[FEATURE] Support AWS Bedrock + AWS SSO in `claude remote-control`
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Current Behavior
When a user running Claude Code via AWS Bedrock attempts to start a Remote Control session, they are blocked at the authentication layer. The Remote Control handshake requires an Anthropic account session token — which Bedrock users do not have, and cannot obtain without signing up for a separate consumer plan.
Blocked flowaws sso login → CLAUDE_CODE_USE_BEDROCK=1 → claude remote-control → ❌ Requires Anthropic login
Who Is Affected
Enterprise and team users who access Claude Code through AWS Bedrock under corporate AWS accounts
Developers and data engineers using AWS SSO / IAM Identity Center for unified credential management
Organizations with security policies that prohibit direct Anthropic account creation for individual developers
AWS-native teams who have already invested in Bedrock-based Claude Code setup and want feature parity
Business Impact
Remote Control is a high-value feature — it enables developers to monitor and steer long-running agentic tasks from mobile devices without being physically present at their workstation. Blocking Bedrock users from this feature creates a significant capability gap and undermines the value proposition of the AWS Bedrock integration.
Proposed Solution
Decoupled Auth Backend
Extend the Remote Control session registration to accept AWS Bedrock credentials in addition to Anthropic account tokens. When CLAUDE_CODE_USE_BEDROCK=1 is set, the Remote Control handshake should authenticate against AWS STS rather than the Anthropic account system.
# Desired flow
export CLAUDE_CODE_USE_BEDROCK=1
export AWS_PROFILE=my-sso-profile
export AWS_REGION=us-east-1
aws sso login --profile my-sso-profile
claude remote-control # ✅ Should work with Bedrock credentials
SSO Token Refresh in Remote Sessions
Since AWS SSO credentials have a finite TTL, the Remote Control session should honour the existing awsAuthRefresh mechanism — automatically triggering re-authentication when credentials expire, without dropping the active remote session.
// ~/.claude/settings.json
{
"env": {
"CLAUDE_CODE_USE_BEDROCK": "1",
"AWS_PROFILE": "my-sso-profile",
"AWS_REGION": "us-east-1"
},
"awsAuthRefresh": "aws sso login --profile my-sso-profile --no-browser"
}
Suggested Implementation Approach
- Abstract the Remote Control auth layer behind an interface that supports multiple identity providers (Anthropic account, AWS STS, and potentially others in future).
- When CLAUDE_CODE_USE_BEDROCK=1 is detected, use the AWS SDK credential chain to obtain a caller 3. identity via sts:GetCallerIdentity and use this as the session identity for Remote Control registration.
- Issue a short-lived Remote Control session token scoped to the AWS ARN, refreshable via awsAuthRefresh.
Ensure the Remote Control relay server can validate both Anthropic-issued and AWS STS-backed session tokens.
Alternative Solutions
| Alternative | Why It Falls Short |
|---|---|
| Use tmux over SSH | Requires always-on SSH connection; no mobile-friendly UI; not equivalent to native Remote Control UX |
| Dual auth (Anthropic + Bedrock) | Forces enterprise users to create personal Anthropic accounts, which may violate corporate security policies |
| claude --print for automation | Headless only; no interactive remote monitoring; not a substitute for Remote Control |
| Wait for Team/Enterprise RC support | Does not address the Bedrock auth gap; Team/Enterprise plans may still require Anthropic account login |
Priority
High - Significant impact on productivity
Feature Category
CLI commands and flags
Use Case Example
claude remote-control currently requires authentication via an Anthropic account (/login → claude.ai). This prevents users who access Claude Code through AWS Bedrock from using the feature at all — even though they are legitimate, paying Claude Code users accessing Claude through an officially supported channel.
This request asks the Anthropic engineering team to extend claude remote-control to support AWS Bedrock as an authentication backend, including credential flows via AWS SSO (IAM Identity Center).
Additional Context
_No response_
This issue has 11 comments on GitHub. Read the full discussion on GitHub ↗