AWS adds support for three new condition keys to govern API keys for Amazon Bedrock

AWS today launched three new condition keys that help administrators govern [API keys for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/api-keys.html). The new condition keys help you control the generation, expiration, and the type of API keys allowed. Amazon Bedrock supports two types of API keys: short-term API keys valid for up to 12 hours or long-term API keys which are [IAM service-specific credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id%5Fcredentials%5Fservice-specific-creds.html) for use with Bedrock only. The new iam:ServiceSpecificCredentialServiceName condition key lets you control what target AWS services are allowed when creating IAM service-specific credentials. For example, you could allow the creation of Bedrock long-term API keys but not credentials for AWS CodeCommit or Amazon Keyspaces. The new iam:ServiceSpecificCredentialAgeDays condition key lets you control the maximum duration of Bedrock long-term API keys at creation. The new bedrock:BearerTokenType condition key let’s you allow or deny Bedrock requests based on whether the API key is short-term or long-term. These new condition keys are available in all AWS Regions. To learn more about using the new condition keys, visit the [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference%5Fpolicies%5Fiam-condition-keys.html#available-keys-for-iam) or [Amazon Bedrock User Guide](https://docs.aws.amazon.com/bedrock/latest/userguide/api-keys-permissions.html).