tBedrockClient

Establishes a connection to Amazon Bedrock to store and retrieve data.

tBedrockClient Standard properties

These properties are used to configure tBedrockClient running in the Standard Job framework.

The Standard tBedrockClient component belongs to the AI family.

Note: This component is available only when you have installed the 8.0.1-R2025-12 Talend Studio monthly update or a later one delivered by Talend. For more information, check with your administrator.

Basic settings

Properties	Description
Property type	Either Built-In or Repository. Built-In: No property data stored centrally. Repository: Select the repository file where the properties are stored.
Schema and Edit Schema	A schema is a row description, it defines the number of fields to be processed and passed on to the next component. The schema is either Built-in or stored remotely in the Repository. Built-in: You create and store the schema locally for this component only. For more information about a component schema in its Basic settings tab, see Basic settings tab. Repository: You have already created the schema and stored it in the Repository. You can reuse it in various projects and Job designs. For more information about a component schema in its Basic settings tab, see Basic settings tab. Click Edit schema to make changes to the schema. If the current schema is of the Repository type, three options are available: View schema: choose this option to view the schema only. Change to built-in property: choose this option to change the schema to Built-in for local changes. Update repository connection: choose this option to change the schema stored in the repository and decide whether to propagate the changes to all the Jobs upon completion. If you just want to propagate the changes to the current Job, you can select No upon completion and choose this schema metadata again in the Repository Content window.
Credential provider	Specify the way to obtain AWS security credentials. Static credentials: Use access key and secret key as the AWS security credentials. Inherit credentials from AWS role: Obtain AWS security credentials from your EMR instance metadata. To use this option, the Amazon EMR cluster must be started and your Job must be running on this cluster. For more information, see Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances. This option enables you to develop your Job without having to put any AWS keys in the Job, thus easily comply with the security policy of your organization. Web identity token: Use Web token for establishing the Amazon Bedrock connection. Profile credentials or inherit from AWS role: Use credentials stored in a file (known as profile configuration file) as the AWS security credentials or inherit AWS security credentials from the AWS role. AWS security credentials can be grouped in profiles in profile configuration files. A profile configuration file can contain one or multiple profiles. You can optionally specify the profile configuration file in the Profile path field and specify the profile to be used in the Profile name field. If the Profile path field and the Profile name filed are left empty, <user folder>/.aws/credentials will be used as the profile configuration file and the profile named default will be used. In cases of EC2 instances, if the profile (the specified or the default profile) does not exist, the component will try to inherit the AWS security credentials from the AWS role. API keys: Use Amazon Bedrock API keys to authenticate to the Amazon Bedrock API. For more information, see How Amazon Bedrock API keys work. This option can work as a dynamic parameter and be assigned a value using a context variable. Information noteNote: tRedshiftBulkExec, tRedshiftOutputBulk, and tRedshiftOutputBulkExec support S3 connections that are established with Credential Provider being Static Credentials or Inherit credentials from AWS role only.
Assume role	If you temporarily need some access permissions associated to an AWS IAM role that is not granted to your user account, select this checkbox to assume that role. Then specify the values for the following parameters to create a new assumed role session. Ensure that access to this role has been granted to your user account by the trust policy associated to this role. If you are not certain about this, ask the owner of this role or your AWS administrator. ARN: the Amazon Resource Name (ARN) of the role to assume. You can find this ARN name on the Summary page of the role to be used on your AWS portal, for example, this role ARN could read like `am:aws:iam::[aws_account_number]:role/[role_name]`. Role session name: enter the name you want to use to uniquely identify your assumed role session. This name can contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-. Session duration (minutes): the duration (in minutes) for which you want the assumed role session to be active. This duration cannot exceed the maximum duration which your AWS administrator has set. The duration defaults to 3600 seconds if you give it no value. For an example about an IAM role and its related policy types, see Create and Manage AWS IAM Roles from the AWS documentation.
Region	Specify the AWS region by selecting or entering a region name between double quotation marks (e.g. "us-east-1"). Note that some model IDs are not available in certain regions. For more information about model and region compatibility, see Supported foundation models in Amazon Bedrock.
Model ID	To select one of the available Amazon Bedrock models, click the [...] button next to the field. In the dialog box displayed, select the model that will be used or select the Use custom value check box and specify the model name in the Custom value field. For more information about Amazon Bedrock models, see Supported foundation models in Amazon Bedrock.
Request template	Enter the request parameter and value in JSON format. Example: { "inputText": "which city is the capital of China?" }
Extract a sub-part of the response	Enter the path of a node to select a sub-element of the response. If the element is an array, each element of the array will be looped over. For more information about the syntax for entering the node name, see Data Shaping Selector Language syntax. This field is optional and must remain empty to retrieve the entire response.

