Best practice rules for Amazon Bedrock AgentCore
- Configure Policy Engine for AgentCore Gateway
Ensure that a policy engine is configured on Amazon Bedrock AgentCore gateways to enforce guardrail policies on tool invocations.
- Cross-Service Confused Deputy Prevention for AgentCore
Ensure that IAM role trust policies used by Amazon Bedrock AgentCore include `aws:SourceArn` and `aws:SourceAccount` condition keys to prevent cross-service confused deputy attacks.
- Enable Authorization on AgentCore Gateways
Ensure that authorization is enabled on Amazon Bedrock AgentCore gateways to prevent unauthenticated access.
- Enable Authorization on AgentCore Runtime
Ensure that authorization is configured on Amazon Bedrock AgentCore runtimes to control access to agent invocations.
- Protect AgentCore Runtime with VPC
Ensure that Amazon Bedrock AgentCore runtimes are deployed within a Virtual Private Cloud (VPC) to isolate network traffic and restrict access to private resources.
- Require MMDSv2 for AgentCore Runtime
Ensure that Amazon Bedrock AgentCore runtimes require MicroVM Metadata Service Version 2 (MMDSv2) to protect against Server-Side Request Forgery (SSRF) attacks.
- Use Customer-Managed Keys to Encrypt AgentCore Gateways
Ensure that your Amazon Bedrock AgentCore gateways are encrypted with AWS KMS Customer-Managed Keys (CMKs) instead of service-managed AWS managed keys.
- Use Customer-Managed Keys to Encrypt AgentCore Memory
Ensure that your Amazon Bedrock AgentCore memory stores are encrypted with Customer-Managed Keys (CMKs) instead of AWS managed keys.