Advanced

Multi-provider configuration

Configure Claude Code with multiple AI providers: AWS Bedrock, Google Vertex AI, and custom endpoints for enterprise deployments.

Publié le 11 mars 2026

Why use an alternative provider?

By default, Claude Code connects directly to the Anthropic API. In an enterprise context, you may need to:

Data compliance: keep requests within your AWS or GCP region
Centralized billing: consolidate costs on your cloud account
Network control: route through your VPC without public traffic
GDPR/SOC2 compliance: use certified endpoints from your cloud provider

Claude Code natively supports AWS Bedrock and Google Vertex AI, plus any proxy compatible with the OpenAI API.

AWS Bedrock

Prerequisites

An AWS account with access to Amazon Bedrock
The Claude model enabled in your region (us-east-1, us-west-2, eu-west-1...)
AWS credentials configured (aws configure or environment variables)

Enable Claude models in Bedrock

Before configuring Claude Code, enable access to Claude models in the AWS console:

AWS Console > Amazon Bedrock > Model access
Click "Manage model access"
Enable "Claude 3.5 Sonnet" (or your target model)
Accept the Anthropic terms of use

Configuration in settings.json

{
  "apiProvider": "bedrock",
  "awsRegion": "us-east-1"
}

Claude Code automatically uses your standard AWS credentials (in order of priority):

Environment variables AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY
File ~/.aws/credentials
IAM Role attached to the EC2 instance or ECS task

AWS credentials via environment variables

# Temporary configuration (current session)
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export AWS_DEFAULT_REGION="us-east-1"

claude

For permanent configuration, add to ~/.zshrc or ~/.bashrc:

export AWS_PROFILE="my-bedrock-profile"
export AWS_DEFAULT_REGION="eu-west-1"

And in settings.json:

{
  "apiProvider": "bedrock",
  "awsRegion": "eu-west-1"
}

With an assumed IAM role (STS)

For organizations using cross-account IAM roles:

# Assume an IAM role with Bedrock access
CREDS=$(aws sts assume-role \
  --role-arn "arn:aws:iam::123456789:role/ClaudeCodeBedrock" \
  --role-session-name "claude-code-session" \
  --output json)

export AWS_ACCESS_KEY_ID=$(echo "$CREDS" | jq -r '.Credentials.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo "$CREDS" | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo "$CREDS" | jq -r '.Credentials.SessionToken')

claude

Minimum required IAM policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": [
        "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-5-sonnet-20241022-v2:0",
        "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-haiku-20240307-v1:0"
      ]
    }
  ]
}

Google Vertex AI

Prerequisites

A Google Cloud project with billing enabled
The Vertex AI API enabled in your project
A service account with the Vertex AI User role
gcloud CLI installed and authenticated

Enable the Vertex AI API

# Via gcloud CLI
gcloud services enable aiplatform.googleapis.com --project=MY_PROJECT_ID

Configuration in settings.json

{
  "apiProvider": "vertex",
  "gcpProjectId": "my-gcp-project-12345",
  "gcpRegion": "us-east5"
}

Regions supporting Claude on Vertex AI include us-east5, europe-west4, and others. Check the Vertex AI documentation for the up-to-date list.

Vertex AI authentication

Claude Code uses Google Cloud's Application Default Credentials (ADC):

# Option 1: User authentication (local development)
gcloud auth application-default login

# Option 2: Service account (CI/CD, production)
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"

# Option 3: Workload Identity (GKE, Cloud Run)
# Automatically configured by the GCP platform

Create a dedicated service account

# Create the service account
gcloud iam service-accounts create claude-code-sa \
  --display-name="Claude Code Service Account" \
  --project=MY_PROJECT_ID

# Assign the minimal role
gcloud projects add-iam-policy-binding MY_PROJECT_ID \
  --member="serviceAccount:claude-code-sa@MY_PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/aiplatform.user"

# Create and download the key
gcloud iam service-accounts keys create claude-code-key.json \
  --iam-account=claude-code-sa@MY_PROJECT_ID.iam.gserviceaccount.com

OpenAI-compatible proxy

Claude Code can connect to any proxy that follows the OpenAI API, which lets you use:

An internal enterprise proxy that routes to Anthropic
On-premise LLM solutions that emulate the OpenAI API

Configuration in settings.json:

{
  "apiProvider": "openai-compatible",
  "customApiUrl": "https://my-proxy.internal.company.com/v1"
}

With an environment variable for the key:

export ANTHROPIC_API_KEY="my-proxy-key"
export ANTHROPIC_BASE_URL="https://my-proxy.internal.company.com/v1"

Choosing a model based on the task

One advantage of multi-provider is being able to choose the model based on task complexity, optimizing for cost and performance.

Model selection strategy

Model	Recommended usage	Advantage
Claude Haiku	Lightweight, frequent tasks	3x cheaper, very fast
Claude Sonnet	Main development work	Best cost/quality balance
Claude Opus	Architectural decisions	Maximum reasoning quality

Via the --model CLI flag

# Haiku for simple tasks in CI/CD
claude --print --model claude-haiku-4-5 "Generate a JSDoc comment for this function"

# Sonnet for everyday development (default)
claude --print --model claude-sonnet-4-6 "Implement this feature with tests"

# Opus for complex decisions
claude --print --model claude-opus-4-6 "Design the architecture for this distributed system"

Via settings.json (permanent configuration)

{
  "model": "claude-sonnet-4-6"
}

Multi-environment configuration

For teams that want to use Haiku in CI/CD (savings) and Sonnet in dev:

{
  "model": "claude-sonnet-4-6",
  "apiProvider": "anthropic"
}

In GitHub Actions, override the model via an environment variable:

- name: Claude Code quick check
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
    CLAUDE_MODEL: "claude-haiku-4-5"
  run: |
    claude --print --max-turns 1 "Quickly check the syntax of this file"

Credential management by provider

Configuration organization

Recommendation for enterprise teams:

Personal configuration in ~/.claude/settings.json:

{
  "apiProvider": "anthropic"
}

Project configuration in .claude/settings.json (committable):

{
  "model": "claude-sonnet-4-6",
  "apiProvider": "bedrock",
  "awsRegion": "eu-west-1"
}

Credential rotation

For long-running CI/CD pipelines, implement regular rotation:

#!/bin/bash
# API key rotation script (example with AWS Secrets Manager)

# Retrieve the new key from AWS Secrets Manager
NEW_KEY=$(aws secretsmanager get-secret-value \
  --secret-id "prod/claude-code/api-key" \
  --query SecretString \
  --output text | jq -r '.ANTHROPIC_API_KEY')

export ANTHROPIC_API_KEY="$NEW_KEY"

# Verify the key is valid
if claude --print --max-turns 1 "Just say OK" | grep -q "OK"; then
  echo "Credential rotation successful"
else
  echo "ERROR: New credential invalid" >&2
  exit 1
fi

Provider comparison

Provider	Advantages	Constraints
Anthropic direct	Simple, latest features	Traffic outside infrastructure
AWS Bedrock	AWS compliance, AWS billing	Variable latency
Google Vertex AI	GCP compliance, centralized logs	More complex setup
Custom proxy	Full control, internal data	Proxy maintenance

Next steps

You now master the advanced features of Claude Code. Explore agents to orchestrate complex workflows, or check the technical reference for exhaustive configuration options.

Headless mode and CI/CD integration

MCP Profiles: one Claude per mission