Advanced settings

Properties	Description
tStatCatcher Statistics	Select this checkbox to collect log data at the component level.
Use a custom region endpoint	Select this checkbox to use a custom endpoint and in the field displayed, specify the URL of the custom endpoint to be used. This option can work as a dynamic parameter and be assigned a value using a context variable.
Signing region	Select the AWS region of the STS service. If the region is not in the list, you can enter its name between double quotation marks. The default value is us-east-1. This dropdown list is available only when the Assume role checkbox is selected.
Enable path style access	Select this option to enable path-style access. Click Path-Style Requests for related information. Note that buckets created after September 30, 2020 will support only virtual hosted-style requests. Path-style requests will continue to be supported for buckets created on or before this date. This option is available when Use a custom region endpoint is selected. This option can work as a dynamic parameter and be assigned a value using a context variable. Information noteWarning: Path-style access cannot work with the accelerate mode. So, make sure Enable Accelerate Mode is cleared when selecting this option.
Specify STS endpoint	Select this check box to specify the AWS Security Token Service (STS) endpoint from which to retrieve the session credentials. For example, enter `sts.amazonaws.com`. This service allows you to request temporary, limited-privilege credentials for the AWS user authentication. Therefore, you still need to provide the access key and secret key to authenticate the AWS account to be used. For a list of the STS endpoints you can use, see AWS Security Token Service. For further information about the STS temporary credentials, see Temporary Security Credentials. Both articles are from the AWS documentation. This checkbox is available only when the Assume role checkbox is selected.
External ID	If the administrator of the account to which the role belongs provided you with an external ID, enter its value here. The External Id is a unique identifier that allows a limited set of users to assume the role. This field is available only when the Assume role checkbox is selected.
Serial number	When you assume a role, the trust policy of this role might require Multi-Factor Authentication (MFA). In this case, you must indicate the identification number of the hardware or virtual MFA device that is associated with the user who assumes the role. This field is available only when the Assume role checkbox is selected.
Token code	When you assume a role, the trust policy of this role might require Multi-Factor Authentication (MFA). In this case, you must indicate a token code. This token code is a time-based one-time password produced by the MFA device. This field is available only when the Assume role checkbox is selected.
Tags	List session tags in the form of key-value pairs. You can then use these session tags in policies to allow or deny access to requests. Transitive: select this checkbox to indicate that a tag will persist to the next role in a role chain. For more information about tags, see Passing Session Tags in AWS STS This field is available only when the Assume role checkbox is selected.
IAM policy ARNs	Enter the Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. Use managed session policies to limit the permissions of the session. The policies must exist in the same account as the role. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. For more information about session policies, see the corresponding section in Policies and Permissions This field is available only when the Assume role checkbox is selected.
Policy	Enter an IAM policy in JSON format that you want to use as a session policy. Use session policies to limit the permissions of the session. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. For more information about session policies, see the corresponding section in Policies and Permissions This field is available only when the Assume role check box is selected.
Config client	Select this checkbox and specify the client parameter(s) by clicking the [+] button to add as many rows as needed, each row for a client parameter, and then setting the value of the following fields for each parameter: Client Parameter: Click the cell and select the client parameter from the list. Value: Enter the value for the selected parameter. For related information, read the AWS documentation.
Check S3 Accessibility	Leave this checkbox selected so that the component verifies the credentials to be used for this connection request to S3 before proceeding with further actions. It is recommended to use the default By Account Owner option for this verification. The By Bucket Configuration option employs an old verification approach which can significantly increase your network load in some circumstances. Information noteTroubleshooting: If your connection check fails, make sure one of these two methods are activated on S3: s3:ListAllMyBuckets, or s3:GetBucketLogging. If you get an Access denied error, try either to clear the Assume Role option in the Basic settings, or leave the Assume Role selected and select the By Bucket Configuration method.

Global Variables

Variables	Description
ERROR_MESSAGE	The error message generated by the component when an error occurs. This is an After variable and it returns a string.

Usage

Usage guidance	Description
Dynamic settings	Click the [+] button to add a row in the table and fill the Code field with a context variable to choose your database connection dynamically from multiple connections planned in your Job. This feature is useful when you need to access database tables having the same data structure but in different databases, especially when you are working in an environment where you cannot change your Job settings, for example, when your Job has to be deployed and executed independent of Talend Studio. For examples on using dynamic parameters, see Reading data from databases through context-based dynamic connections and Reading data from different MySQL databases using dynamically loaded connection parameters. For more information on Dynamic settings and context variables, see Dynamic schema and Creating a context group and define context variables in it.

Usage guidance

Description

Dynamic settings

Click the [+] button to add a row in the table and fill the Code field with a context variable to choose your database connection dynamically from multiple connections planned in your Job. This feature is useful when you need to access database tables having the same data structure but in different databases, especially when you are working in an environment where you cannot change your Job settings, for example, when your Job has to be deployed and executed independent of Talend Studio.

For examples on using dynamic parameters, see Reading data from databases through context-based dynamic connections and Reading data from different MySQL databases using dynamically loaded connection parameters. For more information on Dynamic settings and context variables, see Dynamic schema and Creating a context group and define context variables in it.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here