feat: Enhance Bedrock authentication with improved docs, validation, and tests

- Add clearer authentication method comments in documentation examples
- Include security best practices for API key usage
- Add CLI validation hints for AWS Bedrock API key format
- Implement comprehensive error handling tests (timeout, rate limit, invalid key)
- Add connection error and retry scenario test cases
- Maintain consistency between English and Portuguese documentation

Addresses AI code review feedback on PR #3126

Co-Authored-By: Jo\u00E3o <joao@crewai.com>

docs/en/concepts/llms.mdx

@@ -328,12 +328,14 @@ In this section, you'll find detailed examples that help you select, configure,
 
     Example usage in your CrewAI project:
     ```python Code
-    # Using IAM role authentication
+    # Method 1: IAM Role Authentication (uses AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY)
+    # Set environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION
     llm = LLM(
         model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0"
     )
 
-    # Using API key authentication  
+    # Method 2: API Key Authentication (uses AWS_BEARER_TOKEN_BEDROCK)
+    # Set environment variables: AWS_BEARER_TOKEN_BEDROCK, AWS_DEFAULT_REGION
     llm = LLM(
         model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0"
     )
@@ -344,6 +346,13 @@ In this section, you'll find detailed examples that help you select, configure,
     - For API key authentication, you can generate a 30-day API key from the [Amazon Bedrock console](https://console.aws.amazon.com/bedrock/)
     - For production applications, use IAM roles or temporary credentials instead of long-term API keys
 
+    **Security Best Practices:**
+    - API keys expire after 30 days and should be rotated regularly
+    - Use IAM roles for production environments for better security
+    - Store API keys securely and never commit them to version control
+    - Monitor API usage and set up alerts for unusual activity
+    - Consider using temporary credentials for enhanced security
+
     [Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/models-regions.html) is a managed service that provides access to multiple foundation models from top AI companies through a unified API, enabling secure and responsible AI application development.
 
     | Model                   | Context Window       | Best For                                                          |

docs/pt-BR/concepts/llms.mdx

@@ -326,12 +326,14 @@ Nesta seção, você encontrará exemplos detalhados que ajudam a selecionar, co
 
     Exemplo de uso em seu projeto CrewAI:
     ```python Code
-    # Usando autenticação por função IAM
+    # Método 1: Autenticação por Função IAM (usa AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY)
+    # Configure as variáveis de ambiente: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION
     llm = LLM(
         model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0"
     )
 
-    # Usando autenticação por chave de API
+    # Método 2: Autenticação por Chave de API (usa AWS_BEARER_TOKEN_BEDROCK)
+    # Configure as variáveis de ambiente: AWS_BEARER_TOKEN_BEDROCK, AWS_DEFAULT_REGION
     llm = LLM(
         model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0"
     )
@@ -342,6 +344,13 @@ Nesta seção, você encontrará exemplos detalhados que ajudam a selecionar, co
     - Para autenticação por chave de API, você pode gerar uma chave de 30 dias no [console do Amazon Bedrock](https://console.aws.amazon.com/bedrock/)
     - Para aplicações de produção, use funções IAM ou credenciais temporárias em vez de chaves de API de longo prazo
 
+    **Melhores Práticas de Segurança:**
+    - Chaves de API expiram após 30 dias e devem ser rotacionadas regularmente
+    - Use funções IAM para ambientes de produção para melhor segurança
+    - Armazene chaves de API com segurança e nunca as confirme no controle de versão
+    - Monitore o uso da API e configure alertas para atividades incomuns
+    - Considere usar credenciais temporárias para segurança aprimorada
+
     [Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/models-regions.html) é um serviço gerenciado que fornece acesso a múltiplos modelos fundamentais dos principais provedores de IA através de uma API unificada, permitindo o desenvolvimento seguro e responsável de aplicações de IA.
 
