AWS
Give your agent access to AWS services — S3, SQS, DynamoDB, Lambda, Secrets Manager, and more. The Pai sidecar signs every request with AWS SigV4 so the agent never holds credentials.
Get credentials
Create an IAM user or role with the required permissions, then generate an access key:
- Go to IAM → Users → your-user → Security credentials.
- Click Create access key.
- Copy the Access key ID and Secret access key.
Setup
Store the credentials, then create a Provider:
# 1. Store the credentials in a Pai secret
pai add secret aws-creds \
--from-literal access_key_id=AKIAIOSFODNN7EXAMPLE \
--from-literal secret_access_key=wJalrXUtnFEMI...
# 2. Create the Provider
pai apply -f - <<EOF
apiVersion: pai.io/v1
kind: Provider
metadata:
name: s3-reader
spec:
type: aws
auth:
type: aws-sigv4
secretRef: aws-creds
config:
region: us-east-1
services: [s3]
policy:
allow:
- s3:GetObject
- s3:ListBucket
- s3:HeadObject
deny:
- s3:DeleteObject
- s3:PutObject
scope:
resources:
- "arn:aws:s3:::my-bucket/*"
EOF
Config fields
| Field | Description |
|---|---|
config.region | AWS region (e.g. us-east-1) |
config.services | Restrict to specific services (e.g. [s3, sqs, dynamodb]). Omit to allow all |
Supported actions
Actions use the standard AWS IAM format service:Action:
| Service | Example actions |
|---|---|
| S3 | s3:GetObject, s3:PutObject, s3:ListBucket, s3:DeleteObject |
| SQS | sqs:SendMessage, sqs:ReceiveMessage, sqs:DeleteMessage |
| DynamoDB | dynamodb:GetItem, dynamodb:PutItem, dynamodb:Query, dynamodb:Scan |
| Lambda | lambda:InvokeFunction |
| Secrets Manager | secretsmanager:GetSecretValue |
Scope — restricting to specific resources
Pin access to specific ARNs:
scope:
resources:
- "arn:aws:s3:::my-bucket/*"
- "arn:aws:sqs:us-east-1:123456789012:my-queue"
Requests to any resource not in this list are denied, even if the action is allowed by policy.
Attach to an agent
spec:
providers:
- s3-reader
Access control
policy.allow / policy.deny gate which IAM actions agents can call; scope.resources pins them to specific ARNs; audit.enforcement: audit lets you roll a new policy out safely before flipping it to enforce. See the Policy reference for the full field list and examples.