[BUG] 2.1.94 regression: Bedrock API key (AWS_BEARER_TOKEN_BEDROCK) returns 403 "Authorization header is missing" — works on 2.1.92
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
After upgrading to v2.1.94, authentication via AWS_BEARER_TOKEN_BEDROCK stopped working. The bearer
token is no longer sent as an Authorization: Bearer header, resulting in a 403 "Authorization
header is missing" error.
Debug logs show the auth flow is skipping the bearer token entirely — Authorization header: false
appears in the request debug output.
Downgrading to v2.1.92 resolves the issue.
What Should Happen?
Claude Code should send the AWS bearer token as an Authorization: Bearer <token> header when
AWS_BEARER_TOKEN_BEDROCK is configured, as it did in v2.1.92.
Confirmed working when pinned
to v2.1.92 with DISABLE_AUTOUPDATER=1.
Error Messages/Logs
# Startup — token present in env config
[DEBUG] CA certs: Config fallback - globalEnv keys: , settingsEnv keys:
CLAUDE_CODE_USE_BEDROCK,AWS_BEARER_TOKEN_BEDROCK,AWS_REGION,ANTHROPIC_MODEL
# Every API request — token NOT applied to client
[DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization
header: false
[ERROR] API error (attempt 1/11): 403 403 {"Message":"Authorization header is missing"}
[DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization
header: false
[ERROR] API error (attempt 2/11): 403 403 {"Message":"Authorization header is missing"}
[DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization
header: false
[ERROR] API error (attempt 3/11): 403 403 {"Message":"Authorization header is missing"}
# ... repeats through all 11 retry attempts
Steps to Reproduce
- Set
AWS_BEARER_TOKEN_BEDROCK=<your-token>,AWS_REGION=<region>,CLAUDE_CODE_USE_BEDROCK=1 - Run
claudev2.1.94 - Send any prompt
Expected: Request succeeds with bearer token in Authorization header
Actual: 403 {"Message":"Authorization header is missing"} — has Authorization header: false
logged on every attempt
Claude Model
Not sure / Multiple models
Is this a regression?
Yes, this worked in a previous version
Last Working Version
2.1.92
Claude Code Version
2.1.94 (Claude Code)
Platform
AWS Bedrock
Operating System
macOS
Terminal/Shell
iTerm2
Additional Information
- Works: v2.1.92
- Broken: v2.1.94
- Auth method:
AWS_BEARER_TOKEN_BEDROCK(ABSK) - Workaround: Pin to v2.1.92 with
DISABLE_AUTOUPDATER=1 ANTHROPIC_BEDROCK_BASE_URLis NOT set — Claude Code builds the endpoint fromAWS_REGION
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