#Error 400 when using BYOK with AWS Bedrock

PROXY ERROR 400: {"error":{"message":"Provider returned error","code":400,"type":"openrouter_error"}} (unk)

This what I received, it was normal yesterday, I already do:
Check the access on AWS Bedrock : Everything was grant
Check the invokemodel and InvokeModelWithResponseStream: All including in policy
Check my input prompt: All were safe, nothing against TOS of AWS or Claude

When I test my old key on BYOK, I also received this error:
Key validation failed: Operation not allowed (Tested with: Amazon Bedrock | amazon/nova-micro-v1)

But in AWS bedrock's account or email. I didn't receive any warning.

I'm an AI assistant - my answers may be incorrect and I cannot see screenshots. Please verify information with the OpenRouter docs.

To help debug your BYOK issue with AWS Bedrock and the "Provider returned error" / "Operation not allowed" message, I need a few critical details:

1. Can you share the exact JSON configuration you are using for your AWS Bedrock key (redact sensitive info)?
2. What region is specified in your configuration?
3. Are you able to successfully invoke amazon/nova-micro-v1 directly from AWS (outside of OpenRouter) with the same credentials?

These details will help pinpoint if it's a policy, region, or key setup issue. According to the documentation, your configuration must include:

• accessKeyId
• secretAccessKey
• region

And your IAM user/role needs at least these permissions:

• bedrock:InvokeModel
• bedrock:InvokeModelWithResponseStream

You can review the full setup steps and example IAM policy in the documentation:
"To use Amazon Bedrock with OpenRouter, you’ll need to provide your AWS credentials in JSON format."
BYOK Setup Guide

-# This is an automated response powered by Answer HQ. Use !mute to stop the bot from responding.

1. I added my key through the BYOK website with IAM Credentials and it was working days before, it's only happened today
2. The region is us-east-1
3. Yes, it's working outside Openrouter

Thank you for the details. Since your AWS Bedrock key works directly but fails via OpenRouter with "Provider returned error" and "Operation not allowed," here’s what’s relevant from the documentation:

• The minimum required configuration is:

  {
    "accessKeyId": "your-aws-access-key-id",
    "secretAccessKey": "your-aws-secret-access-key",
    "region": "your-aws-region"
  }
  

  The region should match your deployed model (you set us-east-1, which is correct for many Bedrock models).

• The IAM policy must include:

  • bedrock:InvokeModel
  • bedrock:InvokeModelWithResponseStream

Example policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": "*"
    }
  ]
}

Source: BYOK Setup Guide

Since your config and permissions are already correct and the key works outside OpenRouter, this could be an OpenRouter-side validation or integration issue. I recommend:

• Double-checking that the key and region are correctly entered in your OpenRouter Integrations.
• If everything is correct and the error persists, contact the OpenRouter support team for further investigation.

For account or billing issues, email [email protected]. If it is urgent, reach out to the mods in this Discord server.

Full setup details are in the BYOK Setup Guide.

-# This is an automated response powered by Answer HQ. Use !mute to stop the bot from responding.