Skip to content

[Feat] Add AWS <-> Vertex Federated Auth #15663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[Feat] Add AWS <-> Vertex Federated Auth #15663

wants to merge 4 commits into from

Conversation

@ishaan-jaff
Copy link
Contributor

@ishaan-jaff ishaan-jaff commented Oct 17, 2025
edited
Loading

[Feat] Add AWS <-> Vertex Federated Auth

Adds support for AWS to GCP Workload Identity Federation when EC2 metadata endpoints (http://169.254.169.254) are blocked. This is pretty common in security-hardened environments.

The Problem

Organizations blocking metadata service access couldn't use AWS credentials to authenticate to Vertex AI. The default Workload Identity Federation flow requires hitting an endpoint to get AWS credentials, which fails when that endpoint is restricted.

Proposed flow

  1. User provides AWS auth params (role ARN, profile, or static creds) in the credential config
  2. We use BaseAWSLLM (from Bedrock integration) to get AWS credentials via STS
  3. Wrap those credentials in a custom Boto3AwsSecurityCredentialsSupplier
  4. Pass to Google's aws.Credentials class for token exchange
  5. GCP exchanges AWS creds for GCP tokens via Workload Identity Federation
  6. Use resulting token to call Vertex AI

Relevant issues

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

  • I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
  • I have added a screenshot of my new test passing locally
  • My PR passes all unit tests on make test-unit
  • My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature
🐛 Bug Fix
🧹 Refactoring
📖 Documentation
🚄 Infrastructure
✅ Test

Changes

@vercel
Copy link

vercel bot commented Oct 17, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
litellm Error Error Oct 17, 2025 5:39pm

💡 Enable Vercel Agent with $100 free credit for automated AI reviews

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 17, 2025
View reviewed changes
litellm/llms/vertex_ai/vertex_llm_base.py
verbose_logger.debug(
"Using explicit AWS authentication for GCP federation (no metadata endpoints)"
)
verbose_logger.debug(f"AWS parameters provided: {list(aws_params.keys())}")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (secret)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression

Copilot Autofix

AI 10 days ago

To fix this issue, we should avoid logging the keys of the aws_params dictionary entirely, as they may indicate which sensitive credential types are present and potentially misconfigured. The best fix is to log only a static message indicating "AWS parameters provided" without listing their names, or simply remove this log line. If the log is genuinely useful for debugging, consider whitelisting allowed safe keys to display, or strictly redact any secret-bearing names.

Specifically:

  • Locate line 203 in litellm/llms/vertex_ai/vertex_llm_base.py.
  • Replace the line verbose_logger.debug(f"AWS parameters provided: {list(aws_params.keys())}") with a less revealing message such as verbose_logger.debug("AWS parameters provided").

No additional methods or imports are needed.

Suggested changeset 1
litellm/llms/vertex_ai/vertex_llm_base.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/litellm/llms/vertex_ai/vertex_llm_base.py b/litellm/llms/vertex_ai/vertex_llm_base.py
--- a/litellm/llms/vertex_ai/vertex_llm_base.py
+++ b/litellm/llms/vertex_ai/vertex_llm_base.py
@@ -200,7 +200,7 @@
         verbose_logger.debug(
             "Using explicit AWS authentication for GCP federation (no metadata endpoints)"
         )
-        verbose_logger.debug(f"AWS parameters provided: {list(aws_params.keys())}")
+        verbose_logger.debug("AWS parameters provided")
 
         # Use BaseAWSLLM to get AWS credentials (handles all auth flows)
         aws_llm = BaseAWSLLM()
EOF
@@ -200,7 +200,7 @@
verbose_logger.debug(
"Using explicit AWS authentication for GCP federation (no metadata endpoints)"
)
verbose_logger.debug(f"AWS parameters provided: {list(aws_params.keys())}")
verbose_logger.debug("AWS parameters provided")

# Use BaseAWSLLM to get AWS credentials (handles all auth flows)
aws_llm = BaseAWSLLM()
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ishaan-jaff