AWS recently announced the Claude apps gateway for AWS, a self-hosted control plane that gives organizations a single point of control over access, cost, and policy for Claude Code and Claude Desktop.
The gateway routes inference requests to Amazon Bedrock or to Claude Platform on AWS, and replaces per-developer cloud credentials, manually distributed settings, and separate spend-tracking tooling. The AWS announcement follows Anthropic's introduction of the gateway a week earlier for Amazon Bedrock and Google Cloud. Google Cloud published its own deployment walkthrough for running the gateway on Cloud Run, meaning all three vendors have now shipped first-party deployment guidance for the same control plane.
The gateway ships inside the same Claude Code CLI binary that developers already install. Moreover, the deployment is within a single stateless container. Organizations can run it either on Amazon ECS, Amazon EKS, or Amazon EC2 behind an internal Application Load Balancer, with Amazon RDS for PostgreSQL holding short-lived sign-in state and rate-limit counters. Anthropic builds the gateway and the client together, which shows in the login flow: sign in once, and the client picks up managed settings on its own while the gateway checks policy on every request that passes through.
The gateway handles five responsibilities:
- For identity, it acts as an OpenID Connect relying party against any standards-compliant provider; developers sign in through browser single sign-on and receive a short-lived token, with sessions expiring within a configured lifetime after a user is removed from the identity provider.
- For policy, administrators define managed settings once on the server, scoped by identity provider group, covering allowed models, tool permissions, and defaults that developers cannot override locally.
- For telemetry, the client stamps a usage metric on every request, and the gateway relays it over the OpenTelemetry Protocol to a collector the organization configures, such as Amazon CloudWatch or Amazon Managed Service for Prometheus.
- For routing, the gateway holds the upstream credential and forwards requests on developers' behalf, with optional failover across AWS Regions or accounts.
- Finally, spend caps apply daily, weekly, and monthly limits per organization, group, or user, blocking further requests once a cap is exceeded.
(Source: AWS News blog post) Configuration is a single YAML file read at startup. The Bedrock upstream uses the container's IAM task role, so no static credentials are involved, and model identifiers match the Anthropic API without Bedrock ARNs or inference profiles. Anthropic's documentation notes the gateway translates the Anthropic Messages API for each upstream, listing Amazon Bedrock, Claude Platform on AWS, Google Cloud's Agent Platform, Microsoft Foundry, and the Anthropic API as options, with failover between them.
The deployment choice determines the data path. When used with Amazon Bedrock, inference requests stay within the AWS security boundary and inherit the same data handling controls as other Bedrock workloads. AWS positions Bedrock as the option for data residency requirements, while Claude Platform on AWS targets teams that want Anthropic's native platform experience without leaving AWS authentication and billing.
Within a day of launch, practitioners were probing the identity edge cases the gateway does not yet address. On LinkedIn, Christoph Klingspor asked how to handle workload identity for organizations outside the gateway's target setup:
Any thought on how we could give Claude Code an identity with a role? Best idea I had so far was AWS Private CA. Use case is for companies not yet using Anthropic on AWS but rather a normal subscription.
Shweta S., a security lead at AWS, described the pattern that closes the gap:
Good instinct on Private CA — but the piece that gives it an identity+role is IAM Roles Anywhere. Private CA (or your own existing CA) issues the X.509 cert; Roles Anywhere swaps it for temporary AWS creds tied to an IAM role, so no long-lived keys. Just wire up its credential helper and Claude Code's AWS tooling picks up the scoped creds automatically.
Christopher Dorsey, an enterprise sales leader, described in another LinkedIn post why the cost attribution features matter commercially:
Every enterprise AI rollout I've been around stalls in the same spot: the champion loves it, then IT and finance can't see who's spending what, so the whole thing gets capped at a pilot. Spend caps and visibility enforced server-side make that pretty much moot. Selling AI into Enterprise, the "no" almost never came from the product. It came from security and procurement not being able to govern it.
The release also signals a shift in where the control layer for AI coding tools lives. Enterprise identity, policy, cost attribution, and spend caps now ship as first-party infrastructure from the model provider, territory that third-party gateways and in-house tooling used to hold. The question platform teams now face is whether per-vendor gateways or a neutral control point should govern a multi-model estate. Anthropic states in its announcement that it is publishing the protocol the gateway uses, so other gateway developers can implement the same features.
The Claude apps gateway for AWS is available now. Developers can download the Claude Code CLI and consult the Claude apps gateway documentation on Anthropic's developer site, which covers configuration, per-IdP setup, and deployment guides for container platforms. AWS also published a samples repository with deployment examples for container platforms.