From 2c6965e5e0fdb8f18c9d99fb2ea86c2b7d32e6c1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 5 May 2026 01:51:09 +0000 Subject: [PATCH] docs: update AWS credential resolution documentation Updated AWS Transcribe STT, Polly TTS, and Bedrock LLM documentation to reflect the new credential fallback chain introduced in pipecat PR #4416. Changes: - Updated Configuration parameter descriptions for api_key, aws_access_key, aws_secret_key, and aws_session_token to mention the full fallback chain - Updated Notes section in Bedrock LLM to describe the complete credential resolution order - All services now document support for IAM roles, instance profiles, IRSA, ECS task roles, SSO, and credential files via the boto3 provider chain Related: pipecat-ai/pipecat#4416 --- api-reference/server/services/llm/aws.mdx | 13 ++++++------- api-reference/server/services/stt/aws.mdx | 10 +++++----- api-reference/server/services/tts/aws.mdx | 8 ++++---- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/api-reference/server/services/llm/aws.mdx b/api-reference/server/services/llm/aws.mdx index bc57b3e9..8803bb0f 100644 --- a/api-reference/server/services/llm/aws.mdx +++ b/api-reference/server/services/llm/aws.mdx @@ -74,18 +74,17 @@ Before using AWS Bedrock LLM services, you need: - AWS access key ID. If `None`, uses the `AWS_ACCESS_KEY_ID` environment - variable or default credential chain. + AWS access key ID. If `None`, falls back to environment variables and the + default boto3 credential chain (instance profiles, IRSA, ECS task roles, SSO, + etc.). - AWS secret access key. If `None`, uses the `AWS_SECRET_ACCESS_KEY` environment - variable or default credential chain. + AWS secret access key. Same fallback behaviour as `aws_access_key`. - AWS session token for temporary credentials. If `None`, uses the - `AWS_SESSION_TOKEN` environment variable. + AWS session token for temporary credentials. @@ -208,7 +207,7 @@ await task.queue_frame( ## Notes -- **Credential chain**: If `aws_access_key` and `aws_secret_key` are not provided, the service falls back to environment variables and then the standard AWS credential chain (IAM roles, instance profiles, etc.). +- **Credential resolution**: Credentials are resolved via a fallback chain: explicit parameters → environment variables (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`) → boto3 credential provider chain (instance profiles, IRSA, ECS task roles, SSO, credential files). Services running with IAM roles no longer need to export static credentials. - **No-op tool handling**: AWS Bedrock requires at least one tool to be defined when tool content exists in the conversation. The service automatically adds a placeholder tool when needed to prevent API errors. - **Model-specific parameters**: Some models (e.g., Claude Sonnet 4.5) don't allow certain parameter combinations. The service only includes explicitly set parameters in the inference config to avoid conflicts. - **Retry behavior**: When `retry_on_timeout=True`, the first attempt uses the `retry_timeout_secs` timeout. If it times out, a second attempt is made with no timeout limit. diff --git a/api-reference/server/services/stt/aws.mdx b/api-reference/server/services/stt/aws.mdx index 4e6c150d..ef14edc7 100644 --- a/api-reference/server/services/stt/aws.mdx +++ b/api-reference/server/services/stt/aws.mdx @@ -66,17 +66,17 @@ Before using AWS Transcribe STT services, you need: ## Configuration - AWS secret access key. If `None`, uses `AWS_SECRET_ACCESS_KEY` environment - variable. + AWS secret access key. If `None`, falls back to environment variables and the + default boto3 credential chain (instance profiles, IRSA, ECS task roles, SSO, + etc.). - AWS access key ID. If `None`, uses `AWS_ACCESS_KEY_ID` environment variable. + AWS access key ID. Same fallback behaviour as `api_key`. - AWS session token for temporary credentials. If `None`, uses - `AWS_SESSION_TOKEN` environment variable. + AWS session token for temporary credentials. diff --git a/api-reference/server/services/tts/aws.mdx b/api-reference/server/services/tts/aws.mdx index 06eb5249..133285c6 100644 --- a/api-reference/server/services/tts/aws.mdx +++ b/api-reference/server/services/tts/aws.mdx @@ -69,13 +69,13 @@ Before using AWS Polly TTS services, you need: ### AWSPollyTTSService - AWS secret access key. If `None`, uses the `AWS_SECRET_ACCESS_KEY` environment - variable. + AWS secret access key. If `None`, falls back to environment variables and the + default boto3 credential chain (instance profiles, IRSA, ECS task roles, SSO, + etc.). - AWS access key ID. If `None`, uses the `AWS_ACCESS_KEY_ID` environment - variable. + AWS access key ID. Same fallback behaviour as `api_key`.