docs: add Anthropic Bedrock integration page

Add documentation for using Anthropic Claude models via AWS Bedrock
with Vapi. The guide covers:
- IAM role creation and configuration
- Trust policy setup with Vapi AWS Account ID (533267069243)
- Permissions policies (broad and restrictive options)
- Vapi credential creation via API
- External ID handling (user-provided or Vapi-generated)
- Troubleshooting common errors

Co-Authored-By: Claude <noreply@anthropic.com>

Author: Vapi Tasker

fern/docs.yml

@@ -586,6 +586,8 @@ navigation:
                     path: providers/model/openai.mdx
                   - page: Azure OpenAI
                     path: providers/model/azure-openai.mdx
+                  - page: Anthropic Bedrock
+                    path: providers/model/anthropic-bedrock.mdx
                   - page: Gemini
                     path: providers/model/gemini.mdx
                   - page: Groq

fern/providers/model/anthropic-bedrock.mdx

@@ -0,0 +1,249 @@
+---
+title: Anthropic Bedrock
+subtitle: Use Anthropic Claude models via AWS Bedrock with your own AWS resources
+slug: providers/model/anthropic-bedrock
+---
+
+**What is Anthropic Bedrock?**
+
+Amazon Bedrock is a fully managed service that provides access to foundation models from leading AI companies, including Anthropic's Claude models. With Bedrock, you can use Claude models through AWS infrastructure, benefiting from enterprise-grade security, regional data residency, and seamless integration with your existing AWS environment.
+
+**Custom Anthropic Bedrock Integration with Vapi:**
+
+Vapi's Anthropic Bedrock integration allows you to connect your own AWS Bedrock resources to power voice assistants with Claude models. This enables you to maintain full control over your AWS billing, use your own rate limits, and ensure data stays within your AWS environment.
+
+## Prerequisites
+
+Before configuring Anthropic Bedrock with Vapi, ensure you have:
+
+- An active AWS account with Bedrock access enabled
+- Model access granted for Anthropic Claude models in your Bedrock console
+- IAM permissions to create roles and policies
+
+## Configuration steps
+
+<Steps>
+  <Step title="Create an IAM Role in AWS">
+    Create a new IAM role that Vapi will assume to access your Bedrock resources.
+
+    1. Go to the **IAM Console** in AWS
+    2. Navigate to **Roles** and click **Create role**
+    3. Select **Custom trust policy** as the trusted entity type
+    4. Add the trust policy from the next step
+
+    <Note>
+    Choose a descriptive name for your role, such as `VapiBedrockRole`, so you can easily identify its purpose.
+    </Note>
+  </Step>
+
+  <Step title="Attach the Trust Policy">
+    Configure the trust policy to allow Vapi's AWS account to assume this role. Use the following trust policy:
+
+    ```json title="Trust Policy"
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "arn:aws:iam::533267069243:root"
+          },
+          "Action": "sts:AssumeRole",
+          "Condition": {
+            "StringEquals": {
+              "sts:ExternalId": "YOUR_EXTERNAL_ID"
+            }
+          }
+        }
+      ]
+    }
+    ```
+
+    <Warning>
+    **About External ID**: The External ID provides an additional layer of security for cross-account access. You can either:
+    - Provide your own External ID when creating the Vapi credential
+    - Let Vapi generate one for you (returned in `authenticationArtifact.externalId`)
+
+    If Vapi generates the External ID, you must update this trust policy with the generated value after creating the credential.
+    </Warning>
+  </Step>
+
+  <Step title="Attach the Permissions Policy">
+    Create and attach a permissions policy that grants access to Bedrock model invocation.
+
+    <Tabs>
+      <Tab title="Broad Access">
+        Use this policy to grant access to all Anthropic models across all regions:
+
+        ```json title="Permissions Policy (All Models)"
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "bedrock:InvokeModel",
+                "bedrock:InvokeModelWithResponseStream"
+              ],
+              "Resource": [
+                "arn:aws:bedrock:*::foundation-model/anthropic.*",
+                "arn:aws:bedrock:*:*:inference-profile/us.anthropic.*"
+              ]
+            }
+          ]
+        }
+        ```
+      </Tab>
+      <Tab title="Restrictive Access">
+        Use this policy to limit access to specific models and regions:
+
+        ```json title="Permissions Policy (Specific Models)"
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "bedrock:InvokeModel",
+                "bedrock:InvokeModelWithResponseStream"
+              ],
+              "Resource": [
+                "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-5-sonnet-*",
+                "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-7-sonnet-*",
