feat: Add Bedrock provider support to inference configuration

[skamenan7]

What does this PR do?

Adds AWS Bedrock provider support to the llama-stack distribution by configuring the remote::bedrock provider in both build.yaml and run.yaml files. This enables users to leverage AWS Bedrock models for inference through the llama-stack framework.

The changes include:

• Added remote::bedrock provider type to build.yaml inference providers
• Added complete bedrock-inference provider configuration in run.yaml with AWS credentials and connection settings

Summary by CodeRabbit

• New Features

  • Added support for Amazon Bedrock as a remote inference provider.
  • Configure Bedrock via environment-backed settings for AWS credentials, region, retries, and timeouts.

• Chores

  • Updated container dependencies to include the AWS SDK for Python (boto3) to enable Bedrock integration.

[coderabbitai]

Walkthrough

Adds boto3 to the container image dependencies, introduces a new remote::bedrock inference provider in the build specification, and configures a bedrock-inference provider in the runtime with AWS credential and retry/timeout settings via environment variables.

Changes

Cohort / File(s)	Summary
Container image dependencies distribution/Containerfile	Inserts boto3 into the multi-line RUN pip install list (after autoevals, before chardet). No other changes.
Distribution spec: providers distribution/build.yaml	Adds provider_type: remote::bedrock to distribution_spec.providers.inference. Position: between remote::vllm and inline::sentence-transformers.
Runtime configuration: providers distribution/run.yaml	Adds bedrock-inference with provider_type: remote::bedrock and a config block using ${env.*} for AWS credentials and retry/timeout/session settings. Existing providers untouched.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Client
  participant Orchestrator as Inference Orchestrator
  participant Provider as Bedrock Provider (remote::bedrock)
  participant AWS as AWS Bedrock

  Client->>Orchestrator: Submit inference request
  Orchestrator->>Provider: Route request (model, payload)
  Note over Provider: Load AWS config from env\n(keys, region, retries/timeouts)
  Provider->>AWS: Invoke model inference
  AWS-->>Provider: Response / Error
  alt Success
    Provider-->>Orchestrator: Inference result
    Orchestrator-->>Client: Result
  else Error/Retry
    Provider->>AWS: Retry per retry_mode/attempts
    AWS-->>Provider: Final response
    Provider-->>Orchestrator: Result or failure
    Orchestrator-->>Client: Result or error
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and concisely describes the primary change—adding AWS Bedrock provider support to the inference configuration—so it accurately reflects the main intent of the PR and is specific enough for teammates scanning history. It is a single sentence and avoids irrelevant details or noise. The "feat:" conventional commit prefix is appropriate if the repository follows that style.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

A whisk of ears, a hop—new paths unlock,
Bedrock hums where cloud and carrots rock.
Boto3 tucked snug in our build-time pack,
YAML trails guide every nimble track.
With keys and timeouts neatly aligned—
We nibble latency, leave errors behind. 🥕✨

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97c7e6d and e9d51fd.

📒 Files selected for processing (3)

• distribution/Containerfile (1 hunks)
• distribution/build.yaml (1 hunks)
• distribution/run.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• distribution/build.yaml
• distribution/run.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test-push (linux/amd64)

🔇 Additional comments (1)

distribution/Containerfile (1)

11-11: Pin boto3 to a Bedrock-capable version.

distribution/Containerfile installs unpinned boto3 (line 11). distribution/run.yaml references provider_type: remote::bedrock — pin boto3 >=1.28.57. If Bedrock Converse APIs are required, pin boto3 >=1.34.116 (requires botocore >=1.34.116). No 'converse' calls found in the repo — confirm whether Converse is required.

Apply:

-    boto3 \
+    boto3>=1.28.57 \

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[skamenan7]

cc: @leseb , @nathan-weinberg

[nathan-weinberg]

cc: @leseb , @nathan-weinberg

There is no need to cc us, the CODEOWNERS mechanism already auto-adds repo owners

[nathan-weinberg]

This looks good to me, would like to wait for final approval from @leseb before merging

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

distribution/Containerfile (1)

11-11: Pin boto3 and ensure this change is generator-backed.

• Consider pinning to avoid surprise major upgrades:

-    boto3 \
+    boto3>=1.34,<2 \

• This file is auto-generated; please confirm build.py (or the generator inputs) now include boto3, otherwise a regen may drop it.

distribution/run.yaml (2)

22-34: Prefer AWS default credential chain; avoid passing empty strings.

If the provider forwards empty strings to boto3 Session, it can short-circuit the default chain. Either:

• Ensure the provider treats empty values as None/unset, or
• Drop the explicit credential keys and rely on env/IMDS/profile by default.

Optionally simplify config (keep region/timeouts) and only set creds when needed.

---

30-34: Set safer defaults for retries/timeouts for inference.

Suggested tweaks:

-      total_max_attempts: ${env.AWS_MAX_ATTEMPTS:=}
-      retry_mode: ${env.AWS_RETRY_MODE:=}
-      connect_timeout: ${env.AWS_CONNECT_TIMEOUT:=60}
-      read_timeout: ${env.AWS_READ_TIMEOUT:=60}
+      total_max_attempts: ${env.AWS_MAX_ATTEMPTS:=8}
+      retry_mode: ${env.AWS_RETRY_MODE:=standard}
+      connect_timeout: ${env.AWS_CONNECT_TIMEOUT:=10}
+      read_timeout: ${env.AWS_READ_TIMEOUT:=300}

This balances faster fail on connect with enough read headroom for streaming responses.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d50ebe and 97c7e6d.

📒 Files selected for processing (3)

• distribution/Containerfile (1 hunks)
• distribution/build.yaml (1 hunks)
• distribution/run.yaml (1 hunks)

🔇 Additional comments (3)

distribution/build.yaml (1)

7-7: Bedrock provider registration looks good.

The addition is syntactically correct and aligns with how other providers are listed.

distribution/Containerfile (1)

11-11: Sanity check Python baseline mismatch.

build.yaml references a Python 3.11 UBI image, while this Containerfile uses Python 3.12. Please confirm llama-stack==0.2.18 and the Bedrock provider are 3.12-compatible, or align baselines.

distribution/run.yaml (1)

22-34: No change required — remote::bedrock is present in llama-stack v0.2.18

Verified: remote::bedrock is included in v0.2.18 (support present since at least v0.2.10).