Menu
Important
Stay updated on React2Shell
Click here

Connect to Amazon Web Services (AWS)

Last updated October 27, 2025

Secure backend access with OIDC federation is available on all plans

To understand how AWS supports OIDC, and for a detailed user guide on creating an OIDC identity provider with AWS, consult the AWS OIDC documentation.

Configure your AWS account

  1. Create an OIDC identity provider

    1. Navigate to the AWS Console
    2. Navigate to IAM then Identity Providers
    3. Select Add Provider
    4. Select OpenID Connect from the provider type
    5. Enter the Provider URL, the URL will depend on the issuer mode setting:
      • Team: , replacing with the path from your Vercel team URL
      • Global:
    6. Enter in the Audience field, replacing with the path from your Vercel team URL
    7. Select Add Provider
    Add provider values for the Global issuer mode setting. For the Team issuer mode setting, set the Provider URL to https://vercel.com/[TEAM_SLUG]
    Add provider values for the Global issuer mode setting. For the Team issuer mode setting, set the Provider URL to https://vercel.com/[TEAM_SLUG]

  2. Create an IAM role

    To use AWS OIDC Federation you must have an IAM role. IAM roles require a "trust relationship" (also known as a "trust policy") that describes which "Principal(s)" are allowed to assume the role under certain "Condition(s)".

    Here is an example of a trust policy using the Team issuer mode:

    The above policy's conditions are quite strict. It requires the sub claims to match exactly, but it's possible to configure less strict trust policies conditions:

    This policy allows any project matched by the that are targeted to and but not .

  3. Define the role ARN as environment variable

    Once you have created the role, copy the role's ARN and declare it as an environment variable in your Vercel project with key name .

    You are now ready to connect to your AWS resource in your project's code. Review the examples below.

Examples

In the following examples, you create a Vercel function in the Vercel project where you have defined the OIDC role ARN environment variable. The function will connect to a specific resource in your AWS backend using OIDC and perform a specific action using the AWS SDK.

List objects in an AWS S3 bucket

Install the following packages:

In the API route for the function, use the AWS SDK for JavaScript to list objects in an S3 bucket with the following code:

Vercel sends the OIDC token to the SDK using the function from .

Query an AWS RDS instance

Install the following packages:

In the API route for the function, use the AWS SDK for JavaScript to perform a database query from an AWS RDS instance with the following code:

Was this helpful?

supported.