[Bug] sdk@0.2.96 Bedrock SigV4 regression: 403 auth failure with standard AWS instance profile credentials

Resolved 💬 2 comments Opened Apr 8, 2026 by Bruno-dos-Santos Closed Apr 8, 2026

Description

claude-agent-sdk@0.2.96 (shipped with claude-code-action@v1 on 2026-04-08) broke Bedrock authentication for setups using standard AWS instance profile credentials (SigV4). All requests to Bedrock fail with 403 authentication_failed.

The release notes for v2.1.96 mention a fix for this regression, but it only covers AWS_BEARER_TOKEN_BEDROCK and CLAUDE_CODE_SKIP_BEDROCK_AUTH auth paths — the standard SigV4 path remains broken.

Error

Failed to authenticate. API Error: 403 Authorization header requires 'Credential' parameter.
Authorization header requires 'Signature' parameter.
Authorization header requires 'SignedHeaders' parameter.
(Hashed with SHA-256 and encoded with Base64) Authorization=cQ4NvdQimYUQF6TWcmXs0EbxtO23QVJZkqGmqPqAElg=

Environment

  • claude-agent-sdk: 0.2.96
  • claude-code-action: @v1 (commit 26ddc358)
  • Auth method: AWS instance profile (SigV4) via CLAUDE_CODE_USE_BEDROCK=1
  • Runner: self-hosted on EC2 with instance profile attached
  • AWS region: us-west-2

Steps to reproduce

  1. Use claude-code-action@v1 with use_bedrock: true
  2. Authenticate via EC2 instance profile (no AWS_BEARER_TOKEN_BEDROCK, no CLAUDE_CODE_SKIP_BEDROCK_AUTH)
  3. Run any prompt — all requests fail with the 403 above

Expected behavior

Requests are signed with AWS Signature V4 using the instance profile credentials, as they were in sdk@0.2.92.

Regression history

| Version | Behavior |
|---------|----------|
| sdk@0.2.92 | ✅ Works |
| sdk@0.2.94 | ❌ Broken — regression introduced alongside Mantle support |
| sdk@0.2.96 | ❌ Still broken — fix only covers Bearer/skip-auth paths |

Workaround

Pinning claude-code-action to commit 1eddb334 (sdk@0.2.92) restores correct behavior.

Related

  • Related to #44944 (same root cause, different auth path)

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