OpenAI Codex release notes: Bedrock makes Codex easier to govern in AWS

OpenAI Codex got a small but useful changelog line on June 1: Codex can now use OpenAI models available through Amazon Bedrock. That sounds dry. For teams that already run AWS accounts, IAM rules, procurement controls, and cost tracking, it matters: Codex can run locally while model traffic goes through Bedrock instead of OpenAI's hosted Responses API.

Source: OpenAI Codex changelog, June 1, 2026

OpenAI Codex changelog: Bedrock is a governance change, not just a model change

Codex CLI is OpenAI's local coding agent in the terminal. A coding agent can read code, suggest edits, and run commands inside the directory and rules you give it. Amazon Bedrock is AWS's service for using models with AWS identity, regions, controls, and billing.

OpenAI's Bedrock guide says Codex sends model requests directly to Amazon Bedrock when model_provider = "amazon-bedrock" is used. The OpenAI-hosted Responses API is not in the request path. Authentication is AWS-native: a Bedrock API key or the AWS SDK credential chain. ChatGPT sign-in and OPENAI_API_KEY are not used for that provider.

Source: Use Codex with Amazon Bedrock

This mostly helps organizations that already want AI usage reviewed through AWS: separate AWS profiles, IAM permissions, region choices, cost tracking, and logs. It does not make everything safe by default. It moves part of the control into tools that operations and security teams already understand.

What actually changed in the OpenAI Codex release notes

For the Bedrock track, the verified points are narrow:

• Codex can use supported OpenAI models through Amazon Bedrock.
• Local Codex CLI, desktop app, and IDE extension workflows are supported.
• Locally configured MCP servers and connectors are supported. MCP, Model Context Protocol, connects an agent to external tools and context.
• Hosted first-party plugin directory, Codex cloud agents, image generation, and voice transcription are not available in the Bedrock configuration according to the guide.
• Fast Mode is not available because the first Bedrock setup uses on-demand inference.

Source: Use Codex with Amazon Bedrock

OpenAI also published Codex CLI 0.136.0 the same day. It is not just polish: sessions can be archived with /archive in the TUI or codex archive / codex unarchive in the CLI, the app server gets codex app-server --stdio, remote-control websockets use short-lived server tokens instead of ChatGPT access tokens, and Windows admins get an alpha path with codex sandbox setup --elevated. A sandbox is a bounded environment where the agent's access can be limited. An approval gate is a point where a human must approve before the agent continues.

Source: OpenAI Codex CLI 0.136.0 release notes

Human step before you ask Codex to do anything

Do not put the AWS setup itself inside the agent prompt. Put it with a human or in a controlled internal routine. The verified minimum step is to set the provider in the user's Codex configuration:

model_provider = "amazon-bedrock"

Source: Use Codex with Amazon Bedrock

If you use a Bedrock API key, a region must be set in the environment Codex reads. If you use AWS SSO or a named profile, credentials should resolve through the AWS SDK credential chain. For the desktop app and VS Code extension, environment variables may need to live in ~/.codex/.env, followed by an app restart. In Codex CLI, the user can open /status and confirm that amazon-bedrock is in use.

Source: Use Codex with Amazon Bedrock

For Swedish and Nordic teams, this is a good moment to test Tool Forge for real: scoped AWS profiles, separate env vars or secret managers, least-privilege IAM permissions, clear approval gates, and logs that someone can inspect afterward. That makes integration useful without putting API keys or business data into chat.

Short example: use the new Codex feature

Once a human has already configured the Bedrock provider, keep the agent prompt short:

Review this repo as a Codex Bedrock pilot. Check which tasks can run locally with AWS-managed auth, which MCP tools or commands need approval, and where secrets should use env vars, scoped AWS credentials, or a secret manager. Do not change files. Return a short readiness checklist.

Good output should:

• Separate local Codex workflows from features that are not supported in Bedrock mode
• Mention region, model ID, and AWS identity as things a human must verify
• Identify which MCP tools or commands need an approval gate
• Confirm that no files were changed

Why this matters for Nordic organizations

This is not a reason to let Codex into everything. It is a reason to draw a better integration map. If development, internal IT, or an automation partner already works in AWS, Codex can now fit the same governance model: who may use which model, in which region, under which cost owner, and with which logs.

Hammer Automation would start with one bounded routine: one code folder, one AWS profile, one task, and one review step. Once that works, you can build out MCP, sandboxes, and approval gates that match the work. That is more useful than another loose prompt about "using AI in the organization".