litellm - 💡(How to fix) Fix [Bug]: Bedrock passthrough deployment initialization fails with IAM/OIDC credentials because api_key is required

Bug Report

Summary

When use_in_pass_through: true is enabled for a Bedrock model deployment that uses IAM/OIDC credentials (via aws_role_name, aws_session_name, aws_web_identity_token) instead of an api_key, the deployment initialization fails with:

Error creating deployment: api_key is required for setting pass-through credentials, ignoring and continuing with other deployments.

Root Cause

The passthrough deployment initialization code has a special branch for vertex_ai, but Bedrock falls through to the generic handling path that calls set_pass_through_credentials(api_key=api_key). This raises an error when api_key is None, which is the expected state for Bedrock deployments using AWS IAM/OIDC authentication.

Because the invalid deployment is silently ignored ("ignoring and continuing with other deployments"), the Bedrock deployment is skipped entirely — breaking not only passthrough routing but also normal (non-passthrough) model routing for that deployment.

Impact

• Production-impacting: enabling use_in_pass_through: true on any Bedrock deployment using IAM/OIDC causes the deployment to be dropped.
• Normal Bedrock routing (non-passthrough) also breaks because the deployment is skipped during initialization.

Minimal Config to Reproduce

model_list:
  - model_name: bedrock-claude
    litellm_params:
      model: bedrock/anthropic.claude-3-5-sonnet-20241022-v2:0
      aws_role_name: "arn:aws:iam::123456789012:role/MyRole"
      aws_session_name: "my-session"
      aws_web_identity_token: "oidc-token-value"
      use_in_pass_through: true
      # No api_key — Bedrock uses IAM/OIDC credentials

Actual Behavior

Error creating deployment: api_key is required for setting pass-through credentials, ignoring and continuing with other deployments.

The deployment is silently dropped from the router.

Expected Behavior

• Bedrock passthrough initialization should support AWS IAM/OIDC credentials (aws_role_name, aws_session_name, aws_web_identity_token) without requiring api_key.
• At minimum, a deployment marked with use_in_pass_through: true should not be dropped from normal (non-passthrough) routing if passthrough credential setup fails.

Related Issues

• #15643 — exact same error message, closed as stale with no fix applied.
• #16497 — related open feature request for AWS credentials from config.yaml for Bedrock passthrough, but does not cover OIDC/IAM role assumption.

Question

Is Bedrock passthrough with aws_role_name / aws_web_identity_token (OIDC/IAM) supported or planned? If not yet supported, could the initialization at least avoid dropping the deployment from normal routing?

Environment

• LiteLLM version: latest (also reproduced on recent prior versions)
• Provider: AWS Bedrock
• Authentication: IAM/OIDC (STS AssumeRoleWithWebIdentity)