Skip to content

Claude apps gateway now available for Amazon Bedrock and Google Cloud

Bottom line: The Claude apps gateway eliminates manual credential management per developer for CTOs and enables centralized access control, spending limits, and telemetry for Claude Code on Bedrock and Google Cloud.

Anthropic provides a self-hosted control layer for Claude Code that enables enterprises to implement central authentication, policy management, and per-user cost attribution — without requiring individual cloud credentials to be configured per developer.

What the gateway delivers: The Claude apps gateway is a stateless container deployed on Linux with a PostgreSQL database backend. It authenticates developers against any OIDC-compatible identity provider (Google Workspace, Microsoft Entra ID, Okta), manages policies centrally (permitted models, default settings), routes inference requests to Claude API, Amazon Bedrock, or Google Cloud, and captures per-user usage metrics via OTLP to an internal collector. The gateway is delivered as a process within the same Claude binary that developers install locally.

Centralized management and control: CTOs define policies once on the server side; clients download these at login. Onboarding consists only of adding users to the identity provider, and offboarding means removing them. The gateway enforces daily, weekly, and monthly spending limits — per organization, group, or user. Long-lived secrets do not reside on developer machines; instead, the gateway issues short-lived sessions.

Data security and telemetry: Inference traffic and usage data are not transmitted to Anthropic unless the gateway is explicitly configured for the Claude API. Anthropic publishes the gateway protocol so that other implementations can offer the same functionality. Failover between Bedrock and Google Cloud is optionally available.

Deployment: The gateway is available immediately. Configuration occurs via gateway.yaml (OIDC issuer, upstream credential) and managed-settings.json on the client side; clients then connect to the local gateway on first startup. An OpenID Connect application must be registered once in the identity provider.


Source: claude.com · Published 28 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: