Creating a Named Credential for Ask AI

Last published at: August 8th, 2025
Delete

Ask AI action with AWS Bedrock

The following configuration is needed only if you plan to use the 'Ask AI' action in combination with AWS Bedrock as AI model provider.

The Ask AI action‍ in Salesforce connects with AWS Bedrock via an External Credential linked to a Named Credential, instead of via a Remote Site configuration as is the case for other AI model providers. 

Setting up a Named Credential for AWS Bedrock consists of three steps:

  1. Create an External Credential
  2. Create a Named Credential
  3. Configure Principal Access

Creating an External Credential

  1. Go to Salesforce Setup > Named Credentials.
  2. On tab 'External Credentials', click New.
  3. At Label, enter AWS Bedrock
  4. At Name, enter AWS_Bedrock
  5. At Authentication Protocol, select 'AWS Signature Version 4'.
  6. At Service, enter bedrock
  7. At Region, enter your region as stated by AWS (for example 'eu-central-1' without quotes).
  8. Click Save.
  9. Scroll down to the 'Principals' section and click New.
  10. At Parameter Name, enter Keys
  11. At Access Key, enter the API Key that came with your AWS subscription.
  12. At Access Secret, enter the Secret Key that came with your AWS subscription.
  13. Click Save.

You have created the External Credential. 

Creating a Named Credential

Now create a Named Credential:

  1. Still in the Named Credentials section of the Salesforce Setup, go to tab 'Named Credentials' and click New.
  2. At Label, enter AWS Bedrock
  3. At Name, enter AWS_Bedrock
  4. At URL, enter the Amazon Bedrock Runtime API URL. It should have the format "https://bedrock-runtime.your-region-as-stated-by-AWS.amazonaws.com" (for example 'https://bedrock-runtime.eu-central-1.amazonaws.com' without quotes).
  5. At External Credential, select 'AWS Bedrock' (this is the External Credential you just created).
  6. At Allowed Namespaces for Callouts, enter plauti
  7. Click Save.

Configuring Principal Access

Next, configure principal access via a Profile or Permission Set. 

  1. Still in Salesforce Setup, go to the profile or permission set that you want to give access.
  2. Go to External Credential Principal Access and Edit.
  3. Move 'AWS_Bedrock - Keys' to the Enabled External Credential Principals.
  4. Click Save.

You have now fully configured the Named Credential. Enter AWS_Bedrock in the Ask AI action configuration at Named Credential.