I tried creating an IAM role that only allows running Claude models on Amazon Bedrock within Japan
This page has been translated by machine translation. View original
This is Suzuki from the Data Business Division.
Since October last year, the Japan domestic cross-region inference feature has been released, enabling inference confined within Japan for some Claude models.
It is introduced in the following materials.
Basically, you just need to use the system inference profile for Japan domestic cross-region inference, but it is reassuring to also specify in IAM policies that execution in other regions is not allowed, so I will introduce that here.
Note that restriction is also possible with Service Control Policy, but I will not cover that this time.
Checking How to Specify in IAM Policies
The IAM policy specification method is introduced in Geographic cross-Region inference.
Within the policy, the following permissions are configured.
- Invoking a model with a specified inference profile.
- Invoking with a model that may be routed by the inference profile. In this case, the specified inference profile must be used.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantGeoCrisInferenceProfileAccess",
"Effect": "Allow",
"Action": "bedrock:InvokeModel",
"Resource": [
"arn:aws:bedrock:us-east-1:<ACCOUNT_ID>:inference-profile/us.anthropic.claude-sonnet-4-5-20250929-v1:0"
]
},
{
"Sid": "GrantGeoCrisModelAccess",
"Effect": "Allow",
"Action": "bedrock:InvokeModel",
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0",
"arn:aws:bedrock:us-east-2::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0",
"arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
],
"Condition": {
"StringEquals": {
"bedrock:InferenceProfileArn": "arn:aws:bedrock:us-east-1:<ACCOUNT_ID>:inference-profile/us.anthropic.claude-sonnet-4-5-20250929-v1:0"
}
}
}
]
}
※ Quoted from the above guide
Which AWS regions can be the destination in an inference profile could be confirmed from the inference profile being used.
The following is the inference profile for the domestic Claude 4.5 Sonnet model.
Also, as shown below, the aws bedrock get-inference-profile command allows you to check by ARN which models will be used.
aws bedrock get-inference-profile \
--region ap-northeast-1 \
--inference-profile-identifier "jp.anthropic.claude-sonnet-4-5-20250929-v1:0" \
--output json
{
"inferenceProfileName": "JP Anthropic Claude Sonnet 4.5",
"description": "Routes requests to Claude Sonnet 4.5 in ap-northeast-3, ap-northeast-1.",
"createdAt": "2025-09-27T02:18:20.378000+00:00",
"updatedAt": "2025-09-28T06:44:23.623000+00:00",
"inferenceProfileArn": "arn:aws:bedrock:ap-northeast-1:<ACCOUNT_ID>:inference-profile/jp.anthropic.claude-sonnet-4-5-20250929-v1:0",
"models": [
{
"modelArn": "arn:aws:bedrock:ap-northeast-3::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
},
{
"modelArn": "arn:aws:bedrock:ap-northeast-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
}
],
"inferenceProfileId": "jp.anthropic.claude-sonnet-4-5-20250929-v1:0",
"status": "ACTIVE",
"type": "SYSTEM_DEFINED"
}
Therefore, when running Claude 4.5 Sonnet only within Japan, it is considered sufficient to set the following policy on the role that executes the inference profile.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowInvokeJPClaudeSonnet45InferenceProfile",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": [
"arn:aws:bedrock:ap-northeast-1:<ACCOUNT_ID>:inference-profile/jp.anthropic.claude-sonnet-4-5-20250929-v1:0"
]
},
{
"Sid": "AllowClaudeSonnet45FoundationModelsOnlyViaJPProfile",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": [
"arn:aws:bedrock:ap-northeast-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0",
"arn:aws:bedrock:ap-northeast-3::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
],
"Condition": {
"StringEquals": {
"bedrock:InferenceProfileArn": "arn:aws:bedrock:ap-northeast-1:<ACCOUNT_ID>:inference-profile/jp.anthropic.claude-sonnet-4-5-20250929-v1:0"
}
}
}
]
}
Trying Inference with an IAM Role That Has the Policy Configured
0. Preparing the IAM Role
I created an IAM role with the above policy attached, switched to that role, and verified whether inference with Claude 4.5 Sonnet was possible from the AWS CLI.
At that time, since I wanted an environment where CLI commands could be easily executed, I also attached the AWSCloudShellFullAccess policy to enable the use of Cloud Shell.
1. When Specifying a Japan Domestic Inference Profile
First, I tried running the model by specifying the Japan domestic inference profile that was permitted in the IAM policy.
I executed the following command.
aws bedrock-runtime converse \
--region ap-northeast-1 \
--model-id "jp.anthropic.claude-sonnet-4-5-20250929-v1:0" \
--messages '[
{
"role": "user",
"content": [
{
"text": "日本語で一言だけ自己紹介してください。"
}
]
}
]' \
--inference-config '{
"maxTokens": 200,
"temperature": 0.2
}'
A response was successfully generated as shown below.
2. When Specifying a Non-Japan Inference Profile
Next, I tried specifying a profile that uses a global model.
aws bedrock-runtime converse \
--region ap-northeast-1 \
--model-id "global.anthropic.claude-sonnet-4-5-20250929-v1:0" \
--messages '[
{
"role": "user",
"content": [
{
"text": "日本語で一言だけ自己紹介してください。"
}
]
}
]' \
--inference-config '{
"maxTokens": 200,
"temperature": 0.2
}'
An error occurred as shown below, and I confirmed that inference could not be executed.
aws: [ERROR]: An error occurred (AccessDeniedException) when calling the Converse operation: User: arn:aws:sts::<ACCOUNT_ID>:assumed-role/AllowInvokeJPClaudeSonnet45InferenceProfileRole/cm-suzuki.nayuta is not authorized to perform: bedrock:InvokeModel on resource: arn:aws:bedrock:ap-northeast-1:<ACCOUNT_ID>:inference-profile/global.anthropic.claude-sonnet-4-5-20250929-v1:0 because no identity-based policy allows the bedrock:InvokeModel action
3. When a Japan Domestic Inference Profile Is Specified but There Is No Permission for the Model
Since it was necessary to permit model Invoke within the IAM policy, I also checked what would happen if that permission was missing.
I changed the policy as follows.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowInvokeJPClaudeSonnet45InferenceProfile",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": [
"arn:aws:bedrock:ap-northeast-1:<ACCOUNT_ID>:inference-profile/jp.anthropic.claude-sonnet-4-5-20250929-v1:0"
]
}
]
}
When inference is executed in this state, an error occurs indicating no permission to execute the model as shown below, and it is clear that execution permissions for the routed destination model are also required.
aws: [ERROR]: An error occurred (AccessDeniedException) when calling the Converse operation: User: arn:aws:sts::<ACCOUNT_ID>:assumed-role/AllowInvokeJPClaudeSonnet45InferenceProfileRole/cm-suzuki.nayuta is not authorized to perform: bedrock:InvokeModel on resource: arn:aws:bedrock:ap-northeast-3::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0 because no identity-based policy allows the bedrock:InvokeModel action
Note that checking Models at a glance - Claude Sonnet 4.5 shows that Claude Sonnet 4.5 can only be used via Geo or Global, so it does not appear possible to directly specify and run individual regional models.
Also, the same page summarizes what kind of Geo inference is available for each model, which is useful as a reference.
In Closing
I introduced IAM policy settings to restrict the use of incorrect inference profiles when using inference profiles to limit data location to within Japan during data processing with Claude models.
In the verification up to this point, Claude 4.5 Sonnet has been used with reference to the documentation, but inference profiles for newer models such as JP Anthropic Claude Opus 4.8 have also been published, so those with data residency requirements during inference are encouraged to check them out.
