Skip to main content
Using your own AWS Bedrock access keys is optional. If you don’t configure your own keys, Metoro will use its default credentials.

Pricing

AI SRE billing works as follows:
  • If you provide your own AWS Bedrock credentials, you only pay Metoro’s normal ingest price. Your LLM usage is billed by AWS through your own Bedrock account.
  • If you do not provide your own credentials, Metoro calculates LLM usage based on the tokens consumed in your account and passes that usage through to you at cost, with no markup added.

Prerequisites

Before you begin, you’ll need:
  • An AWS account with access to AWS Bedrock
  • Permissions to create IAM users and access keys
  • Access to the AWS Management Console

Step 0: Enable Bedrock and get access to models

  1. Navigate to the AWS Console
  2. Search for and select Amazon Bedrock
  3. In the Bedrock console, go to the Model Catalog section
  4. Ensure that your account has access to the following models:
    • Claude Opus 4.5 - anthropic.claude-opus-4-5-20251101-v1:0
Metoro will likely need access to more models in the future. If Metoro does not have access to a required model, we will notify you in the product.

Step 1: Create a Bedrock API Key

  1. Navigate to the AWS Console
  2. Search for and select Amazon Bedrock
  3. In the Bedrock console, go to API Keys section
  4. Click Long-term API Keys
  5. Click Generate Long-term API Keys
  6. Set the expiration date for your API key (e.g., 3 months) - you will need to update this in Metoro before it expires
  7. Click Generate
When you create a Bedrock API Key, AWS automatically creates an associated IAM user. You’ll need to find this user in the next step.

Step 2: Find the Associated IAM User

After creating the Bedrock API Key:
  1. Navigate to the IAM Console in AWS
  2. Click on Users in the left sidebar
  3. Look for the IAM user that was automatically created for your Bedrock API Key
    • The user name typically follows a pattern related to your Bedrock API key name
    • It may have a prefix like BedrockAPIKey- or contain the API key name you specified

Step 3: Create Access Keys for the IAM User

Once you’ve found the correct IAM user:
  1. Click on the IAM user name to open the user details
  2. Navigate to the Security credentials tab
  3. Scroll down to the Access keys section
  4. Click Create access key
  5. Select Third-party service as the use case
  6. Add a description tag (optional but recommended, e.g., “Metoro AI SRE Integration”)
  7. Click Create access key
Important: This is your only opportunity to view and download the access key credentials. Make sure to:
  • Copy the Access key ID
  • Copy the Secret access key
  • Store them securely
You won’t be able to view the secret access key again after this screen.

Step 4: Configure Access Keys in Metoro

Now that you have your AWS access credentials, configure them in Metoro:
  1. Navigate to SettingsFeaturesAI SRE
  2. In the AWS Bedrock Access Credentials section:
    • Enter your Access Key ID in the “Access Key” field
    • Enter your Secret Access Key in the “Access Secret” field
  3. Click Save to store your credentials
Your credentials are encrypted and stored securely. They are never exposed in the UI after being saved.

Validating Your Configuration

You can create a dummy alert to test your AWS Bedrock access keys.
  1. Create a new alert that will breach immediately in Metoro
  2. Enable AI investigation for the alert
  3. Specify a dummy runbook that Metoro should execute
  4. Create the alert
After the alert has been created, it should immediately fire and execute the dummy runbook. Now in the AWS Console, navigate to CloudTrail and filter for events with the AWS Access Key matching your the key you entered in Metoro.

Managing Your Access Keys

Viewing Current Configuration

You can see if you have configured access keys by checking:
  • SettingsFeaturesAI SREAWS Bedrock Access Credentials
  • The current access key ID (not the secret) will be displayed if configured

Updating Access Keys

To update your access keys:
  1. Go to SettingsFeaturesAI SREAWS Bedrock Access Credentials
  2. Delete the existing key by clicking the Delete button
  3. Enter your new access credentials
  4. Click Save

Deleting Access Keys

You can remove your AWS credentials from Metoro at any time:
  1. Go to SettingsFeaturesAI SREAWS Bedrock Access Credentials
  2. Click the Delete button next to your current access key
  3. Confirm the deletion
After deletion, Metoro will automatically fall back to its default credentials.

Revoking Access in AWS

To completely revoke access, you should also delete the access key in AWS:
  1. Go to the AWS IAM Console
  2. Find the IAM user associated with your Bedrock API Key
  3. Navigate to Security credentials
  4. Find the access key and click Delete

Security Best Practices

1

Use dedicated credentials

Create a separate Bedrock API Key specifically for Metoro integration rather than reusing existing credentials.
2

Rotate keys regularly

Periodically rotate your access keys by creating new ones and updating them in Metoro, then deleting the old ones.
3

Monitor usage

Regularly review AWS CloudTrail logs to monitor the usage of your Bedrock API keys.
4

Delete unused keys

If you’re no longer using AI SRE or want to switch back to Metoro’s default credentials, delete your access keys from both Metoro and AWS.

Troubleshooting

Access Key Not Working

If your access keys aren’t working:
  1. Verify the credentials: Make sure you copied the access key and secret correctly
  2. Check IAM permissions: Ensure the IAM user has the necessary permissions to access Bedrock
  3. Verify Bedrock access: Confirm your AWS account has access to the Bedrock models you need

Permission Errors

If you encounter permission errors:
  1. Check that the IAM user has the bedrock:InvokeModel permission
  2. Verify the user has access to the specific models Metoro needs
  3. Ensure there are no restrictive policies blocking access

Need Help?

If you’re experiencing issues setting up your AWS Bedrock access keys:
  • Contact our support team through your dedicated support channel
  • Join our community Slack workspace and a member of our team will help you.