Source: ai-research/claude-blog-claude-apps-gateway.md — Anthropic first-party blog post, claude.com/blog/introducing-the-claude-apps-gateway (fetched 2026-07-16).

Anthropic shipped the Claude apps gateway: a self-hosted control plane for running Claude Code on Amazon Bedrock and Google Cloud, giving enterprises corporate SSO login, centrally enforced managed settings, role-based access, and per-user cost attribution without hand-rolling that infrastructure themselves. It directly answers the operational cost of the “bring your own cloud” deployment model — previously an org running Claude Code on Bedrock or GCP had to provision a cloud credential per developer, manually push settings to every laptop, and stand up separate tooling just to see per-developer spend. The gateway folds all three of those jobs into one container Anthropic builds and ships.

Key Takeaways

  • It’s a single stateless container, not a new agent or SDK. Deployed on Linux, backed by a PostgreSQL database. It holds the org’s upstream cloud credential, authenticates developers against the org’s own identity provider (IdP), distributes and enforces managed settings, and reports per-user usage to a collector the org operates.
  • Onboarding/offboarding collapses to IdP membership. Add a developer to the IdP to onboard them; remove them to offboard. No per-developer credential provisioning step to remember.
  • Built into the same claude binary, not a bolt-on proxy. Because the gateway and the CLI client are built together by Anthropic, the /login flow is gateway-aware, the client applies managed settings automatically at sign-in, and policy is enforced consistently on every request — there’s no separate wrapper script or shim to maintain.
  • Inference traffic stays off Anthropic’s servers by default. The gateway does not send inference traffic or usage data to Anthropic unless the org explicitly configures it to use the Claude API instead of Bedrock/GCP — the whole point is that inference already routes through the org’s existing cloud relationship.
  • Anthropic is publishing the protocol. Stated explicitly so other gateway developers can implement the same features — a signal this is meant to be an open integration point, not a closed proprietary tunnel.
  • Configuration surface named in the post: gateway.yaml for gateway config, forceLoginMethod / forceLoginGatewayUrl settings so the client always authenticates through the gateway, and managed-settings.json for the centrally-enforced policy the gateway distributes.
  • Available now, with a getting-started doc at code.claude.com/docs/en/claude-apps-gateway.

What Problem This Solves

The post frames the “before” state as three separate manual burdens for Bedrock/GCP customers running Claude Code at scale:

  1. Credential provisioning — a cloud credential per developer, set up by hand.
  2. Settings distribution — manually pushing configuration to every laptop, with no central enforcement.
  3. Spend visibility — standing up separate tooling just to see what each developer is costing.

The gateway replaces all three with one deployment: IdP-based auth (no per-developer credential step), gateway-enforced managed-settings.json (no manual laptop-by-laptop pushes), and a usage collector the org operates (spend visibility without bespoke tooling). This is the Bedrock/GCP-specific counterpart to what Anthropic’s admin-analytics post (published the same week) ships for orgs on Anthropic’s own hosted infrastructure — same underlying goals (policy enforcement, per-user cost attribution), different deployment target.

How It Fits the Existing Governance Model

This is infrastructure-level enforcement, not prompt-level instruction — the same category of control Agent Guardrails argues for generally: a PreToolUse hook or managed settings, not a CLAUDE.md instruction, is the right tool for an absolute must, because prompted instructions can fail under pressure or via injection. The gateway takes that same logic to the identity/access layer: SSO and centrally enforced managed-settings.json are policy an individual developer’s local settings can’t override, distributed and enforced by infrastructure the org — not the developer’s laptop — controls. It’s also a direct instantiation of the never trust, always verify and least privilege principles in Anthropic’s Zero Trust for AI Agents eBook: every request authenticates against the org’s own IdP regardless of where it originates, and role-based access scopes what each developer can do rather than granting broad standing access.

Try It

  • If your org already runs Claude Code on Bedrock or Google Cloud, read the getting-started doc (code.claude.com/docs/en/claude-apps-gateway) before your next credential-provisioning cycle — the gateway may eliminate the per-developer credential step entirely.
  • Check whether your managed-settings.json policy is currently enforced centrally or just distributed by convention. The gateway’s value is specifically that policy is enforced consistently on every request, not just pushed once and trusted to stick.
  • If you’re evaluating build-vs-buy for a self-hosted spend-attribution tool for Claude Code, note that Anthropic is publishing the gateway’s protocol — worth checking whether an existing internal tool can integrate against it instead of being replaced by it.

Open Questions

  • The post’s own “How the gateway works” section states “The gateway handles:” followed by what was evidently a structured bullet list in the live page — the list did not survive extraction as text (a common failure mode for accordion/icon-list components on claude.com). The “Deploying the gateway” paragraph is the reliable paraphrase; the exact original bullet wording is not reproduced here to avoid inventing it.
  • No pricing, licensing, or self-hosting resource-requirement detail (CPU/memory sizing for the PostgreSQL-backed container) is given in the post.
  • The page’s own “Related posts” carousel names four companion announcements — all four now resolved: “Claude Cowork is coming to mobile and web” (folded into claude-cowork.md/cowork-getting-started.md), “Bringing Claude Code and Claude Cowork to government” (new article), “Auto mode for Claude Code” (new hub article, 2026-07-16), and “Making Claude Cowork ready for enterprise” (folded into claude-cowork.md’s existing Apr 8 timeline row + a new Customer case studies section, 2026-07-16).
  • Whether the gateway supports platforms beyond Bedrock and Google Cloud (e.g., Azure) is not addressed — the post scopes explicitly to those two.