     | Modelo                   | Janela de Contexto      | Melhor Para                                                         |

src/crewai/cli/constants.py

@@ -63,7 +63,7 @@ ENV_VARS = {
             "key_name": "AWS_REGION_NAME",
         },
         {
-            "prompt": "Enter your AWS Bedrock API Key (press Enter to skip)",
+            "prompt": "Enter your AWS Bedrock API Key (30-day key from AWS console, press Enter to skip)",
             "key_name": "AWS_BEARER_TOKEN_BEDROCK",
         },
     ],

tests/test_bedrock_authentication.py

@@ -1,4 +1,5 @@
 import os
+import pytest
 from unittest.mock import patch, MagicMock
 from crewai import LLM
 
@@ -106,3 +107,71 @@ class TestBedrockAuthentication:
         
         mock_completion.assert_called_once()
         assert result == "Test response"
+    @patch.dict(os.environ, {
+        'AWS_BEARER_TOKEN_BEDROCK': 'test-api-key',
+        'AWS_DEFAULT_REGION': 'us-east-1'
+    })
+    @patch('litellm.completion')
+    def test_bedrock_timeout_handling(self, mock_completion):
+        """Test Bedrock API timeout handling."""
+        mock_completion.side_effect = TimeoutError("Request timed out")
+        
+        llm = LLM(model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0")
+        with pytest.raises(TimeoutError, match="Request timed out"):
+            llm.call("test message")
+
+    @patch.dict(os.environ, {
+        'AWS_BEARER_TOKEN_BEDROCK': 'test-api-key',
+        'AWS_DEFAULT_REGION': 'us-east-1'
+    })
+    @patch('litellm.completion')
+    def test_bedrock_rate_limit_handling(self, mock_completion):
+        """Test Bedrock API rate limit handling."""
+        mock_completion.side_effect = Exception("Rate limit exceeded")
+        
+        llm = LLM(model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0")
+        with pytest.raises(Exception, match="Rate limit exceeded"):
+            llm.call("test message")
+
+    @patch.dict(os.environ, {
+        'AWS_BEARER_TOKEN_BEDROCK': 'invalid-key',
+        'AWS_DEFAULT_REGION': 'us-east-1'
+    })
+    @patch('litellm.completion')
+    def test_bedrock_invalid_api_key(self, mock_completion):
+        """Test Bedrock with invalid API key."""
+        mock_completion.side_effect = Exception("Invalid API key")
+        
+        llm = LLM(model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0")
+        with pytest.raises(Exception, match="Invalid API key"):
+            llm.call("test message")
+
+    @patch.dict(os.environ, {
+        'AWS_ACCESS_KEY_ID': 'test-key-id',
+        'AWS_SECRET_ACCESS_KEY': 'test-secret-key',
+        'AWS_DEFAULT_REGION': 'us-east-1'
+    })
+    @patch('litellm.completion')
+    def test_bedrock_connection_error(self, mock_completion):
+        """Test Bedrock with connection error."""
+        mock_completion.side_effect = ConnectionError("Connection failed")
+        
+        llm = LLM(model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0")
+        with pytest.raises(ConnectionError, match="Connection failed"):
+            llm.call("test message")
+
+    @patch.dict(os.environ, {
+        'AWS_BEARER_TOKEN_BEDROCK': 'test-api-key',
+        'AWS_DEFAULT_REGION': 'us-east-1'
+    })
+    @patch('litellm.completion')
+    def test_bedrock_api_key_with_retry_scenario(self, mock_completion):
+        """Test Bedrock API key authentication with retry scenario."""
+        mock_completion.side_effect = [
+            Exception("Temporary error"),
+            MagicMock(choices=[MagicMock(message=MagicMock(content="Success after retry"))])
+        ]
+        
+        llm = LLM(model="bedrock/anthropic.claude-3-sonnet-20240229-v1:0")
+        with pytest.raises(Exception, match="Temporary error"):
+            llm.call("test message")