+                "arn:aws:bedrock:us-east-1:*:inference-profile/us.anthropic.claude-3-5-sonnet-*",
+                "arn:aws:bedrock:us-east-1:*:inference-profile/us.anthropic.claude-3-7-sonnet-*"
+              ]
+            }
+          ]
+        }
+        ```
+
+        <Tip>
+        Replace `us-east-1` with your preferred AWS region. You can also add or remove specific model versions based on your needs.
+        </Tip>
+      </Tab>
+    </Tabs>
+
+    To attach the policy:
+    1. In the IAM Console, go to **Policies** and click **Create policy**
+    2. Select **JSON** and paste your chosen policy
+    3. Name the policy (e.g., `VapiBedrockInvokePolicy`)
+    4. Attach the policy to your IAM role
+  </Step>
+
+  <Step title="Create the Vapi Credential">
+    Use the Vapi API to create a credential with your AWS role information:
+
+    ```bash title="Create Credential via API"
+    curl -X POST "https://api.vapi.ai/credential" \
+      -H "Authorization: Bearer YOUR_VAPI_API_KEY" \
+      -H "Content-Type: application/json" \
+      -d '{
+        "provider": "anthropic-bedrock",
+        "region": "us-east-1",
+        "authenticationPlan": {
+          "type": "aws-sts",
+          "roleArn": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/VapiBedrockRole",
+          "externalId": "your-optional-external-id"
+        }
+      }'
+    ```
+
+    | Field | Description |
+    |-------|-------------|
+    | `provider` | Must be `anthropic-bedrock` |
+    | `region` | AWS region where Bedrock is enabled (e.g., `us-east-1`) |
+    | `authenticationPlan.type` | Must be `aws-sts` for role assumption |
+    | `authenticationPlan.roleArn` | The ARN of the IAM role you created |
+    | `authenticationPlan.externalId` | Optional: Your chosen External ID. If omitted, Vapi generates one |
+
+    <Note>
+    If you omit `externalId`, Vapi will generate one and return it in the response under `authenticationArtifact.externalId`. You must then update your IAM trust policy with this value.
+    </Note>
+  </Step>
+
+  <Step title="Update Trust Policy with Generated External ID (if applicable)">
+    If Vapi generated an External ID for you, update your IAM role's trust policy:
+
+    1. Go to the **IAM Console** and select your role
+    2. Click the **Trust relationships** tab
+    3. Click **Edit trust policy**
+    4. Replace `YOUR_EXTERNAL_ID` with the value from `authenticationArtifact.externalId`
+    5. Save the changes
+
+    Your trust policy should now look like this:
+
+    ```json title="Updated Trust Policy" {10}
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "arn:aws:iam::533267069243:root"
+          },
+          "Action": "sts:AssumeRole",
+          "Condition": {
+            "StringEquals": {
+              "sts:ExternalId": "vapi-generated-external-id-here"
+            }
+          }
+        }
+      ]
+    }
+    ```
+  </Step>
+</Steps>
+
+## Example credential configuration
+
+Here is a complete example of a Vapi credential configuration for Anthropic Bedrock:
+
+```json title="Credential Configuration"
+{
+  "provider": "anthropic-bedrock",
+  "region": "us-east-1",
+  "authenticationPlan": {
+    "type": "aws-sts",
+    "roleArn": "arn:aws:iam::123456789012:role/VapiBedrockRole",
+    "externalId": "my-secure-external-id"
+  }
+}
+```
+
+## Benefits of using Anthropic Bedrock
+
+**Enterprise security:**
+- Data residency control with regional deployments
+- Enterprise-grade security and compliance (SOC 2, HIPAA eligible, etc.)
+- Private VPC connectivity options through AWS
+
+**Custom rate limits:**
+- Use your own AWS Bedrock quotas and rate limits
+- Avoid shared resource constraints
+- Predictable costs and billing through AWS
+
+**AWS ecosystem integration:**
+- Seamless integration with existing AWS infrastructure
+- Use AWS CloudWatch for monitoring and logging
+- Leverage AWS IAM for fine-grained access control
+
+## Troubleshooting
+
+### Common error: "Access Denied"
+- **Cause**: The IAM role trust policy doesn't allow Vapi to assume the role
+- **Solution**: Verify the trust policy includes Vapi's AWS account ID (`533267069243`) and the correct External ID
+
+### Common error: "Invalid External ID"
+- **Cause**: The External ID in your trust policy doesn't match the one used by Vapi
+- **Solution**: Check the `authenticationArtifact.externalId` in your credential and update your trust policy accordingly
+
+### Common error: "Model access denied"
+- **Cause**: The IAM permissions policy doesn't grant access to the requested model, or model access isn't enabled in Bedrock
+- **Solution**:
+  1. Verify the permissions policy includes the correct model ARNs
+  2. Ensure you've enabled access to the model in the AWS Bedrock console
+
+### Common error: "Region not supported"
+- **Cause**: The specified region doesn't have Bedrock or the requested model available
+- **Solution**: Use a supported region such as `us-east-1`, `us-west-2`, or `eu-west-1`