Managing AI model access across dozens or hundreds of AWS accounts creates a dilemma. Either you grant AWS Marketplace permissions broadly, risking governance issues, or you manually enable subscriptions in each account. For organizations using third-party models like Anthropic Claude or Cohere, this operational overhead slows AI adoption.

In this post, we show you how to use managed entitlements for Amazon Bedrock to subscribe once from a central account and distribute model access across your organization. This approach removes the need for AWS Marketplace permissions in workload accounts. Managed entitlements complement other Amazon Bedrock capabilities like model evaluation and guardrails by making sure your teams can access the models they need while maintaining centralized governance.

In this post, we explain when managed entitlements are the right solution for your organization, walk through the four-step workflow, demonstrate real-world scenarios, and cover important considerations for private offers and regional behavior.

Understanding how different models are distributed is key to knowing when you need managed entitlements. The following table shows three categories:

For both Amazon models and those sold by Amazon, recently introduced simplified access means you can start invoking them immediately with no additional setup required. Third-party models distributed through AWS Marketplace work differently. Each account needs a subscription before invoking these models, which means each account needs AWS Marketplace permissions. For organizations managing many accounts, this creates operational overhead. Either you grant AWS Marketplace permissions broadly, or you have someone manually enable models in each account.

Managed entitlements for Amazon Bedrock closes this gap. Subscribe once from a central account, then distribute access across your organization using AWS License Manager. No AWS Marketplace permissions are needed in member accounts.