• A specialized identity and credential management service for AI agents and automated workloads. It provides secure authentication, authorization, and credential management, enabling agents to access AWS and third-party services on behalf of users while maintaining security controls and audit trails. Agent identities are implemented as dedicated workload identities.

Amazon Bedrock AgentCore Identity Features

• Centralized Agent Identity Management
  • Provides a unified directory to create, manage, and organize unique workload identities for every AI agent. Each identity includes specialized metadata and functions as a first-class entity within your security architecture.
• Dual Authentication & Authorization Model
  • Implements a two-layered security approach. Inbound authentication verifies users or services attempting to invoke an agent using standards like JWT, OAuth 2.0, or AWS IAM (SigV4). Outbound authentication enables agents to securely access downstream resources with managed credentials.
• Secure Credential Orchestration
  • Manages the full lifecycle of credentials for accessing external services. The service securely stores OAuth tokens, API keys, and client credentials in an encrypted vault, handles OAuth flows (including user consent), and injects credentials into agent tool calls.
• Native AWS and Third-Party Integration
  • Integrates natively with Amazon Bedrock AgentCore Runtime and AgentCore Gateway for identity management. Includes pre-configured support for connecting to popular third-party services like GitHub, Salesforce, and Slack using standardized protocols.

Amazon Bedrock AgentCore Identity How It Works

• Core Security Components
  • Four components orchestrate security: The Agent Identity Directory is the source of truth for agent identities. The Agent Authorizer validates inbound requests. The Resource Credential Provider stores access configuration. The Resource Token Vault securely holds and retrieves OAuth tokens and API keys.
• Workload Identity Pattern
  • Agents are assigned distinct workload identities (not user impersonations) with Amazon Resource Names (ARNs), OAuth return URLs, and other metadata. This allows them to be managed, audited, and granted permissions as independent principals.
• Independent Request Verification
  • Every access attempt—whether inbound to an agent or outbound to a resource—is explicitly verified. The system does not rely on transitive trust, enforcing a zero-trust style model where each request must prove authorization.

Amazon Bedrock AgentCore Identity Implementation

• Getting Started Prerequisites
  • Requires an AWS account with Bedrock AgentCore access. For agents accessing user resources (e.g., GitHub, Google Calendar), you must register an OAuth application with that service to obtain client credentials.
• Key Implementation Steps

1. 1. Create Workload Identities: Define unique identities for your agents within the AgentCore Identity directory.

   2. Configure Inbound Authorizer: Set up a JWT authorizer to validate tokens from your identity provider (e.g., Amazon Cognito, Okta) for user requests.

   3. Add Credential Providers: Register providers for each external service (e.g., GitHub OAuth) your agent needs to access.

   4. Annotate Agent Tools: Use AgentCore SDK decorators like @requires_access_token in your Python tool code. This delegates token handling to the service.

   5. Deploy and Invoke: Deploy your agent. When invoked with a user’s JWT, it will automatically manage the authentication and credential flow to call external APIs.

Amazon Bedrock AgentCore Identity Integration

• AgentCore Runtime Integration
  • When hosting agents with AgentCore Runtime, the service automatically provisions and manages the agent’s workload identity, seamlessly integrating it with your chosen corporate identity provider.
• AgentCore Gateway Integration
  • When exposing tools via the Model Context Protocol (MCP) using AgentCore Gateway, AgentCore Identity handles authentication for both the incoming agent requests and the outgoing calls to the connected tools.
• Identity Provider Compatibility
  • Supports identity providers compatible with OAuth 2.0, OpenID Connect (OIDC), or API keys. This includes Amazon Cognito, Okta, Microsoft Entra ID, and custom providers.

Amazon Bedrock AgentCore Identity Security

• Credential Encryption & Isolation
  • All credentials in the Resource Token Vault are encrypted at rest and in transit using AWS KMS keys (AWS-managed or customer-managed). The vault enforces strict isolation, binding tokens to specific agent-user pairs to prevent cross-user access.
• Fine-Grained Access Control
  • Leverages AWS IAM for governance and permissions management. Policies can be applied at the agent identity level to enforce the principle of least privilege for accessing both AWS and external resources.
• Comprehensive Audit Trail
  • Integrates with AWS CloudTrail to log all identity-related events, including authentication attempts, credential usage, and policy evaluations. This provides a detailed audit trail for compliance and security reviews.

Amazon Bedrock AgentCore Identity Best Practices

• Enforce Least Privilege
  • Grant agent identities only the minimum permissions required for their specific tasks. Regularly audit and review the OAuth scopes and IAM policies attached to agent identities.
• Utilize the Managed Token Vault
  • Always store and retrieve OAuth tokens, API keys, and client secrets through the managed Resource Token Vault. Avoid hardcoding credentials in agent code or configuration files.
• Leverage SDK Annotations
  • Use the declarative annotations provided by the AgentCore SDK (e.g., @requires_access_token) to handle credential retrieval and injection. This reduces boilerplate code and minimizes the risk of security flaws in custom credential logic.

Amazon Bedrock AgentCore Identity Pricing

• Integrated Usage Pricing
  • There is no additional charge for using AgentCore Identity when it is utilized through Amazon Bedrock AgentCore Runtime or AgentCore Gateway. The cost is included in those services’ usage fees.
• Direct API Usage Pricing
  • For scenarios where the AgentCore Identity APIs are called directly outside of Runtime or Gateway, you pay based on a pay-per-use model, calculated on the number of requests to retrieve OAuth tokens or API keys.

Amazon Bedrock AgentCore Identity Cheat Sheet References:

https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity.html
https://aws.amazon.com/blogs/machine-learning/introducing-amazon-bedrock-agentcore-identity-securing-agentic-ai-at-scale/