedrock API key or AWS credentials are valid and not expired.586- The Bedrock API key or AWS credentials are valid and not expired.

209- The AWS identity has permission to access the selected Bedrock model.587- The AWS identity has permission to access the selected Bedrock model.

210- `AWS_BEARER_TOKEN_BEDROCK` isn’t set to an expired or unintended key.588- `AWS_BEARER_TOKEN_BEDROCK` isn't set to an expired or unintended key.

211- For desktop app or VS Code extension usage, required environment variables589- For desktop app or VS Code extension usage, required environment variables

212 are present in `~/.codex/.env`.590 are present in `~/.codex/.env`.

213 591

219 597

220For AWS credentials, IAM permissions, Bedrock model access, quotas, billing,598For AWS credentials, IAM permissions, Bedrock model access, quotas, billing,

221regional availability, Bedrock request failures, AWS service logs, or Bedrock599regional availability, Bedrock request failures, AWS service logs, or Bedrock

222service behavior, contact the customer’s AWS administrator or AWS Support.600service behavior, contact the customer's AWS administrator or AWS Support.

~~223~~