how 2 AWS 4 khanon

Logo

This guide is intended to make the process of setting up AWS smoother for those wanting to use Claude with khanon/oai-reverse-proxy, willing to pay for it but Anthropic hates end users (no API access for personal use). I am a Windowstard who just got it working on 2024-06-27, so don't ask me questions. I don't know how to do illegal things. I will simply detail step by step on how I get Claude as a Windows user. (Edit: I gave Anthropic my CC during August and got in easily with a made up company name and use purpose. Easy. I didn't use it for NSFW though.)

Region model availability: https://aws.amazon.com/bedrock/pricing/
3.5 Sonnet is only on us-east-1.
Opus is only on us-west-2... and also you need to be a company with established spending.
These two regions have other Claude models as well. Limited selection outside of USA.
*Sonnet v2 on us-west-2. Anyway I've seen reports of 3.5 Sonnet v1 being unavailable back then and AWS becoming more strict since then. A dice roll I guess.

  • Register an AWS account with a credit card. I might've had to wait half an hour before doing anything, my memory is hazy.
  • New accounts might not be able to request models immediately. (You may want to check next step first to make sure you really can't request models.) Go to EC2 in search bar > Launch instance > Launch a free tier t2.nano instance for several minutes until you get an email titled "Your Request For Accessing AWS Resources Has Been Validated".
    EC2 quick launch
  • Go to Amazon Bedrock in search bar. There's a deceptively inconspicuous menu icon in the top left corner that appears only on us-east-1 and us-west-2 for USA, so make sure you select the correct region. Request the Claude models you want. Type in any junk for company name and stuff, they won't validate the info. Takes about a minute to gain access. You will get an error if you don't have permission to request.
    Amazon Bedrock page
  • Go to IAM (not IAM Identity Center) > Users > Create user > make up a username (you won't use this name anywhere), press Next twice (we will attach specific policies in next step) > Create user.
  • Select the user you just created > Add permissions > Create inline policy > select Bedrock > search and select InvokeModel, InvokeModelWithResponseStream, and GetModelInvocationLoggingConfiguration, and select "Any" next to "foundation-model", press next > Name the policy then Create policy. Back at the user's page, expanding the policy you just created will look like this:
    Permissions policy
  • Still at the user's page, Create access key > Other, press Next > Create access key > copy the secret key somewhere as you will never see it again. AKIA*** is the access key ID.
    Do NOT touch Key Management Service in search bar, that is something entirely different, unrelated, and costs $1/month per key.
  • Maybe take a look at Budgets if you're concerned about "stolen keys" or whatever and want email alerts for expenditure. It's possible to set a daily "zero spend" budget so you know something is up the moment it passes $0.01 on a day you haven't touched it. I would have to look into actually setting a hard budget, but I'm too lazy. I haven't even touched AWS much after writing this article. Your key is safe as long as you don't leak it. Perhaps scrapers hate anything less than Tier 4 keys.

You are now ready on AWS side. See self-hosting guide.

  • Intall Docker (and Docker Compose, but Docker already comes with Compose on Windows).
  • Create a folder somewhere for the docker application.
  • Download/copy .env.example and save as .env in the folder. Uncomment/comment as follows:

    SHOW_TOKEN_COSTS = true # For an idea how much is being spent
    ALLOWED_MODEL_FAMILIES=aws-claude # ,aws-claude-opus (unavailable)
      # Assuming you're using AWS Claude only; this will get rid of the extra crap on the service info screen
    GATEKEEPER=proxy_key # If not using user_token
    # OPENAI_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Not using this
    # ANTHROPIC_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Not using this
    AWS_CREDENTIALS=myaccesskeyid:mysecretkey:us-east-1,anotheraccesskeyid:anothersecretkey:us-west-2
      # Obviously put your keys in here (only need one region if you're not using both Opus and 3.5 Sonnet)
      # myaccesskeyid is the thing that starts with "AKIA"; mysecretkey is 40 characters long
    # AZURE_CREDENTIALS=azure-resource-name:deployment-id:api-key # Not using this
    PROXY_KEY=your-secret-key # Make up a password for reverse proxy if setting GATEKEEPER to proxy_key
    

    And probably more things to worry about if you plan to let other people use it.

  • You can type "cmd" into file explorer's address bar while you're in the folder to start Command Prompt with working directory set as said folder (otherwise cd D:\path\to\folder). Enter these commands:
    1
    2
    3
    type nul > greeting.md
    curl https://gitgud.io/khanon/oai-reverse-proxy/-/raw/main/docker/docker-compose-selfhost.yml -o docker-compose.yml
    docker compose up -d
    
  • "Install" cloudflared? Nah, on Windows you just download the latest release and maybe rename cloudflared-windows-amd64.exe to just cloudflared.exe then run cloudflared.exe tunnel --url http://localhost:7860.
    "nginx??" Ignore that unless you know what you're doing, in which case you might not be reading this.
    * I'm told you can open http://localhost:7860/ in browser and skip cloudflared if you're only using it for yourself on your own machine.

Your reverse proxy server is now online.

  • In the service info you will see:
    1
    2
    3
    "endpoints": {
        "aws": "https://blah-blah-blah-blah.trycloudflare.com/proxy/aws/claude"
      },
    
  • Enter the link into any frontend that supports it.
    SillyTavern proxy server URL

Why not stop being retarded and just use OpenRouter? Believe it or not, Bedrock is less moderated than OR "self-moderated" (meaning moderation by Anthropic). While they both refuse without prefilling and both are easily jailbroken, OR is noticeably more prude and less proactive in certain subjects, at least without significant jailbreaking. Actually the non-self-mod on OR is the un-injected one but has OR's llamaguard-or-similar hard filter that was weak since September. Main thing OR has going is they won't ban or target you for prompting.

I read a rumor that it's actually easy to get Claude API through Anthropic directly aside from an occasional ban. Suppose I am retarded, but it rubbed me the wrong way when I couldn't use my phone number to claim the $5 trial credit then I walked away.

Their FAQ changed in September to explicitly "welcome individual and hobbyist use".

Edit
Pub: 28 Jun 2024 02:08 UTC
Edit: 28 Oct 2024 04:32 UTC
Views: 2148