AWS Bedrock Chat Node with IAM Assume Role Credential

The idea is:

Add support for AWS (Assume Role) credentials to the AWS Bedrock Chat Model node, in addition to the currently supported AWS (IAM) credentials with static API access keys.

My use case:

We need to enable multiple n8n users to access AWS Bedrock services without sharing static AWS access keys. Using IAM Role assumption would allow us to:

• Share one n8n credential configuration across multiple users securely

• Use temporary credentials that automatically expire instead of long-lived access keys

• Follow AWS security best practices by implementing the principle of least privilege

• Maintain better audit trails through role session tracking in AWS CloudTrail

• Enable cross-account access to Bedrock resources when needed

• Simplify credential rotation and management

I think it would be beneficial to add this because:

This feature would solve several critical security and operational challenges:

1. Enhanced Security: Eliminates the need to share static AWS access keys across team members, reducing the risk of credential exposure and unauthorized access.

2. AWS Best Practices Alignment: Follows AWS’s recommended security practices for credential management, as outlined in their security documentation.

3. Consistency Across n8n AWS Nodes: Many other AWS nodes already support Assume Role credentials (AWS S3, AWS SES, AWS SQS, AWS Rekognition, AWS Textract, AWS Transcribe, etc.), but the AWS Bedrock Chat Model node currently doesn’t. This creates an inconsistency in the platform.

4. Easier Credential Management: Centralized credential management through IAM roles instead of distributing and rotating API keys manually.

5. Better Compliance: Temporary credentials and detailed audit trails help organizations meet security compliance requirements (SOC 2, ISO 27001, etc.).

6. Server Deployment Support: Would enable using EC2 instance profiles, ECS task roles, or EKS pod identities for seamless authentication in production environments.

Any resources to support this?

• AWS IAM Role Documentation

• AWS STS AssumeRole API Documentation

• AWS Security Best Practices

• n8n already has a working implementation for AWS Assume Role credentials used by other AWS nodes (as documented in the n8n documentation provided above)

Are you willing to work on this?
No, lack of node knowledge