GPT-5.5, GPT-5.4, and Codex went generally available on Amazon Bedrock on June 1, 2026. One month of limited preview, then GA. The model lineup itself isn't the story — these have been available directly from OpenAI for months. What changed: every API call now inherits AWS's compliance stack.

IAM permissions, VPC and PrivateLink isolation, KMS encryption, CloudTrail audit logging. For organizations that have already passed SOC 2 and FedRAMP reviews on their existing AWS stack, OpenAI models on Bedrock don't require a new security review. They inherit the one you already have.

That's the thing that was blocking enterprise adoption. Not performance. Not pricing. The security paperwork.

Codex now has more than 5 million weekly users — up from 4 million at the April preview launch. A 25% jump in one month. Those 5 million are mostly connecting directly through OpenAI. The Bedrock path is the on-ramp for the regulated industries that weren't in that count before.

Pricing matches OpenAI's first-party rates, which is table stakes. No AWS-native discount. But usage counts toward Enterprise Discount Program commitments, which matters if your org has active EDP targets it's trying to hit.

OpenAI also confirmed that Daybreak — their AI-powered security initiative launched May 11 with partners including Akamai, Cisco, Cloudflare, and CrowdStrike — will be the next major capability arriving on Bedrock. No date given.

Source spread

• OpenAI — Frontier models and Codex on AWS — hype. Official launch post; leads with developer adoption numbers and governance framing.
• AWS Blog — Get started with OpenAI on Bedrock — builder. Technical integration details, user count, regional availability.
• Help Net Security — OpenAI models on AWS — builder. Regulated-industry framing; governance controls specifics.
• About Amazon — Bedrock OpenAI models — hype. Business partnership angle, AWS executive quotes.

Pros & cons

What's genuinely useful:

• The compliance unlock is real. IAM + VPC + CloudTrail on OpenAI inference is a meaningful change for banks, health systems, and government contractors who couldn't run OpenAI models without a separate security review. The review is now implicit in your existing Bedrock approval.
• EDP credit counting is a real procurement accelerant. If your org has AWS commit targets, Codex and GPT-5.5 spend now moves the needle on them.
• Codex's IDE integrations (VS Code, JetBrains, Xcode) route through Bedrock when you configure the Bedrock endpoint. No client plugin changes required — just swap the API base.
• Anthropic's Claude models are already on Bedrock. This means you can now A/B test Claude and OpenAI models through the same compliance-approved platform with the same logging.

What deserves scrutiny:

• This is a distribution move, not a capability move. Codex and GPT-5.5 don't get better because they run on Bedrock. If you were already on OpenAI's direct API and happy with performance, nothing improves.
• No AWS-native discount. The EDP benefit only applies if you have active commitments. Most smaller orgs don't.
• GitHub Copilot has had enterprise governance controls on Azure longer. If your org is Microsoft-native, Copilot may already have the approvals Codex would need to replicate, and switching has a migration cost.

Further reading

• OpenAI — Frontier models and Codex on AWS — official launch post
• AWS Blog — Get started with OpenAI GPT-5.5, GPT-5.4, and Codex on Bedrock — technical integration guide
• OpenAI — Daybreak cybersecurity initiative — the next major Bedrock addition from OpenAI
• OpenAI — Codex overview — product background
• AWS — Amazon Bedrock compliance certifications — SOC 2, FedRAMP, HIPAA coverage