OpenAI's GPT-5.5 and Codex Hit General Availability on Amazon Bedrock

OpenAI's GPT-5.5 and GPT-5.4, along with the Codex coding agent, are now generally available on Amazon Bedrock. The launch arrives one month after OpenAI revised the exclusive cloud arrangement with Microsoft that had kept its models off competing platforms. For the more than 100,000 organizations already running on Bedrock, the practical change is that they can now call OpenAI models through an existing billing path and governance process, with usage counting toward existing AWS commitments and pricing matching OpenAI's direct rates.

The headline reads like a model announcement. It isn't. The interesting part is the plumbing, and the plumbing is where most enterprise AI pilots either ship or die.

The problem the integration actually solves

For the past year, teams with strict data governance faced a frustrating asymmetry. Anthropic's Claude ran on Bedrock, which meant it inherited AWS-native controls and, critically, could be named as a data processor in the contracts those teams hold with their own customers. OpenAI's models could not. That gap was not about model quality. It was about who is contractually allowed to touch the data.

An engineering manager at a large enterprise described the constraint plainly on Hacker News: using vendors that are not only cleared by infosec but also listed as data processors in customer contracts is, in their words, "the way not to get fired and sued." That sentence captures more about enterprise AI adoption than most benchmark charts. The blocker was never capability. It was the legal and operational surface area of adding a new vendor relationship.

Bedrock collapses that surface area. Every OpenAI API call routed through it inherits IAM for identity and access, VPC and PrivateLink for network isolation, KMS encryption for data at rest, and CloudTrail for audit logging. OpenAI states that customer data is not used for model training and is not shared with model providers. The isolation model is what makes the contractual story work: a second Hacker News commenter described Codex on Bedrock as running in "an ephemeral Bedrock instance" on separate dedicated AWS hardware, where OpenAI never sees the prompts because they stay sandboxed inside AWS infrastructure.

How the consistency and routing model works

GPT-5.5 and GPT-5.4 are exposed through the Responses API on Bedrock's next-generation inference engine. The console support most teams expect is not there yet, so for now this is an API-only integration. That detail matters for anyone planning a rollout, because it changes how you wire up access for non-engineering users.

Bedrock gives you three inference routing options, and the choice is a direct trade-off between data residency and throughput:

• In-Region: keeps inference inside a single region for strict compliance. Lowest flexibility, highest control.
• Geo Cross-Region: spreads load within a geography, US or EU, for higher throughput while staying inside a residency boundary.
• Global Cross-Region: maximum throughput with no residency constraints.

This is a familiar shape to anyone who has designed a multi-region data system. You are picking a point on the curve between where data is allowed to live and how much aggregate capacity you can pull. The regulated workload pins itself In-Region and pays for it in headroom. The internal tooling that processes no sensitive data goes Global and takes the throughput. Treating these as a single setting is the kind of decision that looks fine in a pilot and surfaces as an incident later.

Availability follows the same regional logic. GPT-5.5 is in US East (Ohio). GPT-5.4 is in US East (Ohio), US West (Oregon), and as of June 3, AWS GovCloud (US-West), which makes it the first OpenAI model to land in a government cloud environment.

Codex and the billing model shift

Codex, which OpenAI says is used by more than 5 million developers weekly, is available through the Codex App, CLI, and IDE integrations for Visual Studio Code, JetBrains, and Xcode. All inference routes through Bedrock and uses GPT-5.5, inheriting the same security controls as direct model calls.

The quieter change is economic. Codex on Bedrock shifts from per-seat licensing to pay-per-token billing with no seat fees. For a large developer organization, that is a different cost model with different failure modes. Per-seat pricing is predictable and easy to budget. Per-token pricing scales with actual usage, which rewards teams that use the agent heavily and punishes runaway automation loops that nobody is watching. If you run agentic workflows at scale, your cost is now coupled to your token consumption, and that coupling needs a metering and alerting story before it needs a rollout plan.

The governance gap nobody fully closed

The infrastructure controls are real, but they answer a narrower question than the marketing implies. Marek Porycki, a strategic advisor, made the point sharply on LinkedIn: "CloudTrail logs the API call. It does not log the decision rights." His observation is that infrastructure governance and decision-level governance are not the same layer, and the gap between them is where pilots stall: technically green, accountability undefined.

This is the right thing to worry about for agentic systems. CloudTrail tells you which identity invoked the model and when. It does not tell you whether the action the model took was authorized, who owns the consequence, or whether an autonomous multi-step task crossed a boundary it should have stopped at. Knowing who called the model is a network and identity property. Knowing whether the resulting action was permitted is an application and policy property, and Bedrock does not supply it for you. Teams deploying autonomous agents will need to build that authorization layer themselves, and the temptation to treat "we have CloudTrail" as a finished governance story is exactly the trap Porycki is describing.

What this does to the competitive structure

AWS now hosts both Anthropic's Claude, backed by a multi-billion dollar AWS investment, and OpenAI's GPT models on the same managed infrastructure. Microsoft, which keeps its OpenAI investment, has at the same time deepened its work with Anthropic on Azure. The clean exclusive-partner alignment that defined frontier AI distribution is dissolving into a many-to-many graph where enterprises pick a model by workload fit rather than by cloud allegiance.

That shift removes a structural advantage Anthropic enjoyed. One Hacker News commenter argued the case bluntly, claiming Anthropic's revenue run-up was "basically a result of botched Gemini releases and OpenAI having their hands tied behind their Azure backs," leaving Claude as "quite literally the only viable serverless API models on AWS" for governance-bound enterprises. Whether or not you accept that framing, the mechanism is sound: when distribution is the moat, removing the distribution constraint resets the competition to capability and price. AWS VP Swami Sivasubramanian confirmed GPT-5.5 is "available natively on Amazon Bedrock" alongside the full OpenAI lineup, and early adopters cited include Amgen CTO Sean Bruich and Autodesk VP Ritesh Bansal.

OpenAI also previewed Daybreak, a forthcoming capability bringing cyber models and Codex Security to AWS for secure code review, threat modeling, and dependency risk analysis. That direction is worth tracking, because security review is one of the few agentic use cases where the authorization question and the model's output are the same artifact.

For teams evaluating the move, the practical checklist is short. Confirm your residency requirements map to one of the three routing modes before you commit a workload. Stand up token-level cost monitoring before you turn Codex loose on a large team. And do not mistake CloudTrail's call log for an authorization model. The OpenAI on Amazon Bedrock documentation provides setup guides and code examples, and OpenAI models and Codex on Bedrock are available now.