# how 2 AWS 4 khanon

-> ![Logo](https://gitgud.io/uploads/-/system/project/avatar/20878/warp_pipe_preview.gif){48px:48px} <-

This guide is intended to make the process of setting up AWS smoother for those wanting to use Claude with [khanon/oai-reverse-proxy](https://gitgud.io/khanon/oai-reverse-proxy), willing to pay for it but Anthropic hates end users (no API access for personal use). I am a Windowstard who just got it working on 2024-06-27, so don't ask me questions. I don't know how to do illegal things. I will simply detail step by step on how I get Claude as a Windows user.

Region model availability: https://aws.amazon.com/bedrock/pricing/
3.5 Sonnet is only on us-east-1.
Opus is only on us-west-2... and also you need to be a company with established spending.
These two regions have other Claude models as well. Limited selection outside of USA.

* Register an [AWS](https://console.aws.amazon.com/console/home) account with a credit card. I might've had to wait half an hour before doing anything, my memory is hazy.
* New accounts might not be able to request models immediately. (You may want to check next step first to make sure you really can't request models.) Go to EC2 in search bar > Launch instance > Launch a free tier t2.nano instance for several minutes until you get an email titled "Your Request For Accessing AWS Resources Has Been Validated".
![EC2 quick launch](https://i.imgur.com/G8BBtAZ.png)
* Go to Amazon Bedrock in search bar. There's a deceptively inconspicuous menu icon in the top left corner that appears only on us-east-1 and us-west-2 for USA, so make sure you select the correct region. Request the Claude models you want. Type in any junk for company name and stuff, they won't validate the info. Takes about a minute to gain access. You will get an error if you don't have permission to request.
![Amazon Bedrock page](https://i.imgur.com/YpUquWb.png)
* Go to IAM (not IAM Identity Center) > Users > Create user > make up a username (you won't use this name anywhere), press Next twice (we will attach specific policies in next step) > Create user.
* Select the user you just created > Add permissions > Create inline policy > select Bedrock > search and select `InvokeModel`, `InvokeModelWithResponseStream`, and `GetModelInvocationLoggingConfiguration`, and select "Any" next to "foundation-model", press next > Name the policy then Create policy. Back at the user's page, expanding the policy you just created will look like this:
  ![Permissions policy](https://i.imgur.com/HrX43Zz.png)
* Still at the user's page, Create access key > Other, press Next > Create access key > copy the secret key somewhere as you will never see it again. AKIA*** is the access key ID.
  Do NOT touch Key Management Service in search bar, that is something entirely different, unrelated, and costs $1/month per key.
* Maybe take a look at Budgets if you're concerned about "stolen keys" or whatever and want email alerts for expenditure. It's possible to set a daily "zero spend" budget so you know something is up the moment it passes $0.01 on a day you haven't touched it. I would have to look into actually setting a hard budget, but I'm too lazy. I haven't even used Claude much after writing this article.

You are now ready on AWS side. See [self-hosting guide](https://gitgud.io/khanon/oai-reverse-proxy/-/blob/main/docs/self-hosting.md).

* Intall [Docker](https://docs.docker.com/compose/install/) (and Docker Compose, but Docker already comes with Compose on Windows).
* Create a folder somewhere for the docker application.
* Download/copy [.env.example](https://gitgud.io/khanon/oai-reverse-proxy/-/blob/main/.env.example) and save as `.env` in the folder. Uncomment/comment as follows:
```python
SHOW_TOKEN_COSTS = true # For an idea how much is being spent
ALLOWED_MODEL_FAMILIES=aws-claude # ,aws-claude-opus (unavailable)
  # Assuming you're using AWS Claude only; this will get rid of the extra crap on the service info screen
GATEKEEPER=proxy_key # If not using user_token
# OPENAI_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Not using this
# ANTHROPIC_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Not using this
AWS_CREDENTIALS=myaccesskeyid:mysecretkey:us-east-1,anotheraccesskeyid:anothersecretkey:us-west-2
  # Obviously put your keys in here (only need one region if you're not using both Opus and 3.5 Sonnet)
  # myaccesskeyid is the thing that starts with "AKIA"; mysecretkey is 40 characters long
# AZURE_CREDENTIALS=azure-resource-name:deployment-id:api-key # Not using this
PROXY_KEY=your-secret-key # Make up a password for reverse proxy if setting GATEKEEPER to proxy_key
```
  And probably more things to worry about if you plan to let other people use it.
* You can type "cmd" into file explorer's address bar while you're in the folder to start Command Prompt with working directory set as said folder (otherwise `cd D:\path\to\folder`). Enter these commands:
```
type nul > greeting.md
curl https://gitgud.io/khanon/oai-reverse-proxy/-/raw/main/docker/docker-compose-selfhost.yml -o docker-compose.yml
docker compose up -d
```
* "Install" cloudflared? Nah, on Windows you just download the latest [release](https://github.com/cloudflare/cloudflared/releases) and maybe rename `cloudflared-windows-amd64.exe` to just `cloudflared.exe` then run `cloudflared.exe tunnel --url http://localhost:7860`.
  "nginx??" Ignore that unless you know what you're doing, in which case you might not be reading this.

Your reverse proxy server is now online.

* In the service info you will see:
```
"endpoints": {
    "aws": "https://blah-blah-blah-blah.trycloudflare.com/proxy/aws/claude"
  },
```
* Enter the link into any frontend that supports it.
  ![SillyTavern proxy server URL](https://i.imgur.com/pX54Rn9.png)

Why not stop being retarded and just use OpenRouter? Believe it or not, Bedrock (and Anthropic directly) is actually less moderated than OR "self-moderated" (meaning moderation by Anthropic). While they both refuse without prefilling and both are easily jailbroken, OR is noticeably more prude and less proactive in certain subjects, at least without significant jailbreaking.

I read a rumor that it's actually easy to get Claude API through [Anthropic](https://console.anthropic.com/) directly aside from an occasional ban. Suppose I *am* retarded, but it rubbed me the wrong way when I couldn't use my phone number to claim the $5 trial credit then I walked away